hxxps://team[.]hex[.]tech/t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 02:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://team.hex.tech/t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133545123931989941"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 4044	624	chrome.exe	89
PID 624 wrote to memory of 4044	624	chrome.exe	89
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 1488	624	chrome.exe	91
PID 624 wrote to memory of 4364	624	chrome.exe	92
PID 624 wrote to memory of 4364	624	chrome.exe	92
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93
PID 624 wrote to memory of 4600	624	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://team.hex.tech/t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe4,0x100,0x104,0xd8,0x108,0x7ff8f4479758,0x7ff8f4479768,0x7ff8f4479778
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3976 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 --field-trial-handle=1884,i,14835123289768103436,293667183900660493,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4684

Network

DNS

team.hex.tech

chrome.exe

Remote address:

8.8.8.8:53

Request

team.hex.tech

IN A

Response

team.hex.tech

IN CNAME

custom-tracking.salesloft.com

custom-tracking.salesloft.com

IN A

52.72.139.79

custom-tracking.salesloft.com

IN A

52.23.67.32

custom-tracking.salesloft.com

IN A

54.161.165.141
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
GET

https://team.hex.tech/t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653

chrome.exe

Remote address:

52.72.139.79:443

Request

GET /t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653 HTTP/2.0
host: team.hex.tech
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 10 Mar 2024 02:46:30 GMT
content-type: text/html
content-length: 145
location: https://app.salesloft.com/t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653
strict-transport-security: max-age=31536000; includeSubDomains
x-robots-tag: noindex
DNS

apps.identrust.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.17.179.205

a1952.dscq.akamai.net

IN A

96.17.179.184
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

chrome.exe

Remote address:

96.17.179.205:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sun, 10 Mar 2024 03:46:30 GMT
Date: Sun, 10 Mar 2024 02:46:30 GMT
Connection: keep-alive
DNS

79.139.72.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.139.72.52.in-addr.arpa

IN PTR

Response

79.139.72.52.in-addr.arpa

IN PTR

ec2-52-72-139-79 compute-1 amazonawscom
DNS

10.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f10�H
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=26354C04DAD46D5F0232583ADB6F6C00; domain=.bing.com; expires=Fri, 04-Apr-2025 02:46:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D26E1EC62E8F493284929D3508C56499 Ref B: LON04EDGE0810 Ref C: 2024-03-10T02:46:30Z
date: Sun, 10 Mar 2024 02:46:29 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=26354C04DAD46D5F0232583ADB6F6C00

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=dvspzWGtgJXgkMmby0t9Em_VKYU5vX9URv2TpyWkPfo; domain=.bing.com; expires=Fri, 04-Apr-2025 02:46:30 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BCAD4BE7B69E481E9C1DB6CAF060E1D6 Ref B: LON04EDGE0810 Ref C: 2024-03-10T02:46:30Z
date: Sun, 10 Mar 2024 02:46:29 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=26354C04DAD46D5F0232583ADB6F6C00; MSPTC=dvspzWGtgJXgkMmby0t9Em_VKYU5vX9URv2TpyWkPfo

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D9076E2B505A4D3EA8F57142C0220E54 Ref B: LON04EDGE0810 Ref C: 2024-03-10T02:46:30Z
date: Sun, 10 Mar 2024 02:46:29 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR
DNS

205.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.179.17.96.in-addr.arpa

IN PTR

Response

205.179.17.96.in-addr.arpa

IN PTR

a96-17-179-205deploystaticakamaitechnologiescom
DNS

205.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.179.17.96.in-addr.arpa

IN PTR
DNS

app.salesloft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

app.salesloft.com

IN A

Response

app.salesloft.com

IN A

3.68.0.68

app.salesloft.com

IN A

3.64.52.181

app.salesloft.com

IN A

3.70.43.222
DNS

68.0.68.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.0.68.3.in-addr.arpa

IN PTR

Response

68.0.68.3.in-addr.arpa

IN PTR

ec2-3-68-0-68eu-central-1compute amazonawscom
DNS

cdn-sdr.salesloft.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn-sdr.salesloft.com

IN A

Response

cdn-sdr.salesloft.com

IN CNAME

cdn-sdr.salesloft.com.cdn.cloudflare.net

cdn-sdr.salesloft.com.cdn.cloudflare.net

IN A

104.17.1.41

cdn-sdr.salesloft.com.cdn.cloudflare.net

IN A

104.17.67.65
GET

https://cdn-sdr.salesloft.com/styles-63bb4f691a72e3b0-v1.css

chrome.exe

Remote address:

104.17.1.41:443

Request

GET /styles-63bb4f691a72e3b0-v1.css HTTP/2.0
host: cdn-sdr.salesloft.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://app.salesloft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 10 Mar 2024 02:46:32 GMT
content-type: text/css
x-amz-id-2: S6KtgO37PLV5RlP5ffWDKOCHfriXvBb2Vwm+FdWcBPGs3Q0Q9JcYNatUU9RCzojreDYKG83KSUU=
x-amz-request-id: 11KJSBGV9K86MNRC
cache-control: public, max-age=86400
last-modified: Fri, 08 Mar 2024 21:57:44 GMT
etag: W/"763bcea6748c817c12e1233422fa422f"
cf-cache-status: HIT
age: 17019
expires: Mon, 11 Mar 2024 02:46:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 861ff994afab3db2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

41.1.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.1.17.104.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
GET

https://cdn-sdr.salesloft.com/assets/fonts/proxima-nova-400-22a2c8bae6785757.woff2

chrome.exe

Remote address:

104.17.1.41:443

Request

GET /assets/fonts/proxima-nova-400-22a2c8bae6785757.woff2 HTTP/2.0
host: cdn-sdr.salesloft.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://app.salesloft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://cdn-sdr.salesloft.com/styles-63bb4f691a72e3b0-v1.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 10 Mar 2024 02:46:33 GMT
content-type: font/woff2
content-length: 21824
x-amz-id-2: fsA5WSoBLuujrXiqFDho25jl9JlpBpjgJHvwY3m8N1Tg6jzCL+7ITdA9MY4N0HrADzZTUT+dmak=
x-amz-request-id: G74XCGQSW5MQHJN7
cache-control: public, max-age=86400
last-modified: Tue, 28 Nov 2023 01:17:34 GMT
etag: "ed723eff0e7a48ca38888d304625969e"
cf-cache-status: HIT
age: 18968
expires: Mon, 11 Mar 2024 02:46:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 861ff99afb8571c6-LHR
alt-svc: h3=":443"; ma=86400
GET

https://cdn-sdr.salesloft.com/assets/fonts/proxima-nova-600-dc4e7cbc9cbad6fd.woff2

chrome.exe

Remote address:

104.17.1.41:443

Request

GET /assets/fonts/proxima-nova-600-dc4e7cbc9cbad6fd.woff2 HTTP/2.0
host: cdn-sdr.salesloft.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://app.salesloft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://cdn-sdr.salesloft.com/styles-63bb4f691a72e3b0-v1.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 10 Mar 2024 02:46:33 GMT
content-type: font/woff2
content-length: 21764
x-amz-id-2: 6ZyNrSIfvD8MylA3ScV6vfUpNpTWS/K2DmeFdcGg8TchZVcUp7yCoVDMp6ttg7Zt/xLiCxADyJk=
x-amz-request-id: YH78F0SMT531YWZC
cache-control: public, max-age=86400
last-modified: Fri, 10 Nov 2023 23:15:57 GMT
etag: "544dd647c869224a722f87638ebd245e"
cf-cache-status: HIT
age: 72057
expires: Mon, 11 Mar 2024 02:46:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 861ff99afb8771c6-LHR
alt-svc: h3=":443"; ma=86400
DNS

js-agent.newrelic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

js-agent.newrelic.com

IN A

Response

js-agent.newrelic.com

IN CNAME

dualstack.k.sni.global.fastly.net

dualstack.k.sni.global.fastly.net

IN A

151.101.2.137

dualstack.k.sni.global.fastly.net

IN A

151.101.66.137

dualstack.k.sni.global.fastly.net

IN A

151.101.130.137

dualstack.k.sni.global.fastly.net

IN A

151.101.194.137
GET

https://js-agent.newrelic.com/nr-spa-1216.min.js

chrome.exe

Remote address:

151.101.2.137:443

Request

GET /nr-spa-1216.min.js HTTP/2.0
host: js-agent.newrelic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://app.salesloft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: hf8l1AdxIC6O0xAMX7wsu5VfwuD8Z8XAzbN/HU7G5FKaHRDHBHNdQFJmrY1HhBlnbrDqpkTcCVY=
x-amz-request-id: 9WD2A72QGV2F3D6B
last-modified: Wed, 18 Oct 2023 21:31:16 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
x-amz-version-id: MElzWumrf8lREc3kORDlSWHVtEZAK4m8
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
content-encoding: br
accept-ranges: bytes
date: Sun, 10 Mar 2024 02:46:36 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600038-LCY
x-cache: HIT
x-cache-hits: 592069
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=300
content-length: 19141
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR

Response
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR
DNS

bam.eu01.nr-data.net

chrome.exe

Remote address:

8.8.8.8:53

Request

bam.eu01.nr-data.net

IN A

Response

bam.eu01.nr-data.net

IN CNAME

bam-eu01.cell.eu.nr-data.net

bam-eu01.cell.eu.nr-data.net

IN CNAME

fastly-tls12-bam.eu01.nr-data.net

fastly-tls12-bam.eu01.nr-data.net

IN A

185.221.87.23
POST

https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=17389&ck=1&ref=https://app.salesloft.com/unsubscribe

chrome.exe

Remote address:

185.221.87.23:443

Request

POST /events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=17389&ck=1&ref=https://app.salesloft.com/unsubscribe HTTP/1.1
Host: bam.eu01.nr-data.net
Connection: keep-alive
Content-Length: 68
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://app.salesloft.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://app.salesloft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=1458be7cdc7ac8bd

Response

HTTP/1.1 200

Connection: keep-alive
Content-Length: 24
date: Sun, 10 Mar 2024 02:46:46 GMT
content-type: image/gif
access-control-allow-origin: https://app.salesloft.com
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
x-served-by: cache-lcy-eglc8600071-LCY
POST

https://bam.eu01.nr-data.net/jserrors/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=68233&ck=1&ref=https://app.salesloft.com/unsubscribe

chrome.exe

Remote address:

185.221.87.23:443

Request

POST /jserrors/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=68233&ck=1&ref=https://app.salesloft.com/unsubscribe HTTP/1.1
Host: bam.eu01.nr-data.net
Connection: keep-alive
Content-Length: 572
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://app.salesloft.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://app.salesloft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=1458be7cdc7ac8bd

Response

HTTP/1.1 200

Connection: keep-alive
Content-Length: 24
date: Sun, 10 Mar 2024 02:47:36 GMT
content-type: image/gif
access-control-allow-origin: https://app.salesloft.com
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
x-served-by: cache-lcy-eglc8600071-LCY
POST

https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=77420&ck=1&ref=https://app.salesloft.com/unsubscribe

chrome.exe

Remote address:

185.221.87.23:443

Request

POST /events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=77420&ck=1&ref=https://app.salesloft.com/unsubscribe HTTP/1.1
Host: bam.eu01.nr-data.net
Connection: keep-alive
Content-Length: 115
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://app.salesloft.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://app.salesloft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=1458be7cdc7ac8bd

Response

HTTP/1.1 200

Connection: close
Content-Length: 24
date: Sun, 10 Mar 2024 02:47:46 GMT
content-type: image/gif
access-control-allow-origin: https://app.salesloft.com
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
x-served-by: cache-lcy-eglc8600071-LCY
GET

https://bam.eu01.nr-data.net/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=7382&ck=1&ref=https://app.salesloft.com/unsubscribe&be=3310&fe=4809&dc=3917&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1710038787355,%22n%22:0,%22f%22:3192,%22dn%22:3192,%22dne%22:3192,%22c%22:3192,%22ce%22:3192,%22rq%22:3182,%22rp%22:3240,%22rpe%22:3298,%22dl%22:3277,%22di%22:3917,%22ds%22:3917,%22de%22:3917,%22dc%22:4808,%22l%22:4808,%22le%22:4810%7D,%22navigation%22:%7B%7D%7D&fp=4022&fcp=4022&jsonp=NREUM.setToken

chrome.exe

Remote address:

185.221.87.23:443

Request

GET /1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=7382&ck=1&ref=https://app.salesloft.com/unsubscribe&be=3310&fe=4809&dc=3917&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1710038787355,%22n%22:0,%22f%22:3192,%22dn%22:3192,%22dne%22:3192,%22c%22:3192,%22ce%22:3192,%22rq%22:3182,%22rp%22:3240,%22rpe%22:3298,%22dl%22:3277,%22di%22:3917,%22ds%22:3917,%22de%22:3917,%22dc%22:4808,%22l%22:4808,%22le%22:4810%7D,%22navigation%22:%7B%7D%7D&fp=4022&fcp=4022&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://app.salesloft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

Connection: keep-alive
Content-Length: 56
date: Sun, 10 Mar 2024 02:46:36 GMT
content-type: text/javascript
server: istio-envoy
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: Date
timing-allow-origin: *
set-cookie: JSESSIONID=1458be7cdc7ac8bd; Path=/; Domain=.nr-data.net; Secure; SameSite=None
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 2
x-served-by: cache-lcy-eglc8600052-LCY
POST

https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=8224&ck=1&ref=https://app.salesloft.com/unsubscribe

chrome.exe

Remote address:

185.221.87.23:443

Request

POST /events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=8224&ck=1&ref=https://app.salesloft.com/unsubscribe HTTP/1.1
Host: bam.eu01.nr-data.net
Connection: keep-alive
Content-Length: 171
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://app.salesloft.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://app.salesloft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=1458be7cdc7ac8bd

Response

HTTP/1.1 200

Connection: close
Content-Length: 24
date: Sun, 10 Mar 2024 02:46:36 GMT
content-type: image/gif
access-control-allow-origin: https://app.salesloft.com
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
x-served-by: cache-lcy-eglc8600052-LCY
DNS

226.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.20.18.104.in-addr.arpa

IN PTR

Response
DNS

23.87.221.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.87.221.185.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

81.171.91.138.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.171.91.138.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

209.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.178.17.96.in-addr.arpa

IN PTR

Response

209.178.17.96.in-addr.arpa

IN PTR

a96-17-178-209deploystaticakamaitechnologiescom
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 208770
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E5291A83F05743E5B753C2DE1011FF2A Ref B: LON04EDGE1108 Ref C: 2024-03-10T02:48:06Z
date: Sun, 10 Mar 2024 02:48:05 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301446_1EN88Z1GJDY90F0IF&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301446_1EN88Z1GJDY90F0IF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 350429
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EED322446137499899B13EF7AF168592 Ref B: LON04EDGE1108 Ref C: 2024-03-10T02:48:06Z
date: Sun, 10 Mar 2024 02:48:05 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 220221
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 463279574573493E872D5BD36C8CA8FB Ref B: LON04EDGE1108 Ref C: 2024-03-10T02:48:06Z
date: Sun, 10 Mar 2024 02:48:05 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301171_1NGPNIQ68LQQ3GSOB&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301171_1NGPNIQ68LQQ3GSOB&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 344167
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C06D8695D6F44406A9D3678F313EC6F8 Ref B: LON04EDGE1108 Ref C: 2024-03-10T02:48:06Z
date: Sun, 10 Mar 2024 02:48:05 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301013_1R2AO9YZ4I5BGB4K2&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301013_1R2AO9YZ4I5BGB4K2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 270754
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BC39FA5DDE4C4359B5FBC5225E129130 Ref B: LON04EDGE1108 Ref C: 2024-03-10T02:48:06Z
date: Sun, 10 Mar 2024 02:48:05 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301580_1F1XSUIT7JJ8XLYPA&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301580_1F1XSUIT7JJ8XLYPA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 205233
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4EB13F64440E427C9A59AA4427DAE1BE Ref B: LON04EDGE1108 Ref C: 2024-03-10T02:48:07Z
date: Sun, 10 Mar 2024 02:48:06 GMT
POST

https://bam.eu01.nr-data.net/jserrors/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=128247&ck=1&ref=https://app.salesloft.com/unsubscribe

chrome.exe

Remote address:

185.221.87.23:443

Request

POST /jserrors/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=128247&ck=1&ref=https://app.salesloft.com/unsubscribe HTTP/1.1
Host: bam.eu01.nr-data.net
Connection: keep-alive
Content-Length: 693
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://app.salesloft.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://app.salesloft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=1458be7cdc7ac8bd

Response

HTTP/1.1 200

Connection: keep-alive
Content-Length: 24
date: Sun, 10 Mar 2024 02:48:38 GMT
content-type: image/gif
access-control-allow-origin: https://app.salesloft.com
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-credentials: true
x-served-by: cache-lcy-eglc8600023-LCY

52.72.139.79:443

https://team.hex.tech/t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653

tls, http2

chrome.exe

2.6kB
5.8kB
16
14

HTTP Request

GET https://team.hex.tech/t/107712/opt_out/b5ed9d22-8426-4f20-bd06-7b17474de653

HTTP Response

302
96.17.179.205:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

chrome.exe

520 B
1.7kB
8
6

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=

tls, http2

2.0kB
9.2kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=34cdc13438b646d4b89a2496ba2d8a01&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=

HTTP Response

204
3.68.0.68:443

app.salesloft.com

tls

chrome.exe

3.1kB
46.3kB
32
46
104.17.1.41:443

cdn-sdr.salesloft.com

tls, http2

chrome.exe

1.1kB
1.6kB
11
7
104.17.1.41:443

https://cdn-sdr.salesloft.com/styles-63bb4f691a72e3b0-v1.css

tls, http2

chrome.exe

5.9kB
182.0kB
104
144

HTTP Request

GET https://cdn-sdr.salesloft.com/styles-63bb4f691a72e3b0-v1.css

HTTP Response

200
104.17.1.41:443

https://cdn-sdr.salesloft.com/assets/fonts/proxima-nova-600-dc4e7cbc9cbad6fd.woff2

tls, http2

chrome.exe

4.2kB
52.3kB
49
51

HTTP Request

GET https://cdn-sdr.salesloft.com/assets/fonts/proxima-nova-400-22a2c8bae6785757.woff2

HTTP Request

GET https://cdn-sdr.salesloft.com/assets/fonts/proxima-nova-600-dc4e7cbc9cbad6fd.woff2

HTTP Response

200

HTTP Response

200
151.101.2.137:443

js-agent.newrelic.com

tls

chrome.exe

1.6kB
5.6kB
12
11
151.101.2.137:443

https://js-agent.newrelic.com/nr-spa-1216.min.js

tls, http2

chrome.exe

2.3kB
26.3kB
26
29

HTTP Request

GET https://js-agent.newrelic.com/nr-spa-1216.min.js

HTTP Response

200
185.221.87.23:443

https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=77420&ck=1&ref=https://app.salesloft.com/unsubscribe

tls, http

chrome.exe

5.4kB
2.7kB
17
16

HTTP Request

POST https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=17389&ck=1&ref=https://app.salesloft.com/unsubscribe

HTTP Response

200

HTTP Request

POST https://bam.eu01.nr-data.net/jserrors/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=68233&ck=1&ref=https://app.salesloft.com/unsubscribe

HTTP Response

200

HTTP Request

POST https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=77420&ck=1&ref=https://app.salesloft.com/unsubscribe

HTTP Response

200
185.221.87.23:443

https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=8224&ck=1&ref=https://app.salesloft.com/unsubscribe

tls, http

chrome.exe

3.3kB
5.8kB
14
13

HTTP Request

GET https://bam.eu01.nr-data.net/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=7382&ck=1&ref=https://app.salesloft.com/unsubscribe&be=3310&fe=4809&dc=3917&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1710038787355,%22n%22:0,%22f%22:3192,%22dn%22:3192,%22dne%22:3192,%22c%22:3192,%22ce%22:3192,%22rq%22:3182,%22rp%22:3240,%22rpe%22:3298,%22dl%22:3277,%22di%22:3917,%22ds%22:3917,%22de%22:3917,%22dc%22:4808,%22l%22:4808,%22le%22:4810%7D,%22navigation%22:%7B%7D%7D&fp=4022&fcp=4022&jsonp=NREUM.setToken

HTTP Response

200

HTTP Request

POST https://bam.eu01.nr-data.net/events/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=8224&ck=1&ref=https://app.salesloft.com/unsubscribe

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.6kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.6kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.6kB
18
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301580_1F1XSUIT7JJ8XLYPA&pid=21.2&w=1080&h=1920&c=4

tls, http2

62.6kB
1.7MB
1217
1210

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301446_1EN88Z1GJDY90F0IF&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301171_1NGPNIQ68LQQ3GSOB&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301013_1R2AO9YZ4I5BGB4K2&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301580_1F1XSUIT7JJ8XLYPA&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.6kB
18
14
185.221.87.23:443

bam.eu01.nr-data.net

tls

chrome.exe

835 B
631 B
5
4
185.221.87.23:443

https://bam.eu01.nr-data.net/jserrors/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=128247&ck=1&ref=https://app.salesloft.com/unsubscribe

tls, http

chrome.exe

2.5kB
1.4kB
9
5

HTTP Request

POST https://bam.eu01.nr-data.net/jserrors/1/NRJS-ce5e8daad3227b82ed8?a=212444329&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=128247&ck=1&ref=https://app.salesloft.com/unsubscribe

HTTP Response

200

8.8.8.8:53

team.hex.tech

dns

chrome.exe

59 B
150 B
1
1

DNS Request

team.hex.tech

DNS Response

52.72.139.79

52.23.67.32

54.161.165.141
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

apps.identrust.com

dns

chrome.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.17.179.205

96.17.179.184
8.8.8.8:53

79.139.72.52.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

79.139.72.52.in-addr.arpa
8.8.8.8:53

10.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

10.213.58.216.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

146 B
106 B
2
1

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

205.179.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

205.179.17.96.in-addr.arpa

DNS Request

205.179.17.96.in-addr.arpa
8.8.8.8:53

app.salesloft.com

dns

chrome.exe

63 B
111 B
1
1

DNS Request

app.salesloft.com

DNS Response

3.68.0.68

3.64.52.181

3.70.43.222
8.8.8.8:53

68.0.68.3.in-addr.arpa

dns

68 B
130 B
1
1

DNS Request

68.0.68.3.in-addr.arpa
8.8.8.8:53

cdn-sdr.salesloft.com

dns

chrome.exe

67 B
153 B
1
1

DNS Request

cdn-sdr.salesloft.com

DNS Response

104.17.1.41

104.17.67.65
104.17.1.41:443

cdn-sdr.salesloft.com

https

chrome.exe

12.1kB
15.7kB
16
20
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

41.1.17.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

41.1.17.104.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

js-agent.newrelic.com

dns

chrome.exe

67 B
178 B
1
1

DNS Request

js-agent.newrelic.com

DNS Response

151.101.2.137

151.101.66.137

151.101.130.137

151.101.194.137
8.8.8.8:53

137.2.101.151.in-addr.arpa

dns

144 B
132 B
2
1

DNS Request

137.2.101.151.in-addr.arpa

DNS Request

137.2.101.151.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

217.106.137.52.in-addr.arpa

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

bam.eu01.nr-data.net

dns

chrome.exe

66 B
144 B
1
1

DNS Request

bam.eu01.nr-data.net

DNS Response

185.221.87.23
8.8.8.8:53

226.20.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.20.18.104.in-addr.arpa
8.8.8.8:53

23.87.221.185.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

23.87.221.185.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

81.171.91.138.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

81.171.91.138.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

144 B
292 B
2
2

DNS Request

157.123.68.40.in-addr.arpa

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

171.39.242.20.in-addr.arpa

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

217.135.221.88.in-addr.arpa

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

209.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.178.17.96.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

26.35.223.20.in-addr.arpa

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

186 B
173 B
3
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
0449a08dbfb1395033e5f2e8fd34fb6d

SHA1
3d3375eb19da53590dfd1d493a1b455bbd1dcbd3

SHA256
5bc231b2f29145810c3b1d97f16fdccc7a9e9691e2acf218512244aea542f2dc

SHA512
b5c3832b73a71afdbfe39abe2264152b08f3166eedfdfd37d5d91186d5012489b9c08b92ac6a44e70bb9179a3ce1652d147ccfd61deecfef4a8ef3388ef0f49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d405b26a963b3c73a7726eb4ef036dab

SHA1
0e5f1dd1138f4dd12e74f48925c526defdc49f48

SHA256
7f79aa3b871584ab36b5032808867f442c8ba3a9aacff5c928245e34253c1ddc

SHA512
877fd5b88a08bf3f30db7a20ea4e83367a340d06792c736f8d8847b867044dd3a11874738f795a8d9ee90cf8b118f09f3cee613bc4f73e522778a1df4253cb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c8e4b473c4addcde76248a24d37a3552

SHA1
0341ab14059389ed0102cba797f085373f83f90b

SHA256
a5e954ae8de3b34bd82276210619335d321a573ace1bdab245dc202c8c1209dc

SHA512
e01fc71845487ff18635bea133a3cd895db6f31df584fdab42366e8a08feab6b22a5d9a843116a44c258a45005e282e5abdcb694203825ef3de421e72db4678b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b3c154c91931100a28d68ab15c6fc0d

SHA1
8d85cfcdcaf7a16e063bb221369cadf73b241b8b

SHA256
cd63672d97948a3a97287bd2361551775ad3d6b36e2378d8d91ff6b6e7df1313

SHA512
6fba586f39fedf5d59a5837226f86c30ee61add64d84e9456692828aa08034fcc5f6af59be31c5efdad68a7f3e113e70e725609f0e5751fd1658f2f969e69afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e542196a1329b56e2b5ebc9aec47dd08

SHA1
66d221264be472a144509f5c0d2c57dec83ccffb

SHA256
d0ca11fc04a43c1380b696eff7cc66aa9bf418e315f9a61f9e2dc96a0a3324cd

SHA512
6dbd856e796ccc30d982743d4d3ad170b3099ea725adfe6f358e1712352112c20969a0c257b24763189aad0673fac5bfececd6f5cf977571d715631ec0167ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request