hxxp://cheezit[.]xyz

Analysis

max time kernel
289s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 09:11 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cheezit.xyz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
3120	msedge.exe
3120	msedge.exe
3696	identity_helper.exe
3696	identity_helper.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 4088	3120	msedge.exe	85
PID 3120 wrote to memory of 4088	3120	msedge.exe	85
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2468	3120	msedge.exe	86
PID 3120 wrote to memory of 2300	3120	msedge.exe	87
PID 3120 wrote to memory of 2300	3120	msedge.exe	87
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88
PID 3120 wrote to memory of 2304	3120	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cheezit.xyz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a6f46f8,0x7ff90a6f4708,0x7ff90a6f4718
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

Network

DNS

cheezit.xyz

msedge.exe

Remote address:

8.8.8.8:53

Request

cheezit.xyz

IN A

Response

cheezit.xyz

IN A

104.21.86.187

cheezit.xyz

IN A

172.67.223.186
GET

http://cheezit.xyz/

msedge.exe

Remote address:

104.21.86.187:80

Request

GET / HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 502 Bad Gateway

Date: Tue, 16 Jul 2024 09:12:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 6305
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rbzHMDgL08KhvmN4HDAQX1aF3ENKbf7w6OYs5%2BJStbW5ZchpxOz2zOl%2B7HXOlNlGSb9inRB7ypO0HDfVsu7nimXoQcJQxX1NcbFJlh1FysCK5ERX3pAa2%2B8uf%2BuQVA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 8a40dded183952ea-LHR
alt-svc: h3=":443"; ma=86400
GET

http://cheezit.xyz/cdn-cgi/styles/main.css

msedge.exe

Remote address:

104.21.86.187:80

Request

GET /cdn-cgi/styles/main.css HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://cheezit.xyz/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 16 Jul 2024 09:12:02 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
ETag: W/"668f943c-1f4d"
Server: cloudflare
CF-RAY: 8a40de497a1e52ea-LHR
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 16 Jul 2024 11:12:02 GMT
Cache-Control: max-age=7200
Cache-Control: public
Content-Encoding: gzip
GET

http://cheezit.xyz/cdn-cgi/images/cf-icon-browser.png

msedge.exe

Remote address:

104.21.86.187:80

Request

GET /cdn-cgi/images/cf-icon-browser.png HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 16 Jul 2024 09:12:02 GMT
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
ETag: "668f943c-1e4"
Server: cloudflare
CF-RAY: 8a40de49caaa52ea-LHR
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 16 Jul 2024 11:12:02 GMT
Cache-Control: max-age=7200
Cache-Control: public
Accept-Ranges: bytes
GET

http://cheezit.xyz/cdn-cgi/images/cf-icon-ok.png

msedge.exe

Remote address:

104.21.86.187:80

Request

GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 16 Jul 2024 09:12:02 GMT
Content-Type: image/png
Content-Length: 946
Connection: keep-alive
Last-Modified: Fri, 12 Jul 2024 17:10:21 GMT
ETag: "6691637d-3b2"
Server: cloudflare
CF-RAY: 8a40de49cab171e7-LHR
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 16 Jul 2024 11:12:02 GMT
Cache-Control: max-age=7200
Cache-Control: public
Accept-Ranges: bytes
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

187.86.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.86.21.104.in-addr.arpa

IN PTR

Response
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1894337322286A2E17A627CD23936B2A; domain=.bing.com; expires=Sun, 10-Aug-2025 09:11:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4CEF3467E9349F3BE321B6FFEE4AA40 Ref B: LON04EDGE0920 Ref C: 2024-07-16T09:11:49Z
date: Tue, 16 Jul 2024 09:11:48 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1894337322286A2E17A627CD23936B2A

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=nDQQD4xaFz7MRwKUzoM_4A_bX50i82lAfpB0yfKntqU; domain=.bing.com; expires=Sun, 10-Aug-2025 09:11:49 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C6231F32FB2141D1B4202E631E34D3F7 Ref B: LON04EDGE0920 Ref C: 2024-07-16T09:11:49Z
date: Tue, 16 Jul 2024 09:11:48 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1894337322286A2E17A627CD23936B2A; MSPTC=nDQQD4xaFz7MRwKUzoM_4A_bX50i82lAfpB0yfKntqU

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FBD396EE8CD94DE48C13037ACE309C69 Ref B: LON04EDGE0920 Ref C: 2024-07-16T09:11:49Z
date: Tue, 16 Jul 2024 09:11:48 GMT
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

www.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.cloudflare.com

IN A

Response

www.cloudflare.com

IN A

104.16.124.96

www.cloudflare.com

IN A

104.16.123.96
GET

http://cheezit.xyz/cdn-cgi/images/cf-icon-server.png

msedge.exe

Remote address:

104.21.86.187:80

Request

GET /cdn-cgi/images/cf-icon-server.png HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 16 Jul 2024 09:12:02 GMT
Content-Type: image/png
Content-Length: 1384
Connection: keep-alive
Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
ETag: "668f943c-568"
Server: cloudflare
CF-RAY: 8a40de4a1a823859-LHR
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 16 Jul 2024 11:12:02 GMT
Cache-Control: max-age=7200
Cache-Control: public
Accept-Ranges: bytes
GET

http://cheezit.xyz/cdn-cgi/images/cf-icon-error.png

msedge.exe

Remote address:

104.21.86.187:80

Request

GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 16 Jul 2024 09:12:02 GMT
Content-Type: image/png
Content-Length: 854
Connection: keep-alive
Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
ETag: "668f943c-356"
Server: cloudflare
CF-RAY: 8a40de4a1df7637f-LHR
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 16 Jul 2024 11:12:02 GMT
Cache-Control: max-age=7200
Cache-Control: public
Accept-Ranges: bytes
GET

http://cheezit.xyz/cdn-cgi/images/cf-icon-cloud.png

msedge.exe

Remote address:

104.21.86.187:80

Request

GET /cdn-cgi/images/cf-icon-cloud.png HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 16 Jul 2024 09:12:02 GMT
Content-Type: image/png
Content-Length: 1484
Connection: keep-alive
Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
ETag: "668f943c-5cc"
Server: cloudflare
CF-RAY: 8a40de4a186506d1-LHR
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 16 Jul 2024 11:12:02 GMT
Cache-Control: max-age=7200
Cache-Control: public
Accept-Ranges: bytes
GET

http://cheezit.xyz/favicon.ico

msedge.exe

Remote address:

104.21.86.187:80

Request

GET /favicon.ico HTTP/1.1
Host: cheezit.xyz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://cheezit.xyz/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 502 Bad Gateway

Date: Tue, 16 Jul 2024 09:12:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 6305
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ChvRlWsILe%2BP8knNIAW93cJMlVK%2FJJA%2FvR9FgttALA7GAMc8Kjsi2sywrffEEZ29dSeCbs93lsVuZrfJ9s%2BlADkJFX59g8hHlNZjJAUYnf003jx4PPT1Z8VR3oqSlg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 8a40de4a98c006d1-LHR
alt-svc: h3=":443"; ma=86400
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

147.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.142.123.92.in-addr.arpa

IN PTR

Response

147.142.123.92.in-addr.arpa

IN PTR

a92-123-142-147deploystaticakamaitechnologiescom
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 746576
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 84A3A29C7C4A4C91BBC6B5F6E30CD140 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
date: Tue, 16 Jul 2024 09:13:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 626199
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0A324B09AB994C91B1AB3EC64A7ED089 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
date: Tue, 16 Jul 2024 09:13:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 715625
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C8B1288FD5146689C2617DC9C84066E Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
date: Tue, 16 Jul 2024 09:13:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 892656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 401DD91594EB43A0909F4C0F7DDFCD39 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
date: Tue, 16 Jul 2024 09:13:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 866696
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6F29BACB3D4D475FB5D80A26EA1BA8D8 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
date: Tue, 16 Jul 2024 09:13:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 657438
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DB03102AE6444EC688EEAC01E0C092AD Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:27Z
date: Tue, 16 Jul 2024 09:13:27 GMT
DNS

168.117.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.117.168.52.in-addr.arpa

IN PTR

Response

104.21.86.187:80

http://cheezit.xyz/cdn-cgi/images/cf-icon-browser.png

http

msedge.exe

2.0kB
11.5kB
16
19

HTTP Request

GET http://cheezit.xyz/

HTTP Response

502

HTTP Request

GET http://cheezit.xyz/cdn-cgi/styles/main.css

HTTP Response

200

HTTP Request

GET http://cheezit.xyz/cdn-cgi/images/cf-icon-browser.png

HTTP Response

200
104.21.86.187:80

http://cheezit.xyz/cdn-cgi/images/cf-icon-ok.png

http

msedge.exe

884 B
1.9kB
10
10

HTTP Request

GET http://cheezit.xyz/cdn-cgi/images/cf-icon-ok.png

HTTP Response

200
13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

tls, http2

2.0kB
9.3kB
21
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

HTTP Response

204
104.21.86.187:80

http://cheezit.xyz/cdn-cgi/images/cf-icon-server.png

http

msedge.exe

888 B
2.3kB
10
10

HTTP Request

GET http://cheezit.xyz/cdn-cgi/images/cf-icon-server.png

HTTP Response

200
104.21.86.187:80

http://cheezit.xyz/cdn-cgi/images/cf-icon-error.png

http

msedge.exe

887 B
1.7kB
10
9

HTTP Request

GET http://cheezit.xyz/cdn-cgi/images/cf-icon-error.png

HTTP Response

200
104.21.86.187:80

http://cheezit.xyz/favicon.ico

http

msedge.exe

1.4kB
9.7kB
13
16

HTTP Request

GET http://cheezit.xyz/cdn-cgi/images/cf-icon-cloud.png

HTTP Response

200

HTTP Request

GET http://cheezit.xyz/favicon.ico

HTTP Response

502
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

161.0kB
4.7MB
3397
3392

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

cheezit.xyz

dns

msedge.exe

57 B
89 B
1
1

DNS Request

cheezit.xyz

DNS Response

104.21.86.187

172.67.223.186
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

187.86.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

187.86.21.104.in-addr.arpa
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
224.0.0.251:5353

526 B
8
8.8.8.8:53

www.cloudflare.com

dns

msedge.exe

64 B
96 B
1
1

DNS Request

www.cloudflare.com

DNS Response

104.16.124.96

104.16.123.96
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

147.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

147.142.123.92.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

168.117.168.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

168.117.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
517d67ae5bb465b53b821102c97c730b

SHA1
17328daa0c9b5f60edbde254d074995f35bd8159

SHA256
2d504e2ccd98bdd4fc2bab5528a4febcd7f43003d72a4843940f1db52fd5f5bf

SHA512
4f8e681929ce0ab7aa8654ae96f9895f9ecab23d3b20caf791e1611d61a01d6ac9c626be6b6d73bbface2b0b1bb1d51305ea50e078c69a7776907db8e4102486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3665aa8c0d339577f9c60b91de9de33

SHA1
f4a748954f9df0832f889872e8bd2bcd4a7ce72f

SHA256
a91084e10aabc9ffbeedd26ab2832c014994e3cd9e90f812a54a652cfd7a0df7

SHA512
960155b08667d10b07ef72a74abfae5445f9f5150d0d5fcf8cd39d2eaef5212cac49f7af50d09e5293591f102aec5092aea2aa02c70ba75380aa11e884a0a18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42ed19da255f25c08a81b1f067d2ccc7

SHA1
d74bb3fa6051753c4b99c225d1d1b56103a27b21

SHA256
e8ae7882ff4e68c572277f82962734e0e48d34f0ac5e29642c806e364265d21d

SHA512
bda8dd87f974a1ce9c643c57280c2a7e86a98c63200203b534cc7f497f1f6e19f2132d9ed7f7a690d855c13ba7fb2e6f51bcbad99c5ebc3f88e0d3ccfd78d875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c85de333314227fb43c9697e3cd295f

SHA1
1b253a1fe516a7cd89704d6bb91ba7812ef25f97

SHA256
ee66a70ff0a3abb89a855ba9bee2c487e249c9ea4ad79fd556d80dfc068ca432

SHA512
ddc2e4589da7d32833d5b256ab0ae24c887f34cfa16b76649ae24e626478ba2fdf77e7cada7c8108d1e34d9bc95d7f14fa8648635c5dd10868de4a5656411ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5026a25b76d10a89638c7b2d9011dbab

SHA1
d2f6558a4c5393fb280acf2afa9da55f0a59022a

SHA256
ccae650ca8c2fa4483dd15734544d1f49a1fcfef936698d724d46b1a6d134f16

SHA512
c169b390dadfd1d133a12ccb5ec13a567bd4b92fdd84670ff7342a41ab132becde4ab3cbcb1945e6208a0231eab91bf3d2a51c257a0807b46154b25e572cebca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.