Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    289s
  • max time network
    288s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2024, 09:11 UTC

General

  • Target

    http://cheezit.xyz

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cheezit.xyz
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3120
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a6f46f8,0x7ff90a6f4708,0x7ff90a6f4718
      2⤵
        PID:4088
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:2468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2300
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
          2⤵
            PID:2304
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:4604
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:5012
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
                2⤵
                  PID:4588
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3696
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                  2⤵
                    PID:1368
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                    2⤵
                      PID:3368
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                      2⤵
                        PID:1528
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                        2⤵
                          PID:4488
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4600
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1368
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1972

                          Network

                          • flag-us
                            DNS
                            cheezit.xyz
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            cheezit.xyz
                            IN A
                            Response
                            cheezit.xyz
                            IN A
                            104.21.86.187
                            cheezit.xyz
                            IN A
                            172.67.223.186
                          • flag-us
                            GET
                            http://cheezit.xyz/
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET / HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            DNT: 1
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 502 Bad Gateway
                            Date: Tue, 16 Jul 2024 09:12:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 6305
                            Connection: keep-alive
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rbzHMDgL08KhvmN4HDAQX1aF3ENKbf7w6OYs5%2BJStbW5ZchpxOz2zOl%2B7HXOlNlGSb9inRB7ypO0HDfVsu7nimXoQcJQxX1NcbFJlh1FysCK5ERX3pAa2%2B8uf%2BuQVA%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            X-Frame-Options: SAMEORIGIN
                            Referrer-Policy: same-origin
                            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                            Server: cloudflare
                            CF-RAY: 8a40dded183952ea-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            http://cheezit.xyz/cdn-cgi/styles/main.css
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET /cdn-cgi/styles/main.css HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: text/css,*/*;q=0.1
                            Referer: http://cheezit.xyz/
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Tue, 16 Jul 2024 09:12:02 GMT
                            Content-Type: text/css
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
                            ETag: W/"668f943c-1f4d"
                            Server: cloudflare
                            CF-RAY: 8a40de497a1e52ea-LHR
                            X-Frame-Options: DENY
                            X-Content-Type-Options: nosniff
                            Vary: Accept-Encoding
                            Expires: Tue, 16 Jul 2024 11:12:02 GMT
                            Cache-Control: max-age=7200
                            Cache-Control: public
                            Content-Encoding: gzip
                          • flag-us
                            GET
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-browser.png
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET /cdn-cgi/images/cf-icon-browser.png HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Tue, 16 Jul 2024 09:12:02 GMT
                            Content-Type: image/png
                            Content-Length: 484
                            Connection: keep-alive
                            Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
                            ETag: "668f943c-1e4"
                            Server: cloudflare
                            CF-RAY: 8a40de49caaa52ea-LHR
                            X-Frame-Options: DENY
                            X-Content-Type-Options: nosniff
                            Vary: Accept-Encoding
                            Expires: Tue, 16 Jul 2024 11:12:02 GMT
                            Cache-Control: max-age=7200
                            Cache-Control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-ok.png
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Tue, 16 Jul 2024 09:12:02 GMT
                            Content-Type: image/png
                            Content-Length: 946
                            Connection: keep-alive
                            Last-Modified: Fri, 12 Jul 2024 17:10:21 GMT
                            ETag: "6691637d-3b2"
                            Server: cloudflare
                            CF-RAY: 8a40de49cab171e7-LHR
                            X-Frame-Options: DENY
                            X-Content-Type-Options: nosniff
                            Vary: Accept-Encoding
                            Expires: Tue, 16 Jul 2024 11:12:02 GMT
                            Cache-Control: max-age=7200
                            Cache-Control: public
                            Accept-Ranges: bytes
                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            187.86.21.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            187.86.21.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            2.159.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            2.159.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            73.144.22.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            73.144.22.2.in-addr.arpa
                            IN PTR
                            Response
                            73.144.22.2.in-addr.arpa
                            IN PTR
                            a2-22-144-73deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            g.bing.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            g.bing.com
                            IN A
                            Response
                            g.bing.com
                            IN CNAME
                            g-bing-com.dual-a-0034.a-msedge.net
                            g-bing-com.dual-a-0034.a-msedge.net
                            IN CNAME
                            dual-a-0034.a-msedge.net
                            dual-a-0034.a-msedge.net
                            IN A
                            13.107.21.237
                            dual-a-0034.a-msedge.net
                            IN A
                            204.79.197.237
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
                            Remote address:
                            13.107.21.237:443
                            Request
                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MUID=1894337322286A2E17A627CD23936B2A; domain=.bing.com; expires=Sun, 10-Aug-2025 09:11:49 GMT; path=/; SameSite=None; Secure; Priority=High;
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: D4CEF3467E9349F3BE321B6FFEE4AA40 Ref B: LON04EDGE0920 Ref C: 2024-07-16T09:11:49Z
                            date: Tue, 16 Jul 2024 09:11:48 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
                            Remote address:
                            13.107.21.237:443
                            Request
                            GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=1894337322286A2E17A627CD23936B2A
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MSPTC=nDQQD4xaFz7MRwKUzoM_4A_bX50i82lAfpB0yfKntqU; domain=.bing.com; expires=Sun, 10-Aug-2025 09:11:49 GMT; path=/; Partitioned; secure; SameSite=None
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: C6231F32FB2141D1B4202E631E34D3F7 Ref B: LON04EDGE0920 Ref C: 2024-07-16T09:11:49Z
                            date: Tue, 16 Jul 2024 09:11:48 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
                            Remote address:
                            13.107.21.237:443
                            Request
                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=1894337322286A2E17A627CD23936B2A; MSPTC=nDQQD4xaFz7MRwKUzoM_4A_bX50i82lAfpB0yfKntqU
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: FBD396EE8CD94DE48C13037ACE309C69 Ref B: LON04EDGE0920 Ref C: 2024-07-16T09:11:49Z
                            date: Tue, 16 Jul 2024 09:11:48 GMT
                          • flag-us
                            DNS
                            228.249.119.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            228.249.119.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            237.21.107.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            237.21.107.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            www.cloudflare.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.cloudflare.com
                            IN A
                            Response
                            www.cloudflare.com
                            IN A
                            104.16.124.96
                            www.cloudflare.com
                            IN A
                            104.16.123.96
                          • flag-us
                            GET
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-server.png
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET /cdn-cgi/images/cf-icon-server.png HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Tue, 16 Jul 2024 09:12:02 GMT
                            Content-Type: image/png
                            Content-Length: 1384
                            Connection: keep-alive
                            Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
                            ETag: "668f943c-568"
                            Server: cloudflare
                            CF-RAY: 8a40de4a1a823859-LHR
                            X-Frame-Options: DENY
                            X-Content-Type-Options: nosniff
                            Vary: Accept-Encoding
                            Expires: Tue, 16 Jul 2024 11:12:02 GMT
                            Cache-Control: max-age=7200
                            Cache-Control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-error.png
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Tue, 16 Jul 2024 09:12:02 GMT
                            Content-Type: image/png
                            Content-Length: 854
                            Connection: keep-alive
                            Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
                            ETag: "668f943c-356"
                            Server: cloudflare
                            CF-RAY: 8a40de4a1df7637f-LHR
                            X-Frame-Options: DENY
                            X-Content-Type-Options: nosniff
                            Vary: Accept-Encoding
                            Expires: Tue, 16 Jul 2024 11:12:02 GMT
                            Cache-Control: max-age=7200
                            Cache-Control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-cloud.png
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET /cdn-cgi/images/cf-icon-cloud.png HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Referer: http://cheezit.xyz/cdn-cgi/styles/main.css
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Tue, 16 Jul 2024 09:12:02 GMT
                            Content-Type: image/png
                            Content-Length: 1484
                            Connection: keep-alive
                            Last-Modified: Thu, 11 Jul 2024 08:13:48 GMT
                            ETag: "668f943c-5cc"
                            Server: cloudflare
                            CF-RAY: 8a40de4a186506d1-LHR
                            X-Frame-Options: DENY
                            X-Content-Type-Options: nosniff
                            Vary: Accept-Encoding
                            Expires: Tue, 16 Jul 2024 11:12:02 GMT
                            Cache-Control: max-age=7200
                            Cache-Control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://cheezit.xyz/favicon.ico
                            msedge.exe
                            Remote address:
                            104.21.86.187:80
                            Request
                            GET /favicon.ico HTTP/1.1
                            Host: cheezit.xyz
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Referer: http://cheezit.xyz/
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 502 Bad Gateway
                            Date: Tue, 16 Jul 2024 09:12:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 6305
                            Connection: keep-alive
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ChvRlWsILe%2BP8knNIAW93cJMlVK%2FJJA%2FvR9FgttALA7GAMc8Kjsi2sywrffEEZ29dSeCbs93lsVuZrfJ9s%2BlADkJFX59g8hHlNZjJAUYnf003jx4PPT1Z8VR3oqSlg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Vary: Accept-Encoding
                            X-Frame-Options: SAMEORIGIN
                            Referrer-Policy: same-origin
                            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                            Server: cloudflare
                            CF-RAY: 8a40de4a98c006d1-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            DNS
                            154.239.44.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            154.239.44.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            86.23.85.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            86.23.85.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            56.126.166.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            56.126.166.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            147.142.123.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            147.142.123.92.in-addr.arpa
                            IN PTR
                            Response
                            147.142.123.92.in-addr.arpa
                            IN PTR
                            a92-123-142-147deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            81.144.22.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            81.144.22.2.in-addr.arpa
                            IN PTR
                            Response
                            81.144.22.2.in-addr.arpa
                            IN PTR
                            a2-22-144-81deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            29.243.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            29.243.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            57.169.31.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            57.169.31.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            tse1.mm.bing.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            tse1.mm.bing.net
                            IN A
                            Response
                            tse1.mm.bing.net
                            IN CNAME
                            mm-mm.bing.net.trafficmanager.net
                            mm-mm.bing.net.trafficmanager.net
                            IN CNAME
                            ax-0001.ax-msedge.net
                            ax-0001.ax-msedge.net
                            IN A
                            150.171.27.10
                            ax-0001.ax-msedge.net
                            IN A
                            150.171.28.10
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 746576
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 84A3A29C7C4A4C91BBC6B5F6E30CD140 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
                            date: Tue, 16 Jul 2024 09:13:26 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 626199
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 0A324B09AB994C91B1AB3EC64A7ED089 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
                            date: Tue, 16 Jul 2024 09:13:26 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 715625
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 9C8B1288FD5146689C2617DC9C84066E Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
                            date: Tue, 16 Jul 2024 09:13:26 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 892656
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 401DD91594EB43A0909F4C0F7DDFCD39 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
                            date: Tue, 16 Jul 2024 09:13:26 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 866696
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 6F29BACB3D4D475FB5D80A26EA1BA8D8 Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:26Z
                            date: Tue, 16 Jul 2024 09:13:26 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 657438
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: DB03102AE6444EC688EEAC01E0C092AD Ref B: LON04EDGE0608 Ref C: 2024-07-16T09:13:27Z
                            date: Tue, 16 Jul 2024 09:13:27 GMT
                          • flag-us
                            DNS
                            168.117.168.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            168.117.168.52.in-addr.arpa
                            IN PTR
                            Response
                          • 104.21.86.187:80
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-browser.png
                            http
                            msedge.exe
                            2.0kB
                            11.5kB
                            16
                            19

                            HTTP Request

                            GET http://cheezit.xyz/

                            HTTP Response

                            502

                            HTTP Request

                            GET http://cheezit.xyz/cdn-cgi/styles/main.css

                            HTTP Response

                            200

                            HTTP Request

                            GET http://cheezit.xyz/cdn-cgi/images/cf-icon-browser.png

                            HTTP Response

                            200
                          • 104.21.86.187:80
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-ok.png
                            http
                            msedge.exe
                            884 B
                            1.9kB
                            10
                            10

                            HTTP Request

                            GET http://cheezit.xyz/cdn-cgi/images/cf-icon-ok.png

                            HTTP Response

                            200
                          • 13.107.21.237:443
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
                            tls, http2
                            2.0kB
                            9.3kB
                            21
                            18

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a12437d1e38c4c108b2fb8624e7f8c6d&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

                            HTTP Response

                            204
                          • 104.21.86.187:80
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-server.png
                            http
                            msedge.exe
                            888 B
                            2.3kB
                            10
                            10

                            HTTP Request

                            GET http://cheezit.xyz/cdn-cgi/images/cf-icon-server.png

                            HTTP Response

                            200
                          • 104.21.86.187:80
                            http://cheezit.xyz/cdn-cgi/images/cf-icon-error.png
                            http
                            msedge.exe
                            887 B
                            1.7kB
                            10
                            9

                            HTTP Request

                            GET http://cheezit.xyz/cdn-cgi/images/cf-icon-error.png

                            HTTP Response

                            200
                          • 104.21.86.187:80
                            http://cheezit.xyz/favicon.ico
                            http
                            msedge.exe
                            1.4kB
                            9.7kB
                            13
                            16

                            HTTP Request

                            GET http://cheezit.xyz/cdn-cgi/images/cf-icon-cloud.png

                            HTTP Response

                            200

                            HTTP Request

                            GET http://cheezit.xyz/favicon.ico

                            HTTP Response

                            502
                          • 150.171.27.10:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            6.9kB
                            15
                            13
                          • 150.171.27.10:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            6.9kB
                            15
                            13
                          • 150.171.27.10:443
                            https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            tls, http2
                            161.0kB
                            4.7MB
                            3397
                            3392

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Response

                            200
                          • 150.171.27.10:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            6.9kB
                            15
                            13
                          • 150.171.27.10:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            6.9kB
                            15
                            13
                          • 8.8.8.8:53
                            cheezit.xyz
                            dns
                            msedge.exe
                            57 B
                            89 B
                            1
                            1

                            DNS Request

                            cheezit.xyz

                            DNS Response

                            104.21.86.187
                            172.67.223.186

                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                            90 B
                            1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            187.86.21.104.in-addr.arpa
                            dns
                            72 B
                            134 B
                            1
                            1

                            DNS Request

                            187.86.21.104.in-addr.arpa

                          • 8.8.8.8:53
                            2.159.190.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            2.159.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            73.144.22.2.in-addr.arpa
                            dns
                            70 B
                            133 B
                            1
                            1

                            DNS Request

                            73.144.22.2.in-addr.arpa

                          • 8.8.8.8:53
                            g.bing.com
                            dns
                            56 B
                            151 B
                            1
                            1

                            DNS Request

                            g.bing.com

                            DNS Response

                            13.107.21.237
                            204.79.197.237

                          • 8.8.8.8:53
                            228.249.119.40.in-addr.arpa
                            dns
                            73 B
                            159 B
                            1
                            1

                            DNS Request

                            228.249.119.40.in-addr.arpa

                          • 8.8.8.8:53
                            237.21.107.13.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            237.21.107.13.in-addr.arpa

                          • 224.0.0.251:5353
                            526 B
                            8
                          • 8.8.8.8:53
                            www.cloudflare.com
                            dns
                            msedge.exe
                            64 B
                            96 B
                            1
                            1

                            DNS Request

                            www.cloudflare.com

                            DNS Response

                            104.16.124.96
                            104.16.123.96

                          • 8.8.8.8:53
                            154.239.44.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            154.239.44.20.in-addr.arpa

                          • 8.8.8.8:53
                            86.23.85.13.in-addr.arpa
                            dns
                            70 B
                            144 B
                            1
                            1

                            DNS Request

                            86.23.85.13.in-addr.arpa

                          • 8.8.8.8:53
                            56.126.166.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            56.126.166.20.in-addr.arpa

                          • 8.8.8.8:53
                            147.142.123.92.in-addr.arpa
                            dns
                            73 B
                            139 B
                            1
                            1

                            DNS Request

                            147.142.123.92.in-addr.arpa

                          • 8.8.8.8:53
                            81.144.22.2.in-addr.arpa
                            dns
                            70 B
                            133 B
                            1
                            1

                            DNS Request

                            81.144.22.2.in-addr.arpa

                          • 8.8.8.8:53
                            29.243.111.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            29.243.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            57.169.31.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            57.169.31.20.in-addr.arpa

                          • 8.8.8.8:53
                            tse1.mm.bing.net
                            dns
                            62 B
                            170 B
                            1
                            1

                            DNS Request

                            tse1.mm.bing.net

                            DNS Response

                            150.171.27.10
                            150.171.28.10

                          • 8.8.8.8:53
                            168.117.168.52.in-addr.arpa
                            dns
                            73 B
                            147 B
                            1
                            1

                            DNS Request

                            168.117.168.52.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            210676dde5c0bd984dc057e2333e1075

                            SHA1

                            2d2f8c14ee48a2580f852db7ac605f81b5b1399a

                            SHA256

                            2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

                            SHA512

                            aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            f4e6521c03f1bc16d91d99c059cc5424

                            SHA1

                            043665051c486192a6eefe6d0632cf34ae8e89ad

                            SHA256

                            7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

                            SHA512

                            0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            517d67ae5bb465b53b821102c97c730b

                            SHA1

                            17328daa0c9b5f60edbde254d074995f35bd8159

                            SHA256

                            2d504e2ccd98bdd4fc2bab5528a4febcd7f43003d72a4843940f1db52fd5f5bf

                            SHA512

                            4f8e681929ce0ab7aa8654ae96f9895f9ecab23d3b20caf791e1611d61a01d6ac9c626be6b6d73bbface2b0b1bb1d51305ea50e078c69a7776907db8e4102486

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            d3665aa8c0d339577f9c60b91de9de33

                            SHA1

                            f4a748954f9df0832f889872e8bd2bcd4a7ce72f

                            SHA256

                            a91084e10aabc9ffbeedd26ab2832c014994e3cd9e90f812a54a652cfd7a0df7

                            SHA512

                            960155b08667d10b07ef72a74abfae5445f9f5150d0d5fcf8cd39d2eaef5212cac49f7af50d09e5293591f102aec5092aea2aa02c70ba75380aa11e884a0a18c

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            42ed19da255f25c08a81b1f067d2ccc7

                            SHA1

                            d74bb3fa6051753c4b99c225d1d1b56103a27b21

                            SHA256

                            e8ae7882ff4e68c572277f82962734e0e48d34f0ac5e29642c806e364265d21d

                            SHA512

                            bda8dd87f974a1ce9c643c57280c2a7e86a98c63200203b534cc7f497f1f6e19f2132d9ed7f7a690d855c13ba7fb2e6f51bcbad99c5ebc3f88e0d3ccfd78d875

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            5c85de333314227fb43c9697e3cd295f

                            SHA1

                            1b253a1fe516a7cd89704d6bb91ba7812ef25f97

                            SHA256

                            ee66a70ff0a3abb89a855ba9bee2c487e249c9ea4ad79fd556d80dfc068ca432

                            SHA512

                            ddc2e4589da7d32833d5b256ab0ae24c887f34cfa16b76649ae24e626478ba2fdf77e7cada7c8108d1e34d9bc95d7f14fa8648635c5dd10868de4a5656411ea2

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            11KB

                            MD5

                            5026a25b76d10a89638c7b2d9011dbab

                            SHA1

                            d2f6558a4c5393fb280acf2afa9da55f0a59022a

                            SHA256

                            ccae650ca8c2fa4483dd15734544d1f49a1fcfef936698d724d46b1a6d134f16

                            SHA512

                            c169b390dadfd1d133a12ccb5ec13a567bd4b92fdd84670ff7342a41ab132becde4ab3cbcb1945e6208a0231eab91bf3d2a51c257a0807b46154b25e572cebca

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.