bb596bf7474941c03af2c33a64800d93456baa25c0622ce251e2910aec6f0ae1

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 06:07 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

magiceden.io/about.html
Size

57KB
MD5

ea703f24dc4edcb8147b4bf5b40565a5
SHA1

bf0d519f39903e8a9d21ca14dc5536ff7e24899e
SHA256

695351214fdc6b7bb1af341a87422a9535a59d30e7529b3787400b9bc6d61f99
SHA512

f4b89f8f62f5d20bd02137322dc666f23fac36eecff42a76d884a9655656ba1b5e3ae62fb61b10c6330318a02ff6b16c005598f225956767a53a94173daf73c5
SSDEEP

384:6HvfWHL7xwh0k6+5SNic15eZcTQj545e2nYroWz5ebaRGh7O5eAdup+gx5e9gfMr:6HX0J0TONwXKl13m4Y0MCmd4OQSOhqt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
1264	msedge.exe
1264	msedge.exe
3044	identity_helper.exe
3044	identity_helper.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 736	1264	msedge.exe	84
PID 1264 wrote to memory of 736	1264	msedge.exe	84
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 4892	1264	msedge.exe	85
PID 1264 wrote to memory of 3932	1264	msedge.exe	86
PID 1264 wrote to memory of 3932	1264	msedge.exe	86
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87
PID 1264 wrote to memory of 2848	1264	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\magiceden.io\about.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff60dd46f8,0x7fff60dd4708,0x7fff60dd4718
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10172006504625414365,11516805698879160631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

Network

DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

next.cdn.magiceden.dev

msedge.exe

Remote address:

8.8.8.8:53

Request

next.cdn.magiceden.dev

IN A

Response

next.cdn.magiceden.dev

IN A

18.66.171.16

next.cdn.magiceden.dev

IN A

18.66.171.118

next.cdn.magiceden.dev

IN A

18.66.171.124

next.cdn.magiceden.dev

IN A

18.66.171.49
DNS

bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link

msedge.exe

Remote address:

8.8.8.8:53

Request

bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link

IN A

Response

bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link

IN A

104.18.41.40

bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link

IN A

172.64.146.216
GET

https://bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link/

msedge.exe

Remote address:

104.18.41.40:443

Request

GET / HTTP/2.0
host: bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 12 Jul 2024 06:10:05 GMT
content-type: image/png
content-length: 2211281
cf-ray: 8a1ede3eff70bd7e-LHR
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 669473
cache-control: public, max-age=29030400
etag: "bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi"
expires: Fri, 13 Jun 2025 06:10:05 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Link
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://polygon-rpc.com https://rpc.testnet.fantom.network ; form-action 'self'; navigate-to 'self'; connect-src 'self' blob: data: https://*.w3s.link https://*.nftstorage.link https://*.dweb.link https://ipfs.io/ipfs/ https://*.githubusercontent.com https://polygon-rpc.com https://rpc.testnet.fantom.network ; report-to csp-endpoint ; report-uri https://csp-report-to.web3.storage
reporting-endpoints: csp-endpoint="https://csp-report-to.web3.storage"
server-timing: request;dur=139
x-dotstorage-resolution-id: cache-zone
x-dotstorage-resolution-layer: cdn
x-freeway-version: 2.19.0
server: cloudflare
GET

https://next.cdn.magiceden.dev/_next/static/css/c3fd688f830249f2.css

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/css/c3fd688f830249f2.css HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/css
last-modified: Fri, 05 Jul 2024 18:51:18 GMT
x-amz-expiration: expiry-date="Mon, 05 Aug 2024 00:00:00 GMT", rule-id="nextjs_bucket_lifecycle"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: br
date: Fri, 12 Jul 2024 06:10:05 GMT
etag: W/"a053180001268f0252bc65ef596e97d6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: imDvaAXkN5Dhtpd0fnHfNJiYehgzhI5BsUgika22heXCPIH3gMaajQ==
age: 38458
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/css/e9ad05a52055405d.css

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/css/e9ad05a52055405d.css HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 12 Jul 2024 06:10:05 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 1A5Rw0RHl2ehFwO57jWCbvsJoQcKq1bv8TfpSLxNo-IGZ-4GmEM3WA==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/chunks/webpack-56df30c94f647765.js

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/chunks/webpack-56df30c94f647765.js HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 12 Jul 2024 06:10:05 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: UF3jLNTakpbFwr1dE5khPh9suPWK0882ltF52KU96u_fmPQVbkPbzQ==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/chunks/framework-2c9525fd51e79e3a.js

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/chunks/framework-2c9525fd51e79e3a.js HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 12 Jul 2024 06:10:05 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: ATrKNNHZqKPgq519kHQVO8feXMece8Jxoh_CAzHitF4db25PWK3Bdg==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/chunks/main-fd83a9c76c3b700c.js

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/chunks/main-fd83a9c76c3b700c.js HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript
date: Fri, 12 Jul 2024 06:10:06 GMT
last-modified: Wed, 26 Jun 2024 22:24:53 GMT
x-amz-expiration: expiry-date="Sat, 27 Jul 2024 00:00:00 GMT", rule-id="nextjs_bucket_lifecycle"
etag: W/"cab79c31c779721f9d0b59df9b55920f"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: SmltnxZmCH4EaYwa5dxuQd-tFW4ZLhD2ASeyP38HZSgzOOpUxK0ZsQ==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/chunks/pages/_app-67c6486161cc23a6.js

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/chunks/pages/_app-67c6486161cc23a6.js HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript
date: Fri, 12 Jul 2024 06:10:06 GMT
last-modified: Fri, 28 Jun 2024 20:38:13 GMT
x-amz-expiration: expiry-date="Mon, 29 Jul 2024 00:00:00 GMT", rule-id="nextjs_bucket_lifecycle"
etag: W/"4348f1bf5c8693a6ab02f8eba2468f29"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: VhbhIbE-5rMyjI8En8QegFWeTbNTwAWs8GIcJ5k_MrB1AyNlxWrfsw==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/chunks/pages/about-d0e7cc7dd63f530f.js

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/chunks/pages/about-d0e7cc7dd63f530f.js HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 12 Jul 2024 06:10:05 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: qqZf-5baUvSP4qtxYn1WOYnnSNDyKWxVYLEasB9wToDvPyDlxMkN-w==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/Vd3sd72IlUnhImhcp2sO4/_buildManifest.js

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/Vd3sd72IlUnhImhcp2sO4/_buildManifest.js HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 12 Jul 2024 06:10:05 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: DSnNkErlOFhVzaysYXW7jn3GHBmvhkr65PqhFLC1eKrek8bEK2KblQ==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/Vd3sd72IlUnhImhcp2sO4/_ssgManifest.js

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/Vd3sd72IlUnhImhcp2sO4/_ssgManifest.js HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 12 Jul 2024 06:10:05 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: CydfZjgIT5tpDPQiq_Rbv2E1FsLzswS15L8F8kVesTdaA_C5C31lWQ==
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/media/intro-shapes.6c1d9699.svg

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/media/intro-shapes.6c1d9699.svg HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://next.cdn.magiceden.dev/_next/static/css/e9ad05a52055405d.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml
date: Thu, 11 Jul 2024 19:29:08 GMT
last-modified: Thu, 11 Jul 2024 19:10:45 GMT
x-amz-expiration: expiry-date="Sun, 11 Aug 2024 00:00:00 GMT", rule-id="nextjs_bucket_lifecycle"
etag: W/"118dff4fdfdfe15612e036fa3151ad8d"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Xx2-9pyDi2u27S1CDAaeCO7_MrzybRXGKGqTYHAQT4vAQc_gKVlVPQ==
age: 38457
cache-control: public, max-age=604800
vary: Origin
GET

https://next.cdn.magiceden.dev/_next/static/media/logo_full_2.0e53796e.svg

msedge.exe

Remote address:

18.66.171.16:443

Request

GET /_next/static/media/logo_full_2.0e53796e.svg HTTP/2.0
host: next.cdn.magiceden.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml
last-modified: Tue, 09 Jul 2024 08:47:31 GMT
x-amz-expiration: expiry-date="Fri, 09 Aug 2024 00:00:00 GMT", rule-id="nextjs_bucket_lifecycle"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: gzip
date: Thu, 11 Jul 2024 11:31:53 GMT
etag: W/"b18a64f3296cce1936acd0247234c286"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 829a3633018c90dc0775b2673d6bada4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: OWHdWloBpdwtAY9AwUO-MwKXBx5R07Qf948uASfzNSnFe9nSYTy_SQ==
age: 67093
cache-control: public, max-age=604800
vary: Origin
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H
DNS

40.41.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.41.18.104.in-addr.arpa

IN PTR

Response
DNS

16.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.171.66.18.in-addr.arpa

IN PTR

Response

16.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-16dub56r cloudfrontnet
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

88.221.134.137

a1952.dscq.akamai.net

IN A

88.221.135.104
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

88.221.134.137:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 12 Jul 2024 07:10:05 GMT
Date: Fri, 12 Jul 2024 06:10:05 GMT
Connection: keep-alive
DNS

137.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.134.221.88.in-addr.arpa

IN PTR

Response

137.134.221.88.in-addr.arpa

IN PTR

a88-221-134-137deploystaticakamaitechnologiescom
DNS

76.140.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.140.162.3.in-addr.arpa

IN PTR

Response

76.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-76dub56r cloudfrontnet
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

192.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.142.123.92.in-addr.arpa

IN PTR

Response

192.142.123.92.in-addr.arpa

IN PTR

a92-123-142-192deploystaticakamaitechnologiescom
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

14.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.173.189.20.in-addr.arpa

IN PTR

Response

104.18.41.40:443

https://bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link/

tls, http2

msedge.exe

39.6kB
2.3MB
837
1655

HTTP Request

GET https://bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link/

HTTP Response

200
18.66.171.16:443

https://next.cdn.magiceden.dev/_next/static/media/logo_full_2.0e53796e.svg

tls, http2

msedge.exe

6.3kB
98.4kB
94
102

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/css/c3fd688f830249f2.css

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/css/e9ad05a52055405d.css

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/chunks/webpack-56df30c94f647765.js

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/chunks/framework-2c9525fd51e79e3a.js

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/chunks/main-fd83a9c76c3b700c.js

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/chunks/pages/_app-67c6486161cc23a6.js

HTTP Response

200

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/chunks/pages/about-d0e7cc7dd63f530f.js

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/Vd3sd72IlUnhImhcp2sO4/_buildManifest.js

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/Vd3sd72IlUnhImhcp2sO4/_ssgManifest.js

HTTP Response

403

HTTP Response

403

HTTP Response

403

HTTP Response

200

HTTP Response

200

HTTP Response

403

HTTP Response

403

HTTP Response

403

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/media/intro-shapes.6c1d9699.svg

HTTP Request

GET https://next.cdn.magiceden.dev/_next/static/media/logo_full_2.0e53796e.svg

HTTP Response

200

HTTP Response

200
18.66.171.16:443

next.cdn.magiceden.dev

tls, http2

msedge.exe

1.1kB
6.2kB
11
11
18.66.171.16:443

next.cdn.magiceden.dev

tls, http2

msedge.exe

1.1kB
6.2kB
11
11
18.66.171.16:443

next.cdn.magiceden.dev

tls, http2

msedge.exe

1.1kB
6.2kB
11
11
18.66.171.16:443

next.cdn.magiceden.dev

tls, http2

msedge.exe

1.1kB
6.2kB
11
11
18.66.171.16:443

next.cdn.magiceden.dev

tls

msedge.exe

1.0kB
6.1kB
10
10
88.221.134.137:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

468 B
1.7kB
7
6

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200

8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

next.cdn.magiceden.dev

dns

msedge.exe

68 B
132 B
1
1

DNS Request

next.cdn.magiceden.dev

DNS Response

18.66.171.16

18.66.171.118

18.66.171.124

18.66.171.49
8.8.8.8:53

bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link

dns

msedge.exe

126 B
158 B
1
1

DNS Request

bafybeif4hxe2fvcd5nn2imj6tbs77oieqweklq3hpnrjzarcncqcv74swi.ipfs.nftstorage.link

DNS Response

104.18.41.40

172.64.146.216
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

40.41.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

40.41.18.104.in-addr.arpa
8.8.8.8:53

16.171.66.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

16.171.66.18.in-addr.arpa
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

88.221.134.137

88.221.135.104
8.8.8.8:53

137.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

137.134.221.88.in-addr.arpa
8.8.8.8:53

76.140.162.3.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

76.140.162.3.in-addr.arpa
224.0.0.251:5353

394 B
6
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

192.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

192.142.123.92.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

14.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\85a898ee-c118-4b56-a458-341a5f1e4fd8.tmp

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
328B

MD5
6d2b3268ca56b34f5608100107e0d24a

SHA1
9c8c97a7c62fa8ad56785369e496a1aae65cd445

SHA256
283d45af35139ccbf945f4920a17a33dcb445dfb3f60485a89266d8d697aa7af

SHA512
2296893557bd60ea871f247e5d666fc5b84f416a2007150f0d42177a6e8f3ab01eec43f5533307f18af5eb59ab9074185005994063340de68ef3d3cb73240be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e5f2b00b5b823ed776a9918e42a7c38

SHA1
2cf639ada297804eed60341d10f2fd924f367e67

SHA256
a035ac0e0d48d2c1f5d8768e6754b66047d1297c314a9ee20c0fd0fa04e52c4b

SHA512
b871fe14f964465297ae66f9d87027e7d5af8d705080f8da7d2c4eb8da23800dc25d42f631002399ff96e811d68a4e8624602f4b373a0e7148d9a5fac6ec504e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cf07305d5a656da2de3ff0cb339c1f2

SHA1
5e891945dd05243ff7acb54b027362be5df5b484

SHA256
f0be7f569a6716e353623614dcb909172d512d6148448a53f16d88d03c4d84bc

SHA512
b9d54d3025a70c86c3ed794ae1ee2eee22d3392a5c06d176f20f5e4f00b8cb43a0e2d4c80db41cd67104e89a897d0847ee3bc59f959fffc5057c52d2ead77af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
521172e8ec79cd7406ff17fe4085a281

SHA1
2970a28c751e0f93f39cdc2ef7f690b5d143f7b4

SHA256
bd507d29b598ce24937a6ee4f16ac8b947ae927c1f048d5027571744bc59b1eb

SHA512
5be36d454d094504e159d06351365b36bc2d299a5c09c40272107ad471d1735f6f2809d5e92ad1a8b9d034889a988f9b02c0e85cb2a73234ed7318bb82e0e361

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.