hxxps://cinecalidad[.]run/

Analysis

max time kernel
77s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20221111-es
resource tags

arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02/02/2023, 16:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cinecalidad.run/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\ = "79"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\Total = "135"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "44"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\ = "135"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "133"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31012651"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "135"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "426802934"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31012651"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\Total = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\Total = "79"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\ = "133"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\Total = "133"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "426802934"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\ = "44"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "418825167"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901f7a1b2b37d901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\es-ES = "es-ES.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\ = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\ = "97"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "418825167"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ce8d1b2b37d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\Total = "97"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c974800000000020000000000106600000001000020000000b90ada2a0167ba448effa1731100573d64444daea2964ff6395242c89ab1dec1000000000e800000000200002000000073dd486f07eb6726eb6f08f37b8b18d60badc3cf24dbbe67faf96632d86b821e2000000044509c05e4271212f468b1a9946695df69d6ad48bd572be6632ae698e8a102fe40000000ae4d32b5ecab310be0c8f1c11d5d8af4f22f37e553a8859c54ec5486b9d6c979b4ee36c6f7c223e5beb83f175e2aba0e5bfe0a625a7c79724b825de42bb26a9d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382123565"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{43E6C9E4-A31E-11ED-91A0-CEB36A8C09D5} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "97"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31012651"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c974800000000020000000000106600000001000020000000163da19df442ede641f65057a32863b5601a1e26abc87e248bf7265b86315a7a000000000e800000000200002000000038986b667b6e9edfba411bc646416af4835b8a8f0b00bd39b7247e30255ba02a20000000457ac26fd655fa8973b844a877c564d27de310ec701a651f94cb0c76f851243340000000c6e96967b531e2e604a86a5592ac2731bd70e2b19ebf36368d11eebac5648fc329b1321a1f023bdc28840e5362b10a9e01a8e41fe3200833eb01c55baa150a55	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\cinecalidad.run\Total = "44"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5032	iexplore.exe
5032	iexplore.exe
4992	IEXPLORE.EXE
4992	IEXPLORE.EXE
4992	IEXPLORE.EXE
4992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 4992	5032	iexplore.exe	81
PID 5032 wrote to memory of 4992	5032	iexplore.exe	81
PID 5032 wrote to memory of 4992	5032	iexplore.exe	81

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cinecalidad.run/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4992

Network

DNS

cinecalidad.run

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cinecalidad.run

IN A

Response

cinecalidad.run

IN A

104.21.234.203

cinecalidad.run

IN A

104.21.234.202
GET

https://cinecalidad.run/

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET / HTTP/2.0
host: cinecalidad.run
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: on
link: <https://cinecalidad.run/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J14RprVpKUn75p9FW5aVshXlRmq2fnME8bikTWuZteOjog%2BpEo6RMQoPVJ0JDBM7tHpGP3ktZVPvQkHLcVXzMDZ6H%2BekrzyoIEj1V%2FY7kAO7Jf8ljtc%2BzlCUvPcYNaznaOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79344527eb141afd-AMS
content-encoding: gzip
GET

https://cinecalidad.run/wp-content/litespeed/css/e85ac847e8df1a86184f3e264e9a2778.css?ver=a8853

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/litespeed/css/e85ac847e8df1a86184f3e264e9a2778.css?ver=a8853 HTTP/2.0
host: cinecalidad.run
accept: text/css, */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=175573
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=16070400
expires: Sun, 05 Feb 2023 19:17:27 GMT
last-modified: Sun, 29 Jan 2023 19:17:18 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 335148
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EK4qplOREwcFNiem6Nm1G1T1EG3eBuUNApPssCi4rp6o9hBl8g4hqFAe6vV%2FO6X3KaNQPFmrXMk6vIFBdWalvkiW2492E0bsaQQRnc0I8d00BjqQyCVh%2BnRn91%2F%2B1ft%2FtsE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934452dd9c31afd-AMS
content-encoding: gzip
GET

https://cinecalidad.run/wp-content/litespeed/css/356d410a0b28acbae14c546e482fa4b3.css?ver=fa4b3

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/litespeed/css/356d410a0b28acbae14c546e482fa4b3.css?ver=fa4b3 HTTP/2.0
host: cinecalidad.run
accept: text/css, */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=175383
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=16070400
expires: Sun, 05 Feb 2023 21:54:43 GMT
last-modified: Sun, 29 Jan 2023 21:54:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 325712
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V0aNKTLm8%2Bxr0hpK0Ac7GH23HHIUwULvcjHAz8z0GCK398KiyQbptzK5vphUAo%2BAUOKnKb0glG%2BFS2JCyqK2%2FtJtkx4LSqkXKLg75epW1%2Fquz1ppJeyUdanVKgWLHzCKmTw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934452dd9c51afd-AMS
content-encoding: gzip
GET

https://cinecalidad.run/wp-content/litespeed/css/4230384dd851d7865e9fd1a231f409bf.css?ver=7232f

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/litespeed/css/4230384dd851d7865e9fd1a231f409bf.css?ver=7232f HTTP/2.0
host: cinecalidad.run
accept: text/css, */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: text/css
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=16070400
expires: Mon, 06 Feb 2023 03:34:44 GMT
last-modified: Mon, 30 Jan 2023 03:34:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 305312
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HK63Bk3CDdiSIeZagEjQAPutK4mzfjWz1j2dJjsHyAQ%2BqQGAVmGRlB95SNXCEOVSWBXwm9uv3pcmaAhJ7Vif3M7vNkHdRwPnmlKR6dhnNdtbc745kHyJkx67CFxOT9wQ%2F%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934452e5a761afd-AMS
content-encoding: gzip
GET

https://cinecalidad.run/wp-content/litespeed/css/1885658c142531b2cbc74e7d9abce007.css?ver=63942

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/litespeed/css/1885658c142531b2cbc74e7d9abce007.css?ver=63942 HTTP/2.0
host: cinecalidad.run
accept: text/css, */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=217
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=16070400
expires: Sun, 05 Feb 2023 21:54:43 GMT
last-modified: Sun, 29 Jan 2023 21:54:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 325712
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bS32LPEnAO8Akm9ldr9U7ahXAdiGOWF2xnDjfP1PLHzla7%2FQiq%2F91ZpCrZiPJKMBzycnvLdLt0oebrIlLn%2Bz4JFZ%2BAVwMqtEGa3HZGAXeVbFtc0EN4TyBTiJsH58zsIcwS8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934452e4a631afd-AMS
content-encoding: gzip
GET

https://cinecalidad.run/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load-native.min.js?ver=3.8.4

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load-native.min.js?ver=3.8.4 HTTP/2.0
host: cinecalidad.run
accept: application/javascript, */*;q=0.8
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: application/javascript
content-length: 4149
cache-control: public, max-age=16070400
expires: Sun, 05 Feb 2023 21:54:43 GMT
last-modified: Tue, 21 Jun 2022 06:20:33 GMT
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 325712
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iRj%2Bk67FThM98%2FjRW2DAsJB69rrpI7dKGMfdZzTGG7wuX4yogBSfd5mH4k4%2B6rfIU5KZLAVM2B4Gh4Ndlq5T0rv%2BpfxmIJEUy%2FhpKFG9jKFboTX6V4ZxXHJtCfXqjxHZehk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934452e5a7e1afd-AMS
GET

https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/js/void.js?ver=6.1.1

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/themes/Cinecalidad/assets/js/void.js?ver=6.1.1 HTTP/2.0
host: cinecalidad.run
accept: application/javascript, */*;q=0.8
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: application/javascript
content-length: 27
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=16070400
expires: Fri, 03 Feb 2023 15:55:44 GMT
last-modified: Tue, 21 Jun 2022 06:20:35 GMT
cf-cache-status: HIT
age: 520050
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=el3sAqA5LzH3jinr4DOPxuj0XM1kZCqoaGsnyAwojGsR%2BcHDHzEq80%2Bzh1EH97vnGzXGBbvkSVboy5R3RuAfcRg%2B3Q%2BzyXvkeUM3y%2FVB1HRN%2B2sCZ312nOdVJCzKWOn3Po8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7934452e6a811afd-AMS
GET

https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/js/bundle.js?v=1.10?v=0.01825800%201675351439

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/themes/Cinecalidad/assets/js/bundle.js?v=1.10?v=0.01825800%201675351439 HTTP/2.0
host: cinecalidad.run
accept: application/javascript, */*;q=0.8
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:14 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3782
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=16070400
expires: Thu, 09 Feb 2023 15:26:04 GMT
last-modified: Tue, 21 Jun 2022 06:20:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3430
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IhGxYt8q3TJl%2Fn3Np8LrgPF6Tct7g8YDoW5rpql0pBGLE%2FEzripF%2BuKgT50UjAhqu%2BX57uo7S%2F1DCZMX9jsYc6Cbu7Cpv0BTR0p33rwsJqvu2HFYala7dHA93BvoWiCUx68%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7934452e7a951afd-AMS
content-encoding: gzip
GET

https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-brands-400.eot?

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/themes/Cinecalidad/assets/webfonts/fa-brands-400.eot? HTTP/2.0
host: cinecalidad.run
accept: */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://cinecalidad.run
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:15 GMT
content-type: image/webp
content-length: 11842
cache-control: public, max-age=16070400
expires: Thu, 09 Feb 2023 11:25:12 GMT
last-modified: Thu, 02 Feb 2023 03:00:26 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 17883
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFY35vlycCm%2B9IV6r5TVEgWFBbGgl%2Beof88HwMSQaFH3wV74ePTQr08QenQlXNtBPcgXM%2FCKxZg3jfNSSW9XRrHTYAsByG0WoJRFNLGoB3Xo0txNEs9DQgWJhUO7j9EGW3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79344532cfeb1afd-AMS
GET

https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-light-300.eot?

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/themes/Cinecalidad/assets/webfonts/fa-light-300.eot? HTTP/2.0
host: cinecalidad.run
accept: */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://cinecalidad.run
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:16 GMT
content-type: application/vnd.ms-fontobject
content-length: 92374
last-modified: Tue, 21 Jun 2022 06:20:35 GMT
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=16070400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wkgArRGej37mbsMhphUWVq7K9EkhgrrRO3%2BcxM8BNfPgLA83UGl43s5v8lhqK7HD0hZivVkmCOAUXvSCb%2BjPMwybsItFDjWe4zCOOlCRdaPR%2BfCffuFI%2BNadQ3h%2Bh7ovE8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793445317e2e1afd-AMS
GET

https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-regular-400.eot?

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/themes/Cinecalidad/assets/webfonts/fa-regular-400.eot? HTTP/2.0
host: cinecalidad.run
accept: */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://cinecalidad.run
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:16 GMT
content-type: application/vnd.ms-fontobject
content-length: 190463
last-modified: Tue, 21 Jun 2022 06:20:35 GMT
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=16070400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xmxOKhpBM%2BWmRV8obS4a5FwmVLEQJymxUaEna3kS9KkVQXFobuVUDrGHtxYgpmV26iJRXaAyE0vG%2BSYCichSt0TwZoMviDZacNdlciqYmQkKtxpT18PNahiY1el9PEmBu7M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79344531ce8d1afd-AMS
GET

https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-solid-900.eot?

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/themes/Cinecalidad/assets/webfonts/fa-solid-900.eot? HTTP/2.0
host: cinecalidad.run
accept: */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://cinecalidad.run
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:16 GMT
content-type: application/vnd.ms-fontobject
content-length: 232304
last-modified: Tue, 21 Jun 2022 06:20:35 GMT
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=16070400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6S5poFSasZAD0WwX26vm%2BdWKusEgZWHXv335iohvNCL7WouWVW%2BFgTsl0ddG8%2BzkIgxx8Z5TQLCy3Gvzly7qgRoUHUTrzOJFc3%2FyTf9C5bZ3q3rBdXZcUGR%2FN6QUYUfeok%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79344531ce8c1afd-AMS
GET

https://cinecalidad.run/wp-content/webp-express/webp-images/uploads/2023/02/kep70QHsWAV3ayS4nHKbwvdr9nc-234x327.jpg.webp

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/webp-express/webp-images/uploads/2023/02/kep70QHsWAV3ayS4nHKbwvdr9nc-234x327.jpg.webp HTTP/2.0
host: cinecalidad.run
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:16 GMT
content-type: application/vnd.ms-fontobject
content-length: 253502
last-modified: Tue, 21 Jun 2022 06:20:35 GMT
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=16070400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwPRf50U4CtfL1tvAdJH29AMrd28YwWChrcc8QNkCrD7QwT%2BSs%2BNbVPHOfSLmAlPFnsW0%2Fhdr9lDKI6z26KPcbOElX0VWx0Pd%2BjAKId5b2uZxm8wP%2BKt9guZrx4tM4%2BoR2Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79344531be751afd-AMS
GET

https://cinecalidad.run/wp-content/uploads/2021/11/favicon-de-cinecalidad-150x150.png

IEXPLORE.EXE

Remote address:

104.21.234.203:443

Request

GET /wp-content/uploads/2021/11/favicon-de-cinecalidad-150x150.png HTTP/2.0
host: cinecalidad.run
accept: */*
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:17 GMT
content-type: image/png
content-length: 7219
cache-control: public, max-age=16070400
expires: Sun, 05 Feb 2023 22:50:45 GMT
last-modified: Tue, 21 Jun 2022 06:20:44 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 322353
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=On10eVjhOXdZgta%2Fb2XPYBLEDdZC%2BOY6C9ZHh9mUgCurN3LwieNszSOvGOrXE9uuozkU04tWeJM%2Fudq2SYSIr%2BM8atOoQN57tMA7vo%2BF9ZvK9WtMfXeaHXec0n%2BwP9hsVtM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7934453f18101afd-AMS
DNS

cdn.cinecalidad.lol

iexplore.exe

Remote address:

8.8.8.8:53

Request

cdn.cinecalidad.lol

IN A

Response
DNS

cdn.ww2.cinecalidad.link

iexplore.exe

Remote address:

8.8.8.8:53

Request

cdn.ww2.cinecalidad.link

IN A

Response
DNS

image.tmdb.org

iexplore.exe

Remote address:

8.8.8.8:53

Request

image.tmdb.org

IN A

Response

image.tmdb.org

IN CNAME

tmdb-image-prod.b-cdn.net

tmdb-image-prod.b-cdn.net

IN A

169.150.236.97
DNS

ardslediana.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ardslediana.com

IN A

Response

ardslediana.com

IN A

139.45.197.236
DNS

cdn.jsdelivr.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

cdn.jsdelivr.net.cdn.cloudflare.net

cdn.jsdelivr.net.cdn.cloudflare.net

IN A

104.16.88.20

cdn.jsdelivr.net.cdn.cloudflare.net

IN A

104.16.85.20

cdn.jsdelivr.net.cdn.cloudflare.net

IN A

104.16.89.20

cdn.jsdelivr.net.cdn.cloudflare.net

IN A

104.16.86.20

cdn.jsdelivr.net.cdn.cloudflare.net

IN A

104.16.87.20
GET

https://ardslediana.com/5/4854578

IEXPLORE.EXE

Remote address:

139.45.197.236:443

Request

GET /5/4854578 HTTP/2.0
host: ardslediana.com
accept: application/javascript, */*;q=0.8
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Thu, 02 Feb 2023 16:23:15 GMT
content-type: application/javascript
x-trace-id: e74642ce56ab233374f6167ee1c95d56
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=f9ab161cb0d54f3b913af2914914cb87; expires=Fri, 02 Feb 2024 16:23:15 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1675354995; expires=Fri, 02 Feb 2024 16:23:15 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
GET

https://cdn.jsdelivr.net/npm/vanilla-lazyload@17.5.0/dist/lazyload.min.js

IEXPLORE.EXE

Remote address:

104.16.88.20:443

Request

GET /npm/vanilla-lazyload@17.5.0/dist/lazyload.min.js HTTP/2.0
host: cdn.jsdelivr.net
accept: application/javascript, */*;q=0.8
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Thu, 02 Feb 2023 16:23:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 2891
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 17.5.0
x-jsd-version-type: version
etag: W/"2064-oi+c7JJTK/ZiiPmw9llPJzhqJ/I"
content-encoding: gzip
age: 20657142
x-served-by: cache-fra19171-FRA, cache-ams21057-AMS
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjRK8wROFtH%2FHv8c5SzNSWoBoNRyL8wKdIEsbZwyKbTM9gWCgKbbABorpj0yJ1%2BaCSUVOYOwIpF6tx9jJ8HrU3DAcZsCZnXsA1BrstPab799HGgSd45vV9DMikuW9ZrihHU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79344530f878b718-AMS
DNS

nanouwho.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

nanouwho.com

IN A

Response

nanouwho.com

IN A

139.45.197.242
GET

https://nanouwho.com/1?z=4907427

IEXPLORE.EXE

Remote address:

139.45.197.242:443

Request

GET /1?z=4907427 HTTP/2.0
host: nanouwho.com
accept: application/javascript, */*;q=0.8
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 404

server: nginx
date: Thu, 02 Feb 2023 16:23:15 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 525d1a5874579cb0fb36e9149b739169
access-control-expose-headers: X-Sc
x-sc: 4KdnrdofxFOHMlcU
set-cookie: scm=1; expires=Fri, 02 Feb 2024 16:23:15 GMT; secure; SameSite=None
DNS

my.rtmark.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

my.rtmark.net

IN A

Response

my.rtmark.net

IN A

139.45.195.8
GET

https://my.rtmark.net/gid.js?userId=f9ab161cb0d54f3b913af2914914cb87

IEXPLORE.EXE

Remote address:

139.45.195.8:443

Request

GET /gid.js?userId=f9ab161cb0d54f3b913af2914914cb87 HTTP/2.0
host: my.rtmark.net
accept: */*
referer: https://cinecalidad.run/
accept-language: es-ES,es;q=0.5
origin: https://cinecalidad.run
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

server: nginx
date: Thu, 02 Feb 2023 16:23:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://cinecalidad.run
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=f9ab161cb0d54f3b913af2914914cb87; expires=Fri, 02 Feb 2024 16:23:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
GET

https://ieonline.microsoft.com/iedomainsuggestions/ie11/suggestions.es-ES

iexplore.exe

Remote address:

204.79.197.200:443

Request

GET /iedomainsuggestions/ie11/suggestions.es-ES HTTP/2.0
host: ieonline.microsoft.com
accept: */*
ua-cpu: AMD64
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
cookie: _EDGE_V=1; MUID=0775A1278FC36B6B2CB6B37E8E6F6A18; MUIDB=0775A1278FC36B6B2CB6B37E8E6F6A18

Response

HTTP/2.0 200

cache-control: public, max-age=3600
content-length: 19132
content-type: application/octet-stream
etag: WeBSg+BMbAJS0rddUUG6Ytc+nfk=
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: SUID=M; domain=.microsoft.com; expires=Fri, 03-Feb-2023 04:24:18 GMT; path=/; HttpOnly
set-cookie: _EDGE_S=SID=24151CD95C33699A1A6C0E755DDE68BE; domain=.microsoft.com; path=/; HttpOnly
set-cookie: MUIDB=0775A1278FC36B6B2CB6B37E8E6F6A18; expires=Tue, 27-Feb-2024 16:24:18 GMT; path=/; HttpOnly
set-cookie: SRCHD=AF=NOFORM; domain=.microsoft.com; expires=Sun, 02-Feb-2025 16:24:18 GMT; path=/
set-cookie: SRCHUID=V=2&GUID=7D324935EC0D45A99AF831A9845995DE&dmnchg=1; domain=.microsoft.com; expires=Sun, 02-Feb-2025 16:24:18 GMT; path=/
set-cookie: SRCHUSR=DOB=20230202; domain=.microsoft.com; expires=Sun, 02-Feb-2025 16:24:18 GMT; path=/
set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.microsoft.com; expires=Sun, 02-Feb-2025 16:24:18 GMT; path=/
set-cookie: _SS=SID=24151CD95C33699A1A6C0E755DDE68BE; domain=.microsoft.com; path=/
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D49A9A767BF64EA28064C60BBC2C6B0E Ref B: AMS04EDGE3318 Ref C: 2023-02-02T16:24:18Z
date: Thu, 02 Feb 2023 16:24:17 GMT

104.21.234.203:443

https://cinecalidad.run/wp-content/uploads/2021/11/favicon-de-cinecalidad-150x150.png

tls, http2

IEXPLORE.EXE

35.7kB
916.5kB
734
722

HTTP Request

GET https://cinecalidad.run/

HTTP Response

200

HTTP Request

GET https://cinecalidad.run/wp-content/litespeed/css/e85ac847e8df1a86184f3e264e9a2778.css?ver=a8853

HTTP Request

GET https://cinecalidad.run/wp-content/litespeed/css/356d410a0b28acbae14c546e482fa4b3.css?ver=fa4b3

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cinecalidad.run/wp-content/litespeed/css/4230384dd851d7865e9fd1a231f409bf.css?ver=7232f

HTTP Request

GET https://cinecalidad.run/wp-content/litespeed/css/1885658c142531b2cbc74e7d9abce007.css?ver=63942

HTTP Request

GET https://cinecalidad.run/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load-native.min.js?ver=3.8.4

HTTP Request

GET https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/js/void.js?ver=6.1.1

HTTP Request

GET https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/js/bundle.js?v=1.10?v=0.01825800%201675351439

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-brands-400.eot?

HTTP Request

GET https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-light-300.eot?

HTTP Request

GET https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-regular-400.eot?

HTTP Request

GET https://cinecalidad.run/wp-content/themes/Cinecalidad/assets/webfonts/fa-solid-900.eot?

HTTP Request

GET https://cinecalidad.run/wp-content/webp-express/webp-images/uploads/2023/02/kep70QHsWAV3ayS4nHKbwvdr9nc-234x327.jpg.webp

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cinecalidad.run/wp-content/uploads/2021/11/favicon-de-cinecalidad-150x150.png

HTTP Response

200
104.21.234.203:443

cinecalidad.run

tls, http2

IEXPLORE.EXE

1.1kB
5.4kB
15
11
72.21.91.29:80

322 B
7
139.45.197.236:443

https://ardslediana.com/5/4854578

tls, http2

IEXPLORE.EXE

2.3kB
31.0kB
36
32

HTTP Request

GET https://ardslediana.com/5/4854578

HTTP Response

200
139.45.197.236:443

ardslediana.com

tls, http2

IEXPLORE.EXE

1.2kB
5.4kB
16
14
104.16.88.20:443

https://cdn.jsdelivr.net/npm/vanilla-lazyload@17.5.0/dist/lazyload.min.js

tls, http2

IEXPLORE.EXE

1.4kB
7.2kB
18
13

HTTP Request

GET https://cdn.jsdelivr.net/npm/vanilla-lazyload@17.5.0/dist/lazyload.min.js

HTTP Response

200
104.16.88.20:443

cdn.jsdelivr.net

tls, http2

IEXPLORE.EXE

953 B
3.2kB
12
8
139.45.197.242:443

nanouwho.com

tls, http2

IEXPLORE.EXE

1.2kB
5.5kB
17
14
139.45.197.242:443

https://nanouwho.com/1?z=4907427

tls, http2

IEXPLORE.EXE

1.4kB
5.9kB
17
14

HTTP Request

GET https://nanouwho.com/1?z=4907427

HTTP Response

404
139.45.195.8:443

https://my.rtmark.net/gid.js?userId=f9ab161cb0d54f3b913af2914914cb87

tls, http2

IEXPLORE.EXE

1.6kB
8.8kB
20
17

HTTP Request

GET https://my.rtmark.net/gid.js?userId=f9ab161cb0d54f3b913af2914914cb87

HTTP Response

200
139.45.195.8:443

my.rtmark.net

tls, http2

IEXPLORE.EXE

1.3kB
8.2kB
18
15
72.21.81.240:80

322 B
7
72.21.81.240:80

322 B
7
104.80.225.205:443

322 B
7
40.79.141.152:443

322 B
7
72.21.81.240:80

322 B
7
72.21.81.240:80

322 B
7
72.21.81.240:80

322 B
7
204.79.197.200:443

https://ieonline.microsoft.com/iedomainsuggestions/ie11/suggestions.es-ES

tls, http2

iexplore.exe

2.4kB
29.6kB
37
36

HTTP Request

GET https://ieonline.microsoft.com/iedomainsuggestions/ie11/suggestions.es-ES

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.2kB
8.1kB
15
14

8.8.8.8:53

cinecalidad.run

dns

IEXPLORE.EXE

61 B
93 B
1
1

DNS Request

cinecalidad.run

DNS Response

104.21.234.203

104.21.234.202
8.8.8.8:53

cdn.cinecalidad.lol

dns

iexplore.exe

65 B
127 B
1
1

DNS Request

cdn.cinecalidad.lol
8.8.8.8:53

cdn.ww2.cinecalidad.link

dns

iexplore.exe

70 B
132 B
1
1

DNS Request

cdn.ww2.cinecalidad.link
8.8.8.8:53

image.tmdb.org

dns

iexplore.exe

60 B
115 B
1
1

DNS Request

image.tmdb.org

DNS Response

169.150.236.97
8.8.8.8:53

ardslediana.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ardslediana.com

DNS Response

139.45.197.236
8.8.8.8:53

cdn.jsdelivr.net

dns

IEXPLORE.EXE

62 B
188 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

104.16.88.20

104.16.85.20

104.16.89.20

104.16.86.20

104.16.87.20
8.8.8.8:53

nanouwho.com

dns

IEXPLORE.EXE

58 B
74 B
1
1

DNS Request

nanouwho.com

DNS Response

139.45.197.242
8.8.8.8:53

my.rtmark.net

dns

IEXPLORE.EXE

59 B
75 B
1
1

DNS Request

my.rtmark.net

DNS Response

139.45.195.8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
8795643bd9448f355f1e817b1beb8f13

SHA1
fc5afcd5dc1c57ec501109cb987bec2e7b628514

SHA256
c9a53a6962ee0ada77bad358699a886e9d54243a3ae24cc182acfeaef4dba134

SHA512
4a8bc9001359c55a68bb329ef000ea7506c003ef6a98d57d769ca020758bcde63d52b03add74e39294b7b0c52abb9a07ff6ec3bd1e66f9eca0e0675b2b9cd2f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
7769a9ea58dc9b84a4a2f437574f4bff

SHA1
08eac6d47ec4f3997b1c94b4eb5ea7e76ecd198f

SHA256
eac1da05912b5385e337cdf06fcf83e006bfb246cab99789d5a42f7a33eb4887

SHA512
5e2fa8c1b5ef869ae5469bbb7399fb848d5cf20c8a2b8bb217ed9437b84a725f05ad1243f92da750a008c011531b4ea64875554fd5c524b86f2e7b13182291c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\xyoggsx\imagestore.dat

Filesize
7KB

MD5
9f9dfa6e50e89d6a77a77eea6171b8a2

SHA1
55acb3add7b4b6c6d4c4b5aec66bdf30a354d461

SHA256
131d3e31af22144751ba4d33a3675ee5e876fcf1aaa8295c3bc42a716af9e986

SHA512
216b71a877e6254e4425300bb6c5ae82c80d1177c30c8b7417bdc181a7a5053f6d5243ccfb68aaa4d0978a9fa3681597a97d88f060895621ad73c4ad9eddba37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.