dbdcc0671628859c105b5a3a13f3c2a95f0ff1c7a1d7e4e13e694ed880b06adb

Analysis

max time kernel
121s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a1e3f77dea44597e4ae37131e7ee65b.html
Size

15KB
MD5

0a1e3f77dea44597e4ae37131e7ee65b
SHA1

97b63b292f268fe9af5a56b9964a10bbab49a6bd
SHA256

dbdcc0671628859c105b5a3a13f3c2a95f0ff1c7a1d7e4e13e694ed880b06adb
SHA512

8ea564f0926bdc6dcd3e8991f0b99b6e54dd1c5e24744fa876b40759b629eb1083f775f7ec76246c4f241f898ae681128d07d588434daef1045970cf6ebbe48a
SSDEEP

384:dIAySGmimo/6Un6A1J6n5iOe3eNMWIDijL7:HGBR/J/9ONXIDS7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079205"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025ba558cff15364f83b59eef6d4e53a400000000020000000000106600000001000020000000df62d401b2dd2c99369ccbddd9cf180762de84c5c2ef588ae15315b3a9dff4b3000000000e8000000002000020000000bd058485e47d1aa4ab8127e8cb732a75dc7e095b0c28deb17ab45e9459dfa4a72000000021241a7ddbce8fcdbbc21e5953f3184ded83522d91df8a80362255c4c73bbc3d400000005db30e59a86dede7dacaa061de849f4a1a359e8c32ca1139c5ec0a062847b95689eaab514bb2ddc56cf4efe948f56c7b2166d267853a4a5df2fc0c0d5cbfa24c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00034eb8253bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410708557"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3030251078"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025ba558cff15364f83b59eef6d4e53a4000000000200000000001066000000010000200000003e0554d812a08236cd1f15d6352f4d18f543a57797070845d93a3de4058ffbfe000000000e8000000002000020000000081f00ba22c50dd0a72b2538449493fd64f8488177438dd7dac02c66656036e820000000b8ea2d3f00a77cb95d7ce2a82d0d84a75d7d7b24e11b8f919b9839dda27132c640000000cf8aff29ad1da21322fd4c1f00ee570351fcbdafe5ac5ef5cf457afd7a20c1323a991649c0f766c4cb840cca9c801fee5023d71263c54cf4e8e5b80327d8d0e2	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02e55b8253bda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079205"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3031188075"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3031188075"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3030251078"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079205"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DFFB2F45-A718-11EE-9963-76CF25FE979C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079205"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
4576	IEXPLORE.EXE
4576	IEXPLORE.EXE
4576	IEXPLORE.EXE
4576	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 4576	2844	iexplore.exe	16
PID 2844 wrote to memory of 4576	2844	iexplore.exe	16
PID 2844 wrote to memory of 4576	2844	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0a1e3f77dea44597e4ae37131e7ee65b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4576

Network

DNS

json.stringengines.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

json.stringengines.com

IN A

Response

json.stringengines.com

IN A

81.17.29.146
DNS

s.w.org

iexplore.exe

Remote address:

8.8.8.8:53

Request

s.w.org

IN A

Response

s.w.org

IN A

192.0.77.48
DNS

shasha.lt

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

shasha.lt

IN A

Response

shasha.lt

IN A

92.204.68.34
DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A

Response

coinhive.com

IN A

104.21.57.186

coinhive.com

IN A

172.67.165.117
DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A
GET

https://json.stringengines.com/pson.js?n=1

IEXPLORE.EXE

Remote address:

81.17.29.146:443

Request

GET /pson.js?n=1 HTTP/2.0
host: json.stringengines.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Sat, 30 Dec 2023 13:39:43 GMT
location: http://ww1.stringengines.com
server: Cowboy
set-cookie: sid=e36b439c-a718-11ee-8161-9c69fa2c90aa; path=/; domain=.stringengines.com; expires=Thu, 17 Jan 2092 16:53:50 GMT; max-age=2147483647; secure; HttpOnly
DNS

0.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

0.gravatar.com

IN A

Response

0.gravatar.com

IN A

192.0.73.2
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-8-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-8-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 25 Jul 2021 01:53:38 GMT
ETag: "c5a0f9e-79d6-5c7e8e7bfcc80"
Accept-Ranges: bytes
Content-Length: 31190
Keep-Alive: timeout=5
Content-Type: image/jpeg
GET

http://shasha.lt/wp-includes/js/wp-emoji-release.min.js?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:44 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:51 GMT
ETag: "c5c0f96-2ea7-5c7e8e88629c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4347
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
GET

http://shasha.lt/wp-content/themes/philomina/assets/fonts/fontawesome-webfont.eot?

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/fonts/fontawesome-webfont.eot? HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:44 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:30 GMT
ETag: "c5a017b-10d0b-5c7e8e745ba80"
Accept-Ranges: bytes
Content-Length: 68875
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/vnd.ms-fontobject
GET

http://shasha.lt/wp-content/themes/philomina/assets/fonts/fontawesome-webfont.woff?v=4.5.0

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/fonts/fontawesome-webfont.woff?v=4.5.0 HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:45 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:30 GMT
ETag: "c5a019b-13d84-5c7e8e745ba80"
Accept-Ranges: bytes
Content-Length: 81284
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: font/woff
GET

http://shasha.lt/wp-content/themes/philomina/assets/fonts/fontawesome-webfont.ttf?v=4.5.0

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/fonts/fontawesome-webfont.ttf?v=4.5.0 HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:45 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:30 GMT
ETag: "c5a0194-21bdc-5c7e8e745ba80"
Accept-Ranges: bytes
Content-Length: 138204
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: font/ttf
GET

http://shasha.lt/wp-content/themes/philomina/assets/img/preloader.GIF

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/img/preloader.GIF HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 25 Jul 2021 01:53:30 GMT
ETag: "c5a01c8-39b2-5c7e8e745ba80"
Accept-Ranges: bytes
Content-Length: 14770
Keep-Alive: timeout=5
Content-Type: image/gif
GET

http://shasha.lt/wp-content/themes/philomina/assets/js/custom.js?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/js/custom.js?ver=4.9.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 25 Jul 2021 01:53:31 GMT
ETag: "c5a01d5-aaa-5c7e8e754fcc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 954
Keep-Alive: timeout=5
Content-Type: application/javascript
GET

http://shasha.lt/wp-content/themes/philomina/style.css?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/style.css?ver=4.9.13 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:31 GMT
ETag: "c5a0158-4d92-5c7e8e754fcc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4069
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
GET

http://shasha.lt/wp-content/themes/philomina/assets/fonts/font-awesome.css?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/fonts/font-awesome.css?ver=4.9.13 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:30 GMT
ETag: "c5a0172-819b-5c7e8e745ba80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6579
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
GET

http://shasha.lt/wp-content/themes/philomina/assets/js/fancybox/jquery.fancybox.css?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/js/fancybox/jquery.fancybox.css?ver=4.9.13 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:31 GMT
ETag: "c5a0213-131f-5c7e8e754fcc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1423
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
GET

http://shasha.lt/wp-content/themes/philomina/assets/js/html5shiv.js?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/js/html5shiv.js?ver=4.9.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:31 GMT
ETag: "c5a01dc-285b-5c7e8e754fcc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3122
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
GET

http://shasha.lt/wp-includes/js/jquery/jquery.js?ver=1.12.4

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:47 GMT
ETag: "c5c10fe-17a6a-5c7e8e84920c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33776
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-2-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-2-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0e70-4c45-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 19525
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-4-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-4-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0ecf-6469-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 25705
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-5-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-5-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0f00-9abc-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 39612
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-4-720x800.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-4-720x800.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:44 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0ee1-28e43-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 167491
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
GET

http://0.gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 0.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sat, 30 Dec 2023 13:39:40 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://0.gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g
GET

https://0.gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g HTTP/2.0
host: 0.gravatar.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
date: Sat, 30 Dec 2023 13:39:42 GMT
content-type: image/jpeg
content-length: 1665
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="051b200610a39efcc8a0ac3cdcffa3b2.png"
expires: Sat, 30 Dec 2023 13:44:42 GMT
cache-control: max-age=300
x-nc: MISS lhr 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
GET

http://shasha.lt/wp-content/themes/philomina/assets/js/fancybox/jquery.fancybox.js?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/themes/philomina/assets/js/fancybox/jquery.fancybox.js?ver=4.9.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 25 Jul 2021 01:53:31 GMT
ETag: "c5a0219-be42-5c7e8e754fcc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13922
Keep-Alive: timeout=5
Content-Type: application/javascript
GET

http://shasha.lt/wp-includes/js/comment-reply.min.js?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-includes/js/comment-reply.min.js?ver=4.9.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:51 GMT
ETag: "c5c0df5-434-5c7e8e88629c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 580
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-1-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-1-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0e42-5f78-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 24440
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-3-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-3-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0e9b-583e-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 22590
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-6-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-6-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0f37-7849-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 30793
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
GET

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-7-200x300.jpg

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-7-200x300.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Sun, 25 Jul 2021 01:53:37 GMT
ETag: "c5a0f6f-502f-5c7e8e7b08a40"
Accept-Ranges: bytes
Content-Length: 20527
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
GET

http://shasha.lt/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 25 Jul 2021 01:53:48 GMT
ETag: "c5c10d0-2748-5c7e8e8586300-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4014
Keep-Alive: timeout=5
Content-Type: application/javascript
GET

http://shasha.lt/wp-includes/js/wp-embed.min.js?ver=4.9.13

IEXPLORE.EXE

Remote address:

92.204.68.34:80

Request

GET /wp-includes/js/wp-embed.min.js?ver=4.9.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: shasha.lt
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 13:39:40 GMT
Server: Apache
Last-Modified: Tue, 16 May 2023 21:30:27 GMT
ETag: "c5c0f84-5a3-5fbd647a746f9-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 777
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

34.68.204.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.68.204.92.in-addr.arpa

IN PTR
DNS

34.68.204.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.68.204.92.in-addr.arpa

IN PTR
DNS

34.68.204.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.68.204.92.in-addr.arpa

IN PTR
DNS

34.68.204.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.68.204.92.in-addr.arpa

IN PTR
DNS

2.73.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.73.0.192.in-addr.arpa

IN PTR

Response
GET

https://coinhive.com/lib/coinhive.min.js

IEXPLORE.EXE

Remote address:

104.21.57.186:443

Request

GET /lib/coinhive.min.js HTTP/2.0
host: coinhive.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Sat, 30 Dec 2023 13:39:42 GMT
content-type: application/x-javascript
content-length: 1115
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: gzip
etag: "806233d282cfd71:0"
last-modified: Tue, 02 Nov 2021 00:44:41 GMT
set-cookie: ARRAffinity=9e8cb613e3f62a6ed8089584fcaf119324905ad19d8378a0be1a35f0477c8196;Path=/;HttpOnly;Secure;Domain=coinhive.com
set-cookie: ARRAffinitySameSite=9e8cb613e3f62a6ed8089584fcaf119324905ad19d8378a0be1a35f0477c8196;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
vary: Accept-Encoding
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iO9MtxU1H3R%2BtSpr38f%2BqDVPIPFXBV62aYSy2kxDpN8NuzAA8gWQamip7ItnP6OrnqSUNv2MUsZaPCw6sO4PVFdEqxK%2BhpnjUJfoUyqCw9RHN2oiHPhQUCmFPVCiGe8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83dab0bb3f8948b5-LHR
alt-svc: h3=":443"; ma=86400
DNS

45.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.179.17.96.in-addr.arpa

IN PTR

Response

45.179.17.96.in-addr.arpa

IN PTR

a96-17-179-45deploystaticakamaitechnologiescom
DNS

23.149.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

186.57.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.57.21.104.in-addr.arpa

IN PTR

Response
DNS

146.29.17.81.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.29.17.81.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR

Response

40.13.222.173.in-addr.arpa

IN PTR

a173-222-13-40deploystaticakamaitechnologiescom
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2963708703E06D920C2F637002006C50; domain=.bing.com; expires=Thu, 23-Jan-2025 13:39:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 16FF58DD63264227A31B226FF54161BD Ref B: LON04EDGE1218 Ref C: 2023-12-30T13:39:43Z
date: Sat, 30 Dec 2023 13:39:42 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2963708703E06D920C2F637002006C50

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=rD9BMB2SbhHS_fJ-av44Pdnn0Kmt0NxgTp-cnZ069mg; domain=.bing.com; expires=Thu, 23-Jan-2025 13:39:43 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 964AA03D86A94B5CAD9D53113676C9AC Ref B: LON04EDGE1218 Ref C: 2023-12-30T13:39:43Z
date: Sat, 30 Dec 2023 13:39:42 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2963708703E06D920C2F637002006C50; MSPTC=rD9BMB2SbhHS_fJ-av44Pdnn0Kmt0NxgTp-cnZ069mg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 219838942EC746A781495E9C64B0224E Ref B: LON04EDGE1218 Ref C: 2023-12-30T13:39:43Z
date: Sat, 30 Dec 2023 13:39:42 GMT
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR

Response
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

193.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.179.17.96.in-addr.arpa

IN PTR

Response

193.179.17.96.in-addr.arpa

IN PTR

a96-17-179-193deploystaticakamaitechnologiescom
DNS

193.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.179.17.96.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

ww1.stringengines.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ww1.stringengines.com

IN A

Response

ww1.stringengines.com

IN CNAME

80880.bodis.com

80880.bodis.com

IN A

199.59.243.225
GET

http://ww1.stringengines.com/

IEXPLORE.EXE

Remote address:

199.59.243.225:80

Request

GET / HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ww1.stringengines.com

Response

HTTP/1.1 200 OK

date: Sat, 30 Dec 2023 13:39:43 GMT
content-type: text/html; charset=utf-8
content-length: 1033
x-request-id: 0c9d5352-a536-4f70-9a76-271d17d11659
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XV4TxGXG63vuo9gUOvmVc1iJPg0npvTPsm0Ki04l4z/wNh/EMcz5uRYFUM1JOoVhAsoXcxOdqSLDPUSNVN90vw==
set-cookie: parking_session=0c9d5352-a536-4f70-9a76-271d17d11659; expires=Sat, 30 Dec 2023 13:54:43 GMT; path=/
DNS

IEXPLORE.EXE

Remote address:

199.59.243.225:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR
DNS

225.243.59.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.243.59.199.in-addr.arpa

IN PTR

Response
DNS

225.243.59.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.243.59.199.in-addr.arpa

IN PTR
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301043_1FLFJUEMDEOHT5KB0&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301043_1FLFJUEMDEOHT5KB0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 414571
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 551401BD1D1C4E96BF411C7D4D4607C5 Ref B: LON04EDGE0611 Ref C: 2023-12-30T13:41:39Z
date: Sat, 30 Dec 2023 13:41:38 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300952_1E3SWPMLL78HDQL83&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300952_1E3SWPMLL78HDQL83&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 247144
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1235F387A7A34567A0255D9D8491E7D9 Ref B: LON04EDGE0611 Ref C: 2023-12-30T13:41:39Z
date: Sat, 30 Dec 2023 13:41:38 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301385_10GXZBGQGK7BVOQK7&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301385_10GXZBGQGK7BVOQK7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 295420
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4CEE757A06A64CF58D5B1799C34BEC50 Ref B: LON04EDGE0611 Ref C: 2023-12-30T13:41:39Z
date: Sat, 30 Dec 2023 13:41:39 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301476_1OK6WPDPCCN1SYC73&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301476_1OK6WPDPCCN1SYC73&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 313576
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96E740DD57944035A6951E1DE56772FB Ref B: LON04EDGE0611 Ref C: 2023-12-30T13:41:39Z
date: Sat, 30 Dec 2023 13:41:39 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

81.17.29.146:443

json.stringengines.com

tls, http2

IEXPLORE.EXE

2.1kB
5.3kB
27
13
81.17.29.146:443

https://json.stringengines.com/pson.js?n=1

tls, http2

IEXPLORE.EXE

2.4kB
5.6kB
23
15

HTTP Request

GET https://json.stringengines.com/pson.js?n=1

HTTP Response

302
92.204.68.34:80

http://shasha.lt/wp-content/themes/philomina/assets/fonts/fontawesome-webfont.ttf?v=4.5.0

http

IEXPLORE.EXE

13.7kB
336.7kB
261
248

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-8-200x300.jpg

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-includes/js/wp-emoji-release.min.js?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/fonts/fontawesome-webfont.eot?

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/fonts/fontawesome-webfont.woff?v=4.5.0

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/fonts/fontawesome-webfont.ttf?v=4.5.0

HTTP Response

200
92.204.68.34:80

shasha.lt

IEXPLORE.EXE

392 B
236 B
8
5
92.204.68.34:80

shasha.lt

IEXPLORE.EXE

340 B
184 B
7
4
92.204.68.34:80

http://shasha.lt/wp-content/themes/philomina/assets/img/preloader.GIF

http

IEXPLORE.EXE

1.4kB
15.7kB
24
15

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/img/preloader.GIF

HTTP Response

200
92.204.68.34:80

shasha.lt

IEXPLORE.EXE

392 B
236 B
8
5
92.204.68.34:80

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-4-720x800.jpg

http

IEXPLORE.EXE

14.9kB
316.1kB
251
236

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/js/custom.js?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/style.css?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/fonts/font-awesome.css?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/js/fancybox/jquery.fancybox.css?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/js/html5shiv.js?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-includes/js/jquery/jquery.js?ver=1.12.4

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-2-200x300.jpg

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-4-200x300.jpg

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-5-200x300.jpg

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-4-720x800.jpg

HTTP Response

200
192.0.73.2:80

http://0.gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g

http

IEXPLORE.EXE

1.1kB
1.1kB
9
6

HTTP Request

GET http://0.gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g

HTTP Response

301
192.0.73.2:80

0.gravatar.com

IEXPLORE.EXE

282 B
132 B
6
3
192.0.73.2:443

https://0.gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g

tls, http2

IEXPLORE.EXE

1.7kB
9.7kB
22
18

HTTP Request

GET https://0.gravatar.com/avatar/051b200610a39efcc8a0ac3cdcffa3b2?s=100&d=mm&r=g

HTTP Response

200
92.204.68.34:80

http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-7-200x300.jpg

http

IEXPLORE.EXE

6.5kB
118.3kB
98
91

HTTP Request

GET http://shasha.lt/wp-content/themes/philomina/assets/js/fancybox/jquery.fancybox.js?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-includes/js/comment-reply.min.js?ver=4.9.13

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-1-200x300.jpg

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-3-200x300.jpg

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-6-200x300.jpg

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-content/uploads/2019/06/Sha-sha-tunika-beach-kimono-robe-burning-cat-7-200x300.jpg

HTTP Response

200
92.204.68.34:80

http://shasha.lt/wp-includes/js/wp-embed.min.js?ver=4.9.13

http

IEXPLORE.EXE

1.7kB
7.0kB
19
10

HTTP Request

GET http://shasha.lt/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

HTTP Response

200

HTTP Request

GET http://shasha.lt/wp-includes/js/wp-embed.min.js?ver=4.9.13

HTTP Response

200
104.21.57.186:443

coinhive.com

tls, http2

IEXPLORE.EXE

1.2kB
6.0kB
17
11
104.21.57.186:443

https://coinhive.com/lib/coinhive.min.js

tls, http2

IEXPLORE.EXE

1.6kB
8.1kB
22
16

HTTP Request

GET https://coinhive.com/lib/coinhive.min.js

HTTP Response

200
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

tls, http2

2.1kB
11.0kB
23
21

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=edda8922524148bdac65188915598424&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

HTTP Response

204
199.59.243.225:80

http://ww1.stringengines.com/

http

IEXPLORE.EXE

903 B
2.5kB
14
6

HTTP Request

GET http://ww1.stringengines.com/

HTTP Response

200
199.59.243.225:80

ww1.stringengines.com

http

IEXPLORE.EXE

328 B
405 B
7
4

HTTP Response

408
96.16.110.114:80
96.16.110.114:80
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.5kB
8.3kB
18
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
521 B
11
6
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.7kB
8.7kB
18
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
8.2kB
17
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
8.2kB
15
11
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&w=1080&h=1920&c=4

tls, http2

44.2kB
1.2MB
899
891

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301043_1FLFJUEMDEOHT5KB0&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300952_1E3SWPMLL78HDQL83&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301385_10GXZBGQGK7BVOQK7&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301476_1OK6WPDPCCN1SYC73&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

8.8.8.8:53

json.stringengines.com

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

json.stringengines.com

DNS Response

81.17.29.146
8.8.8.8:53

s.w.org

dns

iexplore.exe

53 B
69 B
1
1

DNS Request

s.w.org

DNS Response

192.0.77.48
8.8.8.8:53

shasha.lt

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

shasha.lt

DNS Response

92.204.68.34
8.8.8.8:53

coinhive.com

dns

IEXPLORE.EXE

116 B
90 B
2
1

DNS Request

coinhive.com

DNS Request

coinhive.com

DNS Response

104.21.57.186

172.67.165.117
8.8.8.8:53

0.gravatar.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

0.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

g.bing.com

dns

168 B
158 B
3
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

34.68.204.92.in-addr.arpa

dns

284 B
4

DNS Request

34.68.204.92.in-addr.arpa

DNS Request

34.68.204.92.in-addr.arpa

DNS Request

34.68.204.92.in-addr.arpa

DNS Request

34.68.204.92.in-addr.arpa
8.8.8.8:53

2.73.0.192.in-addr.arpa

dns

69 B
134 B
1
1

DNS Request

2.73.0.192.in-addr.arpa
8.8.8.8:53

45.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

45.179.17.96.in-addr.arpa
8.8.8.8:53

23.149.64.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

23.149.64.172.in-addr.arpa
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

186.57.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

186.57.21.104.in-addr.arpa
8.8.8.8:53

146.29.17.81.in-addr.arpa

dns

71 B
71 B
1
1

DNS Request

146.29.17.81.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

40.13.222.173.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

40.13.222.173.in-addr.arpa

DNS Request

40.13.222.173.in-addr.arpa

DNS Request

40.13.222.173.in-addr.arpa
8.8.8.8:53

178.223.142.52.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

178.223.142.52.in-addr.arpa

DNS Request

178.223.142.52.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

193.179.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

193.179.17.96.in-addr.arpa

DNS Request

193.179.17.96.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

ww1.stringengines.com

dns

IEXPLORE.EXE

67 B
109 B
1
1

DNS Request

ww1.stringengines.com

DNS Response

199.59.243.225
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

158.240.127.40.in-addr.arpa

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

225.243.59.199.in-addr.arpa

dns

146 B
131 B
2
1

DNS Request

225.243.59.199.in-addr.arpa

DNS Request

225.243.59.199.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

148 B
112 B
2
1

DNS Request

227.187.250.142.in-addr.arpa

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

205.47.74.20.in-addr.arpa

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
173 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
ef7e600e75b69943888a45bdce7d2938

SHA1
3c780e1b92198ddfc7e3e5759874f006f18272b7

SHA256
3c1c1f39f5bcc2cf8c0b4664b18e7cc2fd14c05ec5ff914327d1d8b1cd184218

SHA512
c0cecf3cb14990db6507d151ed1468cfa35bfdcbe4fce22631dbba5672bb60c326a34e3a8d97a778ed6e2cc76a80ef8b1afd31a44c8cdbfcdfd4ac7c496847dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
10dd75b0be43d0a6ff4c7c05c76ce131

SHA1
d323d9c391175d695d282e0bc4f4762b97c18b80

SHA256
cc769688ed7cb15dab6489bf5e1ac1e1cc4c4678e7251a06c51f6c4e4db5123c

SHA512
ace81a1d7e679a16c4bc54b30ad408d52bb07f33d693fe060483f55fa7b5ae9d84ce4f08c6993f3292cb4dba9b03a730ef9f296f8f6df4ad726b0181503c2b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBAF3.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request