d51ca514fc5b7524053550850b5330fa7b938b1a86187b017987fcadd6e0173d

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 03:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76f2c3ff3e44be56b2f5e4a4b69f6ade_JaffaCakes118.html
Size

26KB
MD5

76f2c3ff3e44be56b2f5e4a4b69f6ade
SHA1

6efc19a571bee935355dc14fa03988301981900e
SHA256

d51ca514fc5b7524053550850b5330fa7b938b1a86187b017987fcadd6e0173d
SHA512

b349c37abdeb4c6b57351a82abc7fc8678ad9daae4e75bc55b50ffaee8f37c0a743c3a9d00c5278048059742935940e93f36974c75d144d6b8315683f773a17a
SSDEEP

384:SZ+CEPRcX1pyyt7PbjbfjeZ4O+uGsIz9Jd4+Cd9T6ApbDYA77Lwvob1:SGRcX1pyyt7Pnbfq6b7S+4jXwI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1276	msedge.exe
1276	msedge.exe
660	identity_helper.exe
660	identity_helper.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 4716	1276	msedge.exe	84
PID 1276 wrote to memory of 4716	1276	msedge.exe	84
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 4584	1276	msedge.exe	85
PID 1276 wrote to memory of 1108	1276	msedge.exe	86
PID 1276 wrote to memory of 1108	1276	msedge.exe	86
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87
PID 1276 wrote to memory of 376	1276	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\76f2c3ff3e44be56b2f5e4a4b69f6ade_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff8c39246f8,0x7ff8c3924708,0x7ff8c3924718
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,7405457413903689555,10624580154429906717,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

Network

DNS

www.digitaldreammachine.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.digitaldreammachine.com

IN A

Response

www.digitaldreammachine.com

IN A

173.236.194.77
DNS

images1.fanpop.com

msedge.exe

Remote address:

8.8.8.8:53

Request

images1.fanpop.com

IN A

Response

images1.fanpop.com

IN A

104.26.10.178

images1.fanpop.com

IN A

172.67.73.155

images1.fanpop.com

IN A

104.26.11.178
DNS

2.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

216.58.215.33
DNS

images2.layoutsparks.com

msedge.exe

Remote address:

8.8.8.8:53

Request

images2.layoutsparks.com

IN A

Response
DNS

i274.photobucket.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i274.photobucket.com

IN A

Response

i274.photobucket.com

IN A

18.239.18.64

i274.photobucket.com

IN A

18.239.18.50

i274.photobucket.com

IN A

18.239.18.8

i274.photobucket.com

IN A

18.239.18.21
DNS

i274.photobucket.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i274.photobucket.com

IN A
DNS

i274.photobucket.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i274.photobucket.com

IN A
DNS

www.xmasjoys.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.xmasjoys.com

IN A

Response

www.xmasjoys.com

IN CNAME

parking.namesilo.com

parking.namesilo.com

IN A

70.39.125.243

parking.namesilo.com

IN A

209.141.38.71

parking.namesilo.com

IN A

173.44.37.208

parking.namesilo.com

IN A

198.251.81.30

parking.namesilo.com

IN A

204.188.203.154

parking.namesilo.com

IN A

64.32.22.102

parking.namesilo.com

IN A

198.251.84.92

parking.namesilo.com

IN A

168.235.88.209

parking.namesilo.com

IN A

45.58.190.82

parking.namesilo.com

IN A

104.238.249.57

parking.namesilo.com

IN A

107.161.23.204
DNS

s1.daemonsmovies.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s1.daemonsmovies.com

IN A

Response
DNS

4.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

216.58.215.33
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

216.58.215.33
DNS

www.fullhalloween.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.fullhalloween.com

IN A

Response

www.fullhalloween.com

IN CNAME

fullhalloween.com

fullhalloween.com

IN A

76.223.67.189

fullhalloween.com

IN A

13.248.213.45
DNS

www.nxewallpapers.co.uk

msedge.exe

Remote address:

8.8.8.8:53

Request

www.nxewallpapers.co.uk

IN A

Response
DNS

images4.fanpop.com

msedge.exe

Remote address:

8.8.8.8:53

Request

images4.fanpop.com

IN A

Response

images4.fanpop.com

IN A

104.26.10.178

images4.fanpop.com

IN A

172.67.73.155

images4.fanpop.com

IN A

104.26.11.178
DNS

c.hit.ua

msedge.exe

Remote address:

8.8.8.8:53

Request

c.hit.ua

IN A

Response

c.hit.ua

IN A

89.184.81.35
GET

http://images1.fanpop.com/images/image_uploads/Nightmare-Before-Christmas-nightmare-before-christmas-1096230_845_1366.jpg

msedge.exe

Remote address:

104.26.10.178:80

Request

GET /images/image_uploads/Nightmare-Before-Christmas-nightmare-before-christmas-1096230_845_1366.jpg HTTP/1.1
Host: images1.fanpop.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 30 Jul 2024 06:00:13 GMT
Content-Type: image/jpeg
Content-Length: 234612
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Cf-Bgj: h2pri
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Thu, 05 Mar 2009 14:14:07 GMT
CF-Cache-Status: HIT
Age: 54
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7uqc6m0cZ14gbS7hPJvAozPQP0D4Va6EFc2Weo1Km6SUwbFDYF8SpfNJCmyzpL22NLFNtmmkhi8cimudFmAIpMgsPeqljHLM0u5%2BwYePw4gINOxsZIwpAe5XAIHCOohHHI4LYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8ab3208baf046343-LHR
GET

http://images1.fanpop.com/images/image_uploads/the-nightmare-before-christmas-nightmare-before-christmas-1085652_1280_1024.jpg

msedge.exe

Remote address:

104.26.10.178:80

Request

GET /images/image_uploads/the-nightmare-before-christmas-nightmare-before-christmas-1085652_1280_1024.jpg HTTP/1.1
Host: images1.fanpop.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 30 Jul 2024 06:00:13 GMT
Content-Type: image/jpeg
Content-Length: 584337
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Cf-Bgj: h2pri
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Fri, 06 Mar 2009 08:44:00 GMT
CF-Cache-Status: HIT
Age: 54
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nR1lSrPo04ruD9Vup6v2ucS%2BU8QN4TbJvMqbh5PerNNlhd978pmh5TCZoz84tsUY7rsMXEMw4Fb1uNmVB1egXDZw5lvNvVoVNbyml%2BfcMtY%2FH2Hcs3x8e6ffLpe32FNpJKuRAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8ab3208c7fcf6343-LHR
GET

http://2.bp.blogspot.com/_-ej2nIqR7_A/SiawKTJMLSI/AAAAAAAAArc/mMcOpT7SYnY/s320/Nightmare-Before-Christmas-Halloween-Wallpaper.jpg

msedge.exe

Remote address:

216.58.215.33:80

Request

GET /_-ej2nIqR7_A/SiawKTJMLSI/AAAAAAAAArc/mMcOpT7SYnY/s320/Nightmare-Before-Christmas-Halloween-Wallpaper.jpg HTTP/1.1
Host: 2.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Nightmare-Before-Christmas-Halloween-Wallpaper.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 50427
X-XSS-Protection: 0
Date: Tue, 30 Jul 2024 05:59:19 GMT
Expires: Wed, 31 Jul 2024 05:59:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v2b7"
Content-Type: image/jpeg
Vary: Origin
Age: 54
GET

http://c.hit.ua/hit?i=58001&g=0&x=2&s=1&t=0&w=1280&h=720&d=24&0.6892064164911285&r=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76f2c3ff3e44be56b2f5e4a4b69f6ade_JaffaCakes118.html

msedge.exe

Remote address:

89.184.81.35:80

Request

GET /hit?i=58001&g=0&x=2&s=1&t=0&w=1280&h=720&d=24&0.6892064164911285&r=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76f2c3ff3e44be56b2f5e4a4b69f6ade_JaffaCakes118.html HTTP/1.1
Host: c.hit.ua
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.17.9
Date: Tue, 30 Jul 2024 06:00:13 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
GET

http://1.bp.blogspot.com/_X3odM3zhweU/SeIAPFzo-GI/AAAAAAAAAik/jHHQkMknvXA/s400/Nightmare-Before-Christmas-Jack-Skellington.jpg

msedge.exe

Remote address:

216.58.215.33:80

Request

GET /_X3odM3zhweU/SeIAPFzo-GI/AAAAAAAAAik/jHHQkMknvXA/s400/Nightmare-Before-Christmas-Jack-Skellington.jpg HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Nightmare-Before-Christmas-Jack-Skellington.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 25620
X-XSS-Protection: 0
Date: Tue, 30 Jul 2024 05:59:18 GMT
Expires: Wed, 31 Jul 2024 05:59:18 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v229"
Content-Type: image/jpeg
Vary: Origin
Age: 55
DNS

i43.photobucket.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i43.photobucket.com

IN A

Response

i43.photobucket.com

IN A

18.239.18.21

i43.photobucket.com

IN A

18.239.18.50

i43.photobucket.com

IN A

18.239.18.64

i43.photobucket.com

IN A

18.239.18.8
GET

http://4.bp.blogspot.com/_X3odM3zhweU/SeIAOwsETyI/AAAAAAAAAiU/74Ydn9rW8Y4/s400/Jack-Skellington-in-Nightmare-Before-Christmas.jpg

msedge.exe

Remote address:

216.58.215.33:80

Request

GET /_X3odM3zhweU/SeIAOwsETyI/AAAAAAAAAiU/74Ydn9rW8Y4/s400/Jack-Skellington-in-Nightmare-Before-Christmas.jpg HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Jack-Skellington-in-Nightmare-Before-Christmas.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 28843
X-XSS-Protection: 0
Date: Tue, 30 Jul 2024 05:59:19 GMT
Expires: Wed, 31 Jul 2024 05:59:19 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v225"
Content-Type: image/jpeg
Vary: Origin
Age: 54
GET

http://images4.fanpop.com/image/photos/16300000/Jack-nightmare-before-christmas-16363717-1024-768.jpg

msedge.exe

Remote address:

104.26.10.178:80

Request

GET /image/photos/16300000/Jack-nightmare-before-christmas-16363717-1024-768.jpg HTTP/1.1
Host: images4.fanpop.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 30 Jul 2024 06:00:13 GMT
Content-Type: image/jpeg
Content-Length: 26916
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Cf-Bgj: h2pri
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 18 Oct 2010 19:05:29 GMT
CF-Cache-Status: HIT
Age: 54
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YNA3SDnw8YQ6uhldR5JZW2vU8zrd9lYm3LfQC1R%2BeC2%2BeAZANp4lLMrmA8yBdL8RWLj3a7kD%2F8cweRdYCMYg%2B9td8Gr5t3w0uQKN7DXfuAHqVNS0%2FwiN7DtSwW7ghEbXj6wf7w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8ab3208bdb606542-LHR
GET

http://www.fullhalloween.com/blog/wp-content/uploads/2008/10/nightmare_before_christmas_3d_poster_2.jpg

msedge.exe

Remote address:

76.223.67.189:80

Request

GET /blog/wp-content/uploads/2008/10/nightmare_before_christmas_3d_poster_2.jpg HTTP/1.1
Host: www.fullhalloween.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Tue, 30 Jul 2024 06:00:14 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://www.digitaldreammachine.com/blogimages/ddm/NMBC3DFeaturette01.jpg

msedge.exe

Remote address:

173.236.194.77:80

Request

GET /blogimages/ddm/NMBC3DFeaturette01.jpg HTTP/1.1
Host: www.digitaldreammachine.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 30 Jul 2024 06:00:14 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 19 Oct 2006 22:13:21 GMT
ETag: "18dc3-420314b9e6240"
Accept-Ranges: bytes
Content-Length: 101827
Cache-Control: max-age=2592000
Expires: Thu, 29 Aug 2024 06:00:14 GMT
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Content-Type: image/jpeg
GET

http://www.xmasjoys.com/christmas_wallpapers/christmas_wallpaper_03.jpg

msedge.exe

Remote address:

70.39.125.243:80

Request

GET /christmas_wallpapers/christmas_wallpaper_03.jpg HTTP/1.1
Host: www.xmasjoys.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Server: nginx
Date: Tue, 30 Jul 2024 06:00:14 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: http://www.xmasjoys.com
GET

http://www.xmasjoys.com/

msedge.exe

Remote address:

70.39.125.243:80

Request

GET / HTTP/1.1
Host: www.xmasjoys.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 30 Jul 2024 06:00:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
X-Proxy-Cache: HIT
GET

http://i43.photobucket.com/albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg

msedge.exe

Remote address:

18.239.18.21:80

Request

GET /albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg HTTP/1.1
Host: i43.photobucket.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: CloudFront
Date: Tue, 30 Jul 2024 06:00:14 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://i43.photobucket.com/albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg
X-Cache: Redirect from cloudfront
Via: 1.1 ed8a64af6e81621f0f4bbf3ca72f2da4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P6
X-Amz-Cf-Id: aOwjf-81IJ-RRQVaMoQadoxpPHJX7usvkP0DsxQcNkxgq-cL-G5tnw==
Vary: Origin
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR
DNS

178.10.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.10.26.104.in-addr.arpa

IN PTR

Response
DNS

178.10.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.10.26.104.in-addr.arpa

IN PTR
DNS

33.215.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.215.58.216.in-addr.arpa

IN PTR

Response

33.215.58.216.in-addr.arpa

IN PTR

par21s17-in-f11e100net
DNS

33.215.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.215.58.216.in-addr.arpa

IN PTR
DNS

189.67.223.76.in-addr.arpa

Remote address:

8.8.8.8:53

Request

189.67.223.76.in-addr.arpa

IN PTR

Response

189.67.223.76.in-addr.arpa

IN PTR

a67c48129651a0940awsglobalacceleratorcom
DNS

189.67.223.76.in-addr.arpa

Remote address:

8.8.8.8:53

Request

189.67.223.76.in-addr.arpa

IN PTR
DNS

35.81.184.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.81.184.89.in-addr.arpa

IN PTR

Response

35.81.184.89.in-addr.arpa

IN PTR

chitua
DNS

35.81.184.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.81.184.89.in-addr.arpa

IN PTR
DNS

77.194.236.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.194.236.173.in-addr.arpa

IN PTR

Response

77.194.236.173.in-addr.arpa

IN PTR

apache2-patiad1-shared-e1-06 dreamhostcom
DNS

77.194.236.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.194.236.173.in-addr.arpa

IN PTR
GET

https://i43.photobucket.com/albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg

msedge.exe

Remote address:

18.239.18.21:443

Request

GET /albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg HTTP/2.0
host: i43.photobucket.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/webp
content-length: 71640
date: Tue, 30 Jul 2024 06:00:15 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="NightmareBeforeChristmas3JackWallpa.webp"
content-security-policy: script-src 'none'
expires: Wed, 30 Jul 2025 06:00:15 GMT
server: photobucket
x-amzn-trace-id: Root=1-66a8816e-128ec2d03d5b514b18122d32
x-request-id: AseFQqnsWwBriDL2yaB8a
vary: Accept
x-cache: Miss from cloudfront
via: 1.1 2fb699a7d2ee3ddd9b1caad139f90e76.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-amz-cf-id: 2TBm21PDU7v23exZxrtyQEa_7wcjeh7oWhUJmZKc1hliy2XMu1kT6Q==
vary: Origin
GET

https://i274.photobucket.com/albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg

msedge.exe

Remote address:

18.239.18.21:443

Request

GET /albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg HTTP/2.0
host: i274.photobucket.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/webp
content-length: 88952
date: Tue, 30 Jul 2024 06:00:15 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="nightmare.webp"
content-security-policy: script-src 'none'
expires: Wed, 30 Jul 2025 06:00:15 GMT
server: photobucket
x-amzn-trace-id: Root=1-66a8816f-1e54d34b75cf47f943fc3348
x-request-id: XbGSk9KJlSFzIuFO7ZLbC
vary: Accept
x-cache: Miss from cloudfront
via: 1.1 2fb699a7d2ee3ddd9b1caad139f90e76.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-amz-cf-id: So0_rmr-SLemW_5pJbi_afwe5w00nEsazLul5oMc1QsmBPx-lQFNNA==
vary: Origin
DNS

243.125.39.70.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.125.39.70.in-addr.arpa

IN PTR

Response

243.125.39.70.in-addr.arpa

IN PTR

forceinstantlyprogress5com
DNS

21.18.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.18.239.18.in-addr.arpa

IN PTR

Response

21.18.239.18.in-addr.arpa

IN PTR

server-18-239-18-21ams58r cloudfrontnet
GET

http://i274.photobucket.com/albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg

msedge.exe

Remote address:

18.239.18.64:80

Request

GET /albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg HTTP/1.1
Host: i274.photobucket.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: CloudFront
Date: Tue, 30 Jul 2024 06:00:15 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://i274.photobucket.com/albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg
X-Cache: Redirect from cloudfront
Via: 1.1 2e6275c73445d58429e5205e011d70ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P6
X-Amz-Cf-Id: ZVEwzfJoV08-PVqZzKsydH0jVGi2V90WqGqPKlXMUXt8UjkiL3F1zQ==
Vary: Origin
DNS

15.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.39.65.18.in-addr.arpa

IN PTR

Response

15.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-15ams1r cloudfrontnet
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

s.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s.ytimg.com

IN A

Response

s.ytimg.com

IN A

172.217.20.206
GET

http://s.ytimg.com/yt/favicon-vfl147246.ico

msedge.exe

Remote address:

172.217.20.206:80

Request

GET /yt/favicon-vfl147246.ico HTTP/1.1
Host: s.ytimg.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Content-Length: 290
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Date: Tue, 30 Jul 2024 05:34:22 GMT
Expires: Wed, 07 Aug 2024 05:34:22 GMT
Cache-Control: public, max-age=691200
Last-Modified: Mon, 10 Sep 2012 02:55:29 GMT
Content-Type: image/x-icon
Vary: Accept-Encoding
Age: 1554
DNS

64.18.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.18.239.18.in-addr.arpa

IN PTR

Response

64.18.239.18.in-addr.arpa

IN PTR

server-18-239-18-64ams58r cloudfrontnet
DNS

206.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.20.217.172.in-addr.arpa

IN PTR

Response

206.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f2061e100net

206.20.217.172.in-addr.arpa

IN PTR

par10s50-in-f14�J

206.20.217.172.in-addr.arpa

IN PTR

waw02s08-in-f14�J
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388128_1DFVE2FTICTWWY2JO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388128_1DFVE2FTICTWWY2JO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 730683
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 02208033245A49B4A7C3C2A92917DA90 Ref B: LON04EDGE0814 Ref C: 2024-07-30T06:01:53Z
date: Tue, 30 Jul 2024 06:01:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 539839
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4E212AC681144553B9DB3BD2649B09A0 Ref B: LON04EDGE0814 Ref C: 2024-07-30T06:01:53Z
date: Tue, 30 Jul 2024 06:01:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 574648
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4693D94A9ABC4B419E40957D3E79497A Ref B: LON04EDGE0814 Ref C: 2024-07-30T06:01:53Z
date: Tue, 30 Jul 2024 06:01:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 522409
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6092D227472D47FC867B100E8BAD8807 Ref B: LON04EDGE0814 Ref C: 2024-07-30T06:01:53Z
date: Tue, 30 Jul 2024 06:01:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 534196
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1D3B6239796A44BB988C6BDAAE71F41A Ref B: LON04EDGE0814 Ref C: 2024-07-30T06:01:53Z
date: Tue, 30 Jul 2024 06:01:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 491307
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA9E038BB8A14FBAABEC80C339F64B64 Ref B: LON04EDGE0814 Ref C: 2024-07-30T06:01:54Z
date: Tue, 30 Jul 2024 06:01:53 GMT
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response

104.26.10.178:80

http://images1.fanpop.com/images/image_uploads/the-nightmare-before-christmas-nightmare-before-christmas-1085652_1280_1024.jpg

http

msedge.exe

26.3kB
857.7kB
503
624

HTTP Request

GET http://images1.fanpop.com/images/image_uploads/Nightmare-Before-Christmas-nightmare-before-christmas-1096230_845_1366.jpg

HTTP Response

200

HTTP Request

GET http://images1.fanpop.com/images/image_uploads/the-nightmare-before-christmas-nightmare-before-christmas-1085652_1280_1024.jpg

HTTP Response

200
216.58.215.33:80

http://2.bp.blogspot.com/_-ej2nIqR7_A/SiawKTJMLSI/AAAAAAAAArc/mMcOpT7SYnY/s320/Nightmare-Before-Christmas-Halloween-Wallpaper.jpg

http

msedge.exe

1.6kB
52.7kB
25
43

HTTP Request

GET http://2.bp.blogspot.com/_-ej2nIqR7_A/SiawKTJMLSI/AAAAAAAAArc/mMcOpT7SYnY/s320/Nightmare-Before-Christmas-Halloween-Wallpaper.jpg

HTTP Response

200
104.26.10.178:80

images4.fanpop.com

msedge.exe

242 B
132 B
5
3
70.39.125.243:80

www.xmasjoys.com

msedge.exe

242 B
128 B
5
3
89.184.81.35:80

http://c.hit.ua/hit?i=58001&g=0&x=2&s=1&t=0&w=1280&h=720&d=24&0.6892064164911285&r=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76f2c3ff3e44be56b2f5e4a4b69f6ade_JaffaCakes118.html

http

msedge.exe

828 B
543 B
7
6

HTTP Request

GET http://c.hit.ua/hit?i=58001&g=0&x=2&s=1&t=0&w=1280&h=720&d=24&0.6892064164911285&r=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76f2c3ff3e44be56b2f5e4a4b69f6ade_JaffaCakes118.html

HTTP Response

200
216.58.215.33:80

http://1.bp.blogspot.com/_X3odM3zhweU/SeIAPFzo-GI/AAAAAAAAAik/jHHQkMknvXA/s400/Nightmare-Before-Christmas-Jack-Skellington.jpg

http

msedge.exe

1.2kB
27.2kB
16
25

HTTP Request

GET http://1.bp.blogspot.com/_X3odM3zhweU/SeIAPFzo-GI/AAAAAAAAAik/jHHQkMknvXA/s400/Nightmare-Before-Christmas-Jack-Skellington.jpg

HTTP Response

200
216.58.215.33:80

http://4.bp.blogspot.com/_X3odM3zhweU/SeIAOwsETyI/AAAAAAAAAiU/74Ydn9rW8Y4/s400/Jack-Skellington-in-Nightmare-Before-Christmas.jpg

http

msedge.exe

1.2kB
30.5kB
17
27

HTTP Request

GET http://4.bp.blogspot.com/_X3odM3zhweU/SeIAOwsETyI/AAAAAAAAAiU/74Ydn9rW8Y4/s400/Jack-Skellington-in-Nightmare-Before-Christmas.jpg

HTTP Response

200
104.26.10.178:80

http://images4.fanpop.com/image/photos/16300000/Jack-nightmare-before-christmas-16363717-1024-768.jpg

http

msedge.exe

1.2kB
28.8kB
17
26

HTTP Request

GET http://images4.fanpop.com/image/photos/16300000/Jack-nightmare-before-christmas-16363717-1024-768.jpg

HTTP Response

200
76.223.67.189:80

http://www.fullhalloween.com/blog/wp-content/uploads/2008/10/nightmare_before_christmas_3d_poster_2.jpg

http

msedge.exe

2.1kB
431 B
8
4

HTTP Request

GET http://www.fullhalloween.com/blog/wp-content/uploads/2008/10/nightmare_before_christmas_3d_poster_2.jpg

HTTP Response

200
173.236.194.77:80

http://www.digitaldreammachine.com/blogimages/ddm/NMBC3DFeaturette01.jpg

http

msedge.exe

3.7kB
105.5kB
46
81

HTTP Request

GET http://www.digitaldreammachine.com/blogimages/ddm/NMBC3DFeaturette01.jpg

HTTP Response

200
18.239.18.21:80

i43.photobucket.com

msedge.exe

288 B
172 B
6
4
173.236.194.77:80

www.digitaldreammachine.com

msedge.exe

236 B
92 B
5
2
104.26.10.178:80

images4.fanpop.com

msedge.exe

242 B
132 B
5
3
70.39.125.243:80

http://www.xmasjoys.com/

http

msedge.exe

1.1kB
2.7kB
7
6

HTTP Request

GET http://www.xmasjoys.com/christmas_wallpapers/christmas_wallpaper_03.jpg

HTTP Response

302

HTTP Request

GET http://www.xmasjoys.com/

HTTP Response

200
18.239.18.21:80

http://i43.photobucket.com/albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg

http

msedge.exe

740 B
939 B
7
6

HTTP Request

GET http://i43.photobucket.com/albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg

HTTP Response

301
18.239.18.21:443

https://i274.photobucket.com/albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg

tls, http2

msedge.exe

4.7kB
174.1kB
77
139

HTTP Request

GET https://i43.photobucket.com/albums/e352/sorrowfull_angel/NightmareBeforeChristmas3JackWallpa.jpg

HTTP Response

200

HTTP Request

GET https://i274.photobucket.com/albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg

HTTP Response

200
18.239.18.64:80

http://i274.photobucket.com/albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg

http

msedge.exe

729 B
928 B
7
6

HTTP Request

GET http://i274.photobucket.com/albums/jj253/iluvnickjonas_3000/Wallpapers/nightmare.jpg

HTTP Response

301
172.217.20.206:80

http://s.ytimg.com/yt/favicon-vfl147246.ico

http

msedge.exe

688 B
1.2kB
7
6

HTTP Request

GET http://s.ytimg.com/yt/favicon-vfl147246.ico

HTTP Response

200
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

127.9kB
3.5MB
2567
2563

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388128_1DFVE2FTICTWWY2JO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

www.digitaldreammachine.com

dns

msedge.exe

73 B
89 B
1
1

DNS Request

www.digitaldreammachine.com

DNS Response

173.236.194.77
8.8.8.8:53

images1.fanpop.com

dns

msedge.exe

64 B
112 B
1
1

DNS Request

images1.fanpop.com

DNS Response

104.26.10.178

172.67.73.155

104.26.11.178
8.8.8.8:53

2.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

216.58.215.33
8.8.8.8:53

images2.layoutsparks.com

dns

msedge.exe

70 B
142 B
1
1

DNS Request

images2.layoutsparks.com
8.8.8.8:53

i274.photobucket.com

dns

msedge.exe

198 B
130 B
3
1

DNS Request

i274.photobucket.com

DNS Request

i274.photobucket.com

DNS Request

i274.photobucket.com

DNS Response

18.239.18.64

18.239.18.50

18.239.18.8

18.239.18.21
8.8.8.8:53

www.xmasjoys.com

dns

msedge.exe

62 B
269 B
1
1

DNS Request

www.xmasjoys.com

DNS Response

70.39.125.243

209.141.38.71

173.44.37.208

198.251.81.30

204.188.203.154

64.32.22.102

198.251.84.92

168.235.88.209

45.58.190.82

104.238.249.57

107.161.23.204
8.8.8.8:53

s1.daemonsmovies.com

dns

msedge.exe

66 B
146 B
1
1

DNS Request

s1.daemonsmovies.com
8.8.8.8:53

4.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

216.58.215.33
8.8.8.8:53

1.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

216.58.215.33
8.8.8.8:53

www.fullhalloween.com

dns

msedge.exe

67 B
113 B
1
1

DNS Request

www.fullhalloween.com

DNS Response

76.223.67.189

13.248.213.45
8.8.8.8:53

www.nxewallpapers.co.uk

dns

msedge.exe

69 B
137 B
1
1

DNS Request

www.nxewallpapers.co.uk
8.8.8.8:53

images4.fanpop.com

dns

msedge.exe

64 B
112 B
1
1

DNS Request

images4.fanpop.com

DNS Response

104.26.10.178

172.67.73.155

104.26.11.178
8.8.8.8:53

c.hit.ua

dns

msedge.exe

54 B
70 B
1
1

DNS Request

c.hit.ua

DNS Response

89.184.81.35
8.8.8.8:53

i43.photobucket.com

dns

msedge.exe

65 B
129 B
1
1

DNS Request

i43.photobucket.com

DNS Response

18.239.18.21

18.239.18.50

18.239.18.64

18.239.18.8
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

142 B
145 B
2
1

DNS Request

97.17.167.52.in-addr.arpa

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

140 B
133 B
2
1

DNS Request

73.144.22.2.in-addr.arpa

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

138.32.126.40.in-addr.arpa

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

178.10.26.104.in-addr.arpa

dns

144 B
134 B
2
1

DNS Request

178.10.26.104.in-addr.arpa

DNS Request

178.10.26.104.in-addr.arpa
8.8.8.8:53

33.215.58.216.in-addr.arpa

dns

144 B
110 B
2
1

DNS Request

33.215.58.216.in-addr.arpa

DNS Request

33.215.58.216.in-addr.arpa
8.8.8.8:53

189.67.223.76.in-addr.arpa

dns

144 B
128 B
2
1

DNS Request

189.67.223.76.in-addr.arpa

DNS Request

189.67.223.76.in-addr.arpa
8.8.8.8:53

35.81.184.89.in-addr.arpa

dns

142 B
93 B
2
1

DNS Request

35.81.184.89.in-addr.arpa

DNS Request

35.81.184.89.in-addr.arpa
8.8.8.8:53

77.194.236.173.in-addr.arpa

dns

146 B
130 B
2
1

DNS Request

77.194.236.173.in-addr.arpa

DNS Request

77.194.236.173.in-addr.arpa
8.8.8.8:53

243.125.39.70.in-addr.arpa

dns

72 B
114 B
1
1

DNS Request

243.125.39.70.in-addr.arpa
8.8.8.8:53

21.18.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

21.18.239.18.in-addr.arpa
8.8.8.8:53

15.39.65.18.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

15.39.65.18.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

s.ytimg.com

dns

msedge.exe

57 B
73 B
1
1

DNS Request

s.ytimg.com

DNS Response

172.217.20.206
8.8.8.8:53

64.18.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

64.18.239.18.in-addr.arpa
224.0.0.251:5353

520 B
8
8.8.8.8:53

206.20.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.20.217.172.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

219 B
147 B
3
1

DNS Request

103.169.127.40.in-addr.arpa

DNS Request

103.169.127.40.in-addr.arpa

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
187B

MD5
2b18e7507da50694867047e724194d87

SHA1
a30ee8845d5195291e76d14989a76e52e4845066

SHA256
935e2cbdf455c4bb083b610b9d71182fe0cf703d3d6a35609e32db807de2004d

SHA512
bbaafa76be71c9f6b303ddbd1ac803c8fed98024bf1dc13dfa82bcff6e20ab5f8f8e99f756dada98503cba1bc38bb1e0443bbf86832a5af2f55d49daf6382d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d2471499b90cc24d7ad4905667baae2

SHA1
c8379eabef1cebf2f0940d6dcddb08e9e4d4187f

SHA256
61503bdacb11c825b3c4b691aafc061699a1984991c6b5c1151f3f539c5f35dc

SHA512
11a0603bbfd8716f74790be00ba4e38722423e9f34de11bce7dd98de7976d6ac45c9ed29e5bd413ca23623fc3ad8bcbaa56d10035ce1536e4467a8867cf5856c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24b782682078f214af57b65af7a19024

SHA1
bc24feeb522987551d3b76c2f6815265146e2033

SHA256
203c04679892746863739a7863eab581c1c0a0853e40d1f5e3e32ed2e86bf62f

SHA512
3590a1008296a7bdc42e73e49e21f5c40a22f14c558b1a10fdb19f37eb2e5a2bb4d9c53093338b806135e5268f20d12d29fc81528a72b85771a1927c2a2c6bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed950f2feba39c4aafb47916bb3c02a9

SHA1
85486cd88ed2cad3b75cc0b1801b5d16f669e58c

SHA256
19b0f8f79e022cb72767899d88521c70f23f70f3abd886f0410fac2e4b0ad159

SHA512
6aa2bece9b4c719d6c79c44613e33aeabfd44a2daa390559be0442c4336f0ef1505fe7c4554f9336f615fc7d1e940f7ae30ac263423378b343da941ef267be0d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request