1ef164e60d64132431076a3d5fcf1eb8e29520da190ccdc2954a895624a65eb6

Analysis

max time kernel
140s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 15:16 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a0a40e1af537e5545e2d7cac3059a79_JaffaCakes118.html
Size

35KB
MD5

0a0a40e1af537e5545e2d7cac3059a79
SHA1

cf00681935e6ef8fa6fcb5f0ce795daa337bb9e0
SHA256

1ef164e60d64132431076a3d5fcf1eb8e29520da190ccdc2954a895624a65eb6
SHA512

666be86d9338b5c38cb27c3308d832de0a9b786f073ae7138074cac569a889f96e8257ff828afc35dfa817ee767db794aaf5ce5d2f8fb6cd18db51cfdd46eda4
SSDEEP

768:zwx/MDTH4i88hAR2ZPXRE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6T/uJxF6lJtxU6l7:Q/LbJxNV4u0Sx/x8YK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000b2780d377bcb4ee2f7adbe3c1f37c9ad4641fd38933094a452d74e62f61a4e8c000000000e800000000200002000000025f5a33d3a827b4b756c84814f118c3a15ed0787079159bcd842883066b0354590000000ca4d07b62b4dea234588e7f716cd725b635bff0e754dd68c8bfe25de3636e6bd88655b986fbdd09460d68a15effb8028c6df78115a3768204ce606f6b4553f41e04f86ba46b8f1402909dcd749c09cf1673260686845cc08393ff5ddb3ae5a20b3049ca2319c32254a47e54452e1a7890063ae6c74366aa59e0c55a656731baeba97793b1da579547e5a30eee4f8cc2240000000243db00dda0e7bd08541982dea588023109cdfe172aabbf62416f7bef4b439b914a092e599426667bb996cd9318d1146115b5b99ab662a31add5b3c2dcbcd338	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A76FE2F1-0704-11EF-A692-6A83D32C515E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b4617f119bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420652078"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000077fae16c909bf486944e3437b08ae2f8c95a11f3913b695a891a71c10f27de0e000000000e80000000020000200000001417bc8edc73f44e693870b944c7809893cc422b959c69e87cffe9738e3a50b320000000e872fbeebb93dcc9a118cd61ef8d53ac0b4babd9861068ab71af88d0da340059400000001a00e0cb5d8e4e745e595cf9fbab85c1f225609cbcdf6d73c315388520687d6ab3011b5c43b51e328d037cf16de1c74bde1bf6e6387030bd9434572895a241c7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2120	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2120	iexplore.exe
2120	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2520	2120	iexplore.exe	28
PID 2120 wrote to memory of 2520	2120	iexplore.exe	28
PID 2120 wrote to memory of 2520	2120	iexplore.exe	28
PID 2120 wrote to memory of 2520	2120	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0a0a40e1af537e5545e2d7cac3059a79_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2520

Network

DNS

saltworld.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

saltworld.net

IN A

Response

saltworld.net

IN A

104.21.11.155

saltworld.net

IN A

172.67.166.97
DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A

Response

coinhive.com

IN A

188.114.96.2

coinhive.com

IN A

188.114.97.2
DNS

www.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gravatar.com

IN A

Response

www.gravatar.com

IN A

192.0.73.2
GET

https://coinhive.com/lib/coinhive.min.js

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /lib/coinhive.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: coinhive.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: application/x-javascript
Content-Length: 1115
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ETag: "806233d282cfd71:0"
Last-Modified: Tue, 02 Nov 2021 00:44:41 GMT
Set-Cookie: ARRAffinity=0f60b0add9cb5787812ad43041e37f1a658566dfb27a2b04d44e3e12f2d4257d;Path=/;HttpOnly;Secure;Domain=coinhive.com
Set-Cookie: ARRAffinitySameSite=0f60b0add9cb5787812ad43041e37f1a658566dfb27a2b04d44e3e12f2d4257d;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
Vary: Accept-Encoding
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BDLAMPZlH8IiYk852djYAaZ3E6ZWLNCBI5XXmzDcYY2%2FW7D9UwV9ReS3kp3AjfYa%2BgkDOMiZgWT0auLc7JybLWn70O95WW6CvdPv7AJ9%2B4QwUdbGov2t1mP1gD3hyDk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87ebc4f2f6405-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUDcaL5BuPTgBusIOY1VCt5ZHIbYphMY13Pz%2FK0KDm%2B2ChGtBZ7gqOy1717SORZUnjvKmcrB3SqRG4BscBtb%2B5ttGpBf1BJ4BqmznS1Ldj5kDDOU2Fa7BXwiKGTL9LbB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87eb6bcd76367-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BsQYxUkmoPovnNetPPn1UXB22YmsAYRvsUSXhrmrrTxR3axPvaUpYZlKdUsZT0b6PzqGqmaqj3pW3jCzKC7mHuK%2B7au23vGzeOHTPYNhPL0mfBqj42TbOosfoi0ILR7j"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87eb6b84b635e-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35oCUqF%2FL6qvFsxHyHOOMWZ36MTpsZQExAhl0EZv3P79WbgETiygX%2BEED2lf6w3PxBGy3gXz%2F9eD%2FZruiZt9aBL66O180%2BEsaGIVFdc%2FGuus%2BRfVDLyodgcrZNLNmbQQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87eb738ed635e-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8qPNKxlaYhGlkFXSqGX1Yat1iFD7SJvamUwRSSSwyj1HJoRnj9I9ku8vkLm%2FdIPzC6bVcvUWhN3g9Y6n3zhRasqGsbuyNsc74eiYcVNbn8%2B%2B1RORZ1FnqoxIfScqnjsE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87eb79982635e-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vBIaWninct4UMJXh%2FtTQFqCPIKdCtQIJ7ccUoQya%2FuVmBE97xM1kKOkrihHUok%2F6HM5gMqDi09Kt1usaRN0k%2FI%2B74C6QMR%2F78UGftQFqOd%2BAsS%2FIQAJyAWLQyzpeKfxE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87eb6ce3a9408-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CyO4SbZFLSDioCUOgfHovIcQr4CJQr9MkjluLOoP%2Fe%2Fv6C7ZND0xWMdP9oS7qKHoRRBNdzILHnxyFlaTXgt1%2FUOQAuz6xuYCbrqXb9nfOWrb3n2MfbpJ%2FdjqefPBw1T6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87eb73efa9408-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LhVupuDrnoGi%2FkLFtF%2F86KAKSx396L36w9tI4TtgznaIPmmuhmfzODJTigOk1UdlJV4xs86eq9TdgFjOsvrWNvIK6EEbw0rvi5W7hx6bNxoqc0dD3bkK4ne1aZEGaOMD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87eb6cbd66328-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F40kqC69OBEwj5PTBVIR%2FuYRDrkQFt%2BRGLCli2KtdajzBhKy3cfy%2BgqfozOJukhTWgtJBPi0KBI91Ab%2BoF28Gyn7m1cUBzqUpb3UukQIU1Qx323dGJP%2F%2FgFkfKU1qEu5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87eb6c8126346-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5vb8pQu0mAwuT%2BjyG7pkJWdKkMF7rwDAKFAZ3iMlhxkhT5Ln4%2F53HHeTHHXfKZRBm%2BKIOQmUILZnfs%2BPKJyiB1LUdgYAs8dp6G9gBSbhiElaLTt8B5xU7BGLDx4LbP06"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87eb748e06346-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:47 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KkmUWzSTOQSd8rN7vJ%2FHFdkVbABBLYn4Wq6rIKomy3ssIaE1bUiJQ856B9HRWd0n6C140TcEYA3uEzJHnz%2FWU3UBerikPNCyFdosWZqw79wuAe4XD1PoK%2BWdFbByjMNt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87eb6cdde48c3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Tue, 30 Apr 2024 15:21:49 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 1
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Tue, 30 Apr 2024 15:21:49 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 4
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Tue, 30 Apr 2024 15:21:49 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 4
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Tue, 30 Apr 2024 15:21:49 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 3
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Tue, 30 Apr 2024 15:21:49 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 2
Alt-Svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=amY%2B3RynNUEEkK8tGCeEjatVOLxoVCv93w3jKGhbac%2F3HQHkI%2FdKXY6yvKKkZeA9zHKDjNmiB2iXaYkTdFf8EVTuSbOYrHvnzEAUJ1uaFhlrccbf3BfhAk6Bq2O20S3s"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebc0a9c774a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IdPwi1UtEIeevFa%2BYKBUzO2XDgHMSDs0fypCthoEpbLGs6p4yzA3WFr3j4IZZ8FEoIqqtHcBt%2B%2FBxwoMMlfkJwS6peGn1gvGkTeiwe%2FDmEZQ62K%2BkF0OUyQi204ZW0vn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebc6b67774a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F20MCnW0gsaL0IeGa%2BrcDZo9Geu9TBHhNmsgcjblzDotUD3dHWEwwk3iTUQgiMdc1uTD3TnhVmlseIhniTCWSHS8ZDuJ1TUY04sXJ0RpC5m%2BwYMe9UG%2FkpYkVRD1X6EO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebc38394922-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lg4xOWH0x8d9EbLM0SMXvaG53swqJKQ5SicUZLCICoYAWT2EYezntLgm2NMo5PDmoTd4jmvQx7Xoki%2BIgF%2FJ4V4NvdC0kPV3WBWHz%2Bu85zDO39DpP7%2BQEp%2FubJFFLTGQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87ebc3cb7730e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2BaZ04j5i6muHsbQq9SluelxTyZ6n99NyTYN3Gl%2FCgdnFlcW8fpGUoBKbuStY9MVhQnEz%2F9x3PGyTjwMkY61PEIgdNpSt8qzDycxILGVUnm1BqucKUZusB%2B4pj76h%2FtF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebbff77958a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BT4%2BdXPdFLmL136PjSr3aCuOA%2FJLx%2Faz%2BUJIgX3%2Bt%2BTV6urd73PcwhZO4gU1D6dHVfz%2FvHlkbroJ76NbIK6H%2BRRMCk4Mx3AS84wHroPKE6%2FU7IkiJIXngJJF6Rw6KW6B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87ebc583d958a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t3s52dQtLmvKOlIURz6qOSCFr5qJnVp1KTlWcVn6ST2zWzS1gAhrLREiXh3kGIf9oi6bbN7Lnn5s7IeWc3FjEpEmZrVVFXPfolTjyddJA876ewi2ivLi%2F1TJj9MFJfgS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebc0b18941e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RlDT1F3wtoISKm9HaZWuai52lVFbQg%2B87B1TchIiqU0ZbdRUnVDc%2BnA7Ln5NSJly7Ads4zC830oKO0xphonQw5Sfm%2FSYKrdoT2T5g5Yo6Uy1eNpm0XW3r6M3Xj9j%2FQ7F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebbfa2179c3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bcl6ZP6JjRlzREICdkNHY21YY9FGPFmLRaxluY4ea8yB79TyvEY9anr2UIjkB5ONrkGI4Y9fAza9mvgGxxkey11SKUIWSlrgbA8T996nWw7K8evIUqA3PvSgeKQSi121"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87ebd3e998883-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 30 Apr 2024 15:16:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=McYNjxpxv%2B5GUlnsCrqpt3BbMQmnBb9c5jjhwP%2FIKWJTkFoeTYUHn5sbI6i%2BuSb8qhfBHq41WHMw1R71BCOX2kIn8J2Gu0RC28kCsf6dpyDQVtNSU4HSpEJ%2FyqpoL4pn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebd4ee19538-LHR
alt-svc: h3=":443"; ma=86400
DNS

gamingw.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

gamingw.net

IN A

Response

gamingw.net

IN A

172.67.160.162

gamingw.net

IN A

104.21.65.85
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XdtcLbDNVXQdo7LJIXhQutK1pi3oiimzwUoPUwZ5Bc6mNaZC1QtXLTuCdgr5sFOqKaj460tWiU9Z9zfaGWlAR6ocuc213RALfR5ETn9z%2B%2B4CraRQVqCvNsLrd4aftw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebd8c9b385a-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=696%2FU%2FAKDfmxR50gOipwY%2FO9XH9YY5xgXrmoTnvj0%2FV9XpxJq9MmsOFNeR3lMqe99THzfHcAAcGLbmx3pdNdM%2BgUPT%2BEKYJRMbUImvzJ5sYxvQwfpKaPTve1zIzl%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebd985c6543-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hU8sUO4u3gI8monmqTHCj4w%2FbcqWQ8pZD4AXldxW2HyrbYlVuJ9YZaNiYOB2g3AFjBED5aNdzZfcs7Y24Zb8buJ%2BMpVXILEA%2BzB%2Bu0bTTlrbkYi6C1QyIkoMbw6m1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebd9cc57786-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:51 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3BEDQ87Lxa%2FDoNvLHlIYyMt3FYPdT0I1JDiLjSNt7fjas6xDBDKtHH8ZbkfiySN7rScOQ228FAQtqel8YveFnWAGzZnJbq512%2BvHCPsfXoCQ2TV11723%2BDfmsnEW2w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebddf9563db-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KSIGEUCr16ORw6KM0FItQr4XlkjnZbP6e233l97cQoJjdvnvlPNy94tfugO7E2d%2BrFoqcYpwaIDXsOgHG2WwTymfShLag7izS10j2idiSr3EATIxJtFQC9OvnHGLJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ebdaa49639d-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:51 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRrpc4HGsen43DWp9jbDrQOd%2FA440c9v76J0HoanrJQ14q5wMLDPQg0DE2mG7KNZ1mmeAyVKHNrzkE6fAT0COd4%2F0QFgTfmaB9NfPki2jjJ%2F3jp6HnXDRVscCNcTcw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87ec59e92639d-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

i1.wp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i1.wp.com

IN A

Response

i1.wp.com

IN A

192.0.77.2
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: EXPIRED lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Tue, 30 Apr 2024 15:16:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:51 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oUzBfaoqKiTDgfWFdOu5CQEiDKA5qJYSzlVi8vUWXbuBG%2FgOuNkYvvi6NhYG8lkJv07VoNLjTT3oOeSqgPMSXFCzDxM81krU0WhQ6QlbFmo%2BtTu%2FctsazRUh5zgJ1g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87ec37d56654f-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:51 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=72KB7oLOfFmt%2FFjWMKBwhhsoGFMjesJb1JJNpw8LZ6RKWOFBI9JVzYbZap0Xc2Zdv7H8Mu1Phz7vldCF5mPvQHDbKeV20zlvOM6v7dIyFo2vRuCtsYVaOrGVaEJihQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87c87ec4998971c2-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 30 Apr 2024 15:16:51 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9WeVBapJs1o65p5a6yUdou2T6MA9zD4f5DG6S9X0WruRo2iI4hbdwDxEWzxn5asD04fkbFBHArtIyiKXoUxL86%2FjrartMD%2BM4NuCRtRJmqoN5lusQrP9xbzodxds7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87c87ec37bd224dd-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

142.250.180.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Tue, 30 Apr 2024 13:18:15 GMT
Expires: Tue, 30 Apr 2024 15:18:15 GMT
Cache-Control: public, max-age=7200
Age: 7116
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194

188.114.96.2:443

https://coinhive.com/lib/coinhive.min.js

tls, http

IEXPLORE.EXE

1.2kB
9.0kB
13
14

HTTP Request

GET https://coinhive.com/lib/coinhive.min.js

HTTP Response

200
188.114.96.2:443

coinhive.com

tls

IEXPLORE.EXE

773 B
5.8kB
10
10
104.21.11.155:80

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

http

IEXPLORE.EXE

724 B
1.6kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302
104.21.11.155:80

http://saltworld.net/forums/public/style_images/master/feed.png

http

IEXPLORE.EXE

1.5kB
4.0kB
10
12

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
104.21.11.155:80

http://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

http

IEXPLORE.EXE

1.0kB
2.5kB
8
8

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

302
192.0.73.2:80

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
104.21.11.155:80

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

http

IEXPLORE.EXE

589 B
1.2kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302
104.21.11.155:80

http://saltworld.net/forums/public/style_images/master/top.png

http

IEXPLORE.EXE

974 B
2.4kB
8
8

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
192.0.73.2:80

http://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

738 B
1.3kB
7
6

HTTP Request

GET http://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
104.21.11.155:80

http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

http

IEXPLORE.EXE

588 B
1.2kB
6
5

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
4.9kB
12
10

HTTP Request

GET https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.8kB
11
9

HTTP Request

GET https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.9kB
11
10

HTTP Request

GET https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.8kB
11
9

HTTP Request

GET https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
4.9kB
12
10

HTTP Request

GET https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/style_images/master/feed.png

tls, http

IEXPLORE.EXE

1.8kB
7.6kB
14
13

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.4kB
6.7kB
12
11

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.2kB
6.6kB
11
12

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

tls, http

IEXPLORE.EXE

1.7kB
7.5kB
14
14

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

tls, http

IEXPLORE.EXE

984 B
1.3kB
8
8

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/style_images/master/f_icon_read.png

tls, http

IEXPLORE.EXE

1.2kB
6.5kB
11
11

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.2kB
6.4kB
10
10

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/style_images/master/top.png

tls, http

IEXPLORE.EXE

1.2kB
6.4kB
10
10

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

tls, http

IEXPLORE.EXE

1.3kB
7.4kB
11
13

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.3kB
7.2kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

404
172.67.160.162:443

gamingw.net

tls

IEXPLORE.EXE

1.1kB
6.7kB
10
11
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

tls, http

IEXPLORE.EXE

1.6kB
8.4kB
13
15

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/feed.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
858 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
856 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

612 B
858 B
6
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

606 B
555 B
6
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
858 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.2kB
7.3kB
11
12

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.2kB
7.3kB
11
13

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/top.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/top.png

HTTP Response

404
142.250.180.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

812 B
18.3kB
12
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
142.250.180.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.6kB
10
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

805 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

785 B
7.7kB
9
13

8.8.8.8:53

saltworld.net

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

saltworld.net

DNS Response

104.21.11.155

172.67.166.97
8.8.8.8:53

coinhive.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

coinhive.com

DNS Response

188.114.96.2

188.114.97.2
8.8.8.8:53

www.gravatar.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

www.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

gamingw.net

dns

IEXPLORE.EXE

57 B
89 B
1
1

DNS Request

gamingw.net

DNS Response

172.67.160.162

104.21.65.85
8.8.8.8:53

i1.wp.com

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

i1.wp.com

DNS Response

192.0.77.2
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
76dbee626e092859031c8c555e746371

SHA1
3c1bbbcb55744d1af5ea5fc3e8e4fcdeecdbbb1d

SHA256
4b7c1d94320e9ed3400c1425db6126fb67802d6f88be1469da35017228e61e11

SHA512
a151dd4142e1e0c39740972ea63dbfd2d9ff602c2c1a8ba2ef420e0b680ced539d4b43e2a3b0f240f7260b0f0ec0025ffbe8d9c225ce68f2886ff88ffd46805f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
6ef436b82678a1564cfc5690d807edf8

SHA1
1871f3f5325b7962ad9ed47c31e5d8cf325bffec

SHA256
10538a86254fb43318975dde02294db9fbd3a73eaeed03804339a6bae1843259

SHA512
c766cdcf0650d5fcdca8bc8bb5b13f804c894064681a1d165a03ea9317534b7fdf03f34f6d17faf8114bcd7149f36894fdf33d94e73c9c7cdbf876345ba8a47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
978B

MD5
b5ffd1384ea2cc3fbb18404ece0d223c

SHA1
26aa83aa4514b0cceb308c92f8f992a5ca714fac

SHA256
94c0b7c584eeb89716018df3a8f0ea8237f40f869dbc3c32c0b07271a8965572

SHA512
5d08e43a85710482c41b167b1aadc85e6899dbe181e99b4d0fe2a0f0e45115d5b1bc8a8ff64c6c0f84f98fa5d3f5f1898ce98bd6ccd09d591ace8dc990fef2f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
840d0cdda164e844f8c804f5666cd756

SHA1
1231d7b33eb70ad03a42b7358c5e883b001692a2

SHA256
bf1dea0adde69ef97e676e5f94fb0e0577429b2a59053125490fc0c03bbba49c

SHA512
9190b6c1a402c7a5943bbcf3d0dbea4b16ec3766b2ddf9ca264c5ce7ddc06ba0507a32d07d73f71ba7a50eca517369d11387efc98d683c3551f979a0f3fcf6aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2efbb62baf999a7fd341ed793a194074

SHA1
b3f20c330f6a70c7e8576434421e9c0613209c3c

SHA256
d01acbd88568a9af83beafa203d7430ec630a5b31676b965672c24fd9efe639c

SHA512
d362cde94a0560878d34e16ec12d25547aba92d58d6eeeba40a165e9cc858a18e36b25580eec04192152c15b0e743014b0e92b469a51832a76a59c52c67da0dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d77308a099a37daf22c57cb11c760f60

SHA1
7953e09736cd1213f9fdac2d2c97feaf2c2cc6ef

SHA256
83f28b6128ced044d25413123163c958470c43f46e1dccb3795a691cfeb557c7

SHA512
ad4dc94590ee793a0dc06479dd71108e4c16b35131bd1d48a1aa2ccdf6724f1ccefd408d557e7b17be7afab9d4494b1c572a2fe74802f2e999ddf3472c681527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e10dc0bd89266194f93291ddd75f895

SHA1
539f5ead08dad524c4c36467ae246184359eb525

SHA256
b85df874880ba4c4dfcdadf08c9bcd1989cc4a34a0207a45fe30fbabb43d6469

SHA512
717b9bc419f2d902a49b58f666a86429e030615822c877b009bff018725a1c0a744134a155e001bf3146cb63ce0359fe7d4958443a0b5df7739a51a665085502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb9b9c7e1266950dec9883d3533df1dd

SHA1
287ae6a00ddff337c2b2425e7fe51070e4df5c38

SHA256
96f81d20c3384f3e7e0cedbd8dbbf5ad159754a466278de2bce1e3c21dc05468

SHA512
742e314a73b95a8662cd2b2b4d8755a0462423a9558ef11739c99d9f345162a72f0ebb9d1ce86dc9cb2bc96630e7f8050225cc2d8ed9641aeb22999208a84fe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7ebd59c56217ed2b1929520fd299c98

SHA1
24a057e0813fd06bf432cf112011f620677e5b34

SHA256
ccdd0af76a75afb7b3c4ba699111b290571eb74da7e57b67077b474f5f2d3050

SHA512
3360604416b217f0b137709fd683a5b7c36025f76493d1be5f6baebd803c00e0d62d43cb1e7a2c4086a659f1f6a7412b35bc4dac52ff5633f5dec259645071ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a4191f9ccb0c7aa94e270e19ce0e1ec

SHA1
9aa6967c3b5d72a66e154b5550ee0ad40c094daa

SHA256
d66cd0dab3f96c3b9b1eada93d7205172b48df7661046a813fcef62c4d518512

SHA512
619bdc85748b93674ea2c61a1d6e20c907ad5a1ee80ea73d5da5fcd25b9baf36da56460161cfafe7003e05d78b7f367bd77772b7be05e5c3fe770e1b118b3104

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0eafbed69dc72e6a21a42c567749606

SHA1
8ea4e90dbe881927519bd4df2865efafb6e40b1d

SHA256
10a55f45033f4764262782ec5606ad88057987d4ba6457e6e6a5298c9b8c1197

SHA512
8a89493fc4427e8ed8466f8c78b9c03c3291df73cc58b45257527308e0128c5af2a8b58eec3f5ee6b484194fd76edd76bb0010fcbd9a147424b901108bc5a035

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3aeee6bfdbf9f89ef78ff0ec505c6aa7

SHA1
698bc0471485b0b85785c1711bb06ff4adeb5a5f

SHA256
3d1f170e6cffdfebdeb0f8690aa39a4773d2fadb00355e71190cbf00cadc4e88

SHA512
198fc1904edfdf72842b202a36b8848312b4374f3759ee9ac6cb224ed90e5a5a41dd4f2fff702d4f06446a85025fdea7b56e8c4bf2a1a2fc3deb3b7c94fffb54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a33f9bb92bcdfdf0369e5076e3a4bc7f

SHA1
8a59412e24960ec262333f49fcc6c58a7b1c6a5d

SHA256
61754687a2c29e5c85a373b1d5cb92722f79eebc1b8846962ff4f1c054e1de7f

SHA512
3fb4ec286cb456dff998abe203174a5b2435c6b39df84bf19c532cf680b9369007c4666a3ef4f2a9d6b20ee3f46629c551a76c0903935382bd107aae8ccede27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e15ad972d113948c712ca0714fb416f0

SHA1
7aca6ebdf6d772005c30d3d3581d0a78050671a7

SHA256
3421c7f17720703a46826fbcd4dbb643430a1428de5d77d687c6fac5d7621ceb

SHA512
5d900275757f07b8b8d45d3313c039f0ceb93e9c5b45e300544a8669760aa7f6c183e80458fc6a01b4f209b5170b4ec95a2af94bb639f188533476d3d76dab05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1d370e2da1eecef232c16fdc96e6b0f

SHA1
ca97283d8e66b8af5d128cf7b4912f5dd44bdedc

SHA256
4f0433b365697ecdb07860c1e5029daf7d76b9b5e22f801c56a949cdf88261ed

SHA512
c5e763066c4a49bf05b0670205f793e823cf034710eacf2078cebfa5de54dae403d7951689656418837b26a77ca774ba879e59e567f970636374bcb4174ce3b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
397c6463bfe57f059f1ee10abea2390b

SHA1
3b4ba068ceb70ae63d2d1086f2e5f9f76854938e

SHA256
e8ad7c39a9fa257ed1f6438c9a0d53443fa7f149c81914928aaab540290a41dd

SHA512
00f3998888ad1ee3f867238ce9611c6f5b0b894d4da7e66462cb578cda042831705bfa82bf159da16c06509749ae943c08fb90301499f4a4f954b590ae518500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab258c15ad81725fefc941b483952f32

SHA1
057d2629af10f79d532fdf556dbf03a37dd12b4d

SHA256
594933fcab673ae0fc9de25908a3eb826092f2e044c85991edd3a5f99455f0ca

SHA512
e676210a9ad8ae99da94a2a18cc864b59a4f9b198d91b00f7a09efc5a21f1ff648f95579983d9b81f09ae67032fc62c9517b874e14bb334968af2c8faed3a041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2d192fd7c89cca4e88c9148dcb1ab7f

SHA1
1c8d3779d0caa27e19ae74446c03f8a39329d151

SHA256
5795186ae28a56d70f5ebe38bfa0b6e13d4ab43752dfd5a5a2b9ca3874f7692c

SHA512
4b9693cc8de2e8561e3d9437a35817477e3801affd33313d901384dbd4ebdd8cdd9ab71de26e96975e31ea736b96ac4c10dd4c44f3f8cbada9773f0038a12685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97025285f3205cb89cf50a11bcc98bcc

SHA1
b8f73a86f0b69f23a9f84faf030afa062b957aca

SHA256
2d3098e5e8c114ca6b2c1395f96e856f19e528a086a290a6c022f65e02f406a0

SHA512
1c23bce9d50fad4fb8c4ea4b1b962de42ce30d4127ac1b1f86ae8b25db5a52420d487b44baa870c427de3419636c51a5b70da6223e1f3b7f71014fe88689c1b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f8b504e95bfeb39f6f7ef1c3cbed541

SHA1
36a3339e29b80b4a5994f7279447d35bec64a893

SHA256
3451a82e5d90be7822d0fe0224063fda01f0e6aad414c20b8343e4fda0b1fc88

SHA512
c0c0134bfe85d9a1156c660cbedeee7ed52c7f18836435838884fd781137135e25ceeb5301b542f337d663263c14c0d1c6123ebd34d05c74cacdad0b8f555593

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c47f85416124ac0624f456e3621f0d86

SHA1
eb728a16af4e337ef3746ec2aa005c7f3a8b6a52

SHA256
5bcdc95896805273049b089a627994556174fe3a3056c4d799aed88ba3288494

SHA512
169af05471fe90f61ca89bc673f8a4c7880542bdf04caa5af1d76a2665271695160c974ab6c066a12b4bf64744a81b114ce105f10e3f54f36c5279877a8b604a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0be209bce83b258153a2233e7af8a8dd

SHA1
fbb93306567daa97e1e4ad2f16b8c95787435674

SHA256
2601492006164de62b2dec9c7d6af282e4dde69c9eeb5db2a86f5952cfc2bd7e

SHA512
2134345d66c3c7fe04d91201c6a71ce177eb38e7387b9de016be41ad3ee37c58e79371ededc83112e42036e8d4e82d18f42f1514474acc7d0012df78292dfb57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
158de5cdffab0e32f98d1bb7da2be7f6

SHA1
07466a02dd388da5d75aee117391914dfd3475de

SHA256
d9c92e6c316220517de9f2a28faf2cb5b88be62fc5351b732e5dbfba3147459e

SHA512
77d1ad02ba42d00bf3f2eba7be7dfc607f157a35f9da72cdae9e4f61678056625d5eb33f2554c51514a7e88829b3f9ad50ef8ddbc9d81dfd2b65f21e5d729520

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4e44d0529b00bda6cd41c98abd3962e

SHA1
8402a08404b4c6d8f520c8e69c3be91f0b702b36

SHA256
5c7cf7dd814c5228e2f320654e04f9e2e255fc4e4f5b17a583a8cd56fd612fda

SHA512
6b40daa95a32fdeecc49b6e4a62723399a5306ecb721e472e38a2d3f2fa11780701d888f48879d1af520693e8b1cae7df6870fff873755f433a69c9cdc176915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97eabb30d2a9f71fb3594ecd92111adf

SHA1
7373eef56096395b8be4d8873d3acbf9fb4ceafc

SHA256
91143051129270176284fd141ab9ebdf10bf4bc31df5f4969d8aab8cf7aabb69

SHA512
ad2fe146be685b8f647015f95e5d6c47a016ec6886a718deb17c75307095ff9e8644703bfe9c5612583f1849e08b31670e7a99c2b44518593ee08b1e7a2a0a72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bee79f3a3488cf5ae2e1fab79bc84d5

SHA1
4ae82e0f16d88b6d4dcc7080ccf0b38a0d1fb8fb

SHA256
2669de885e160e06a4d71c7d752d4fc830b223eb39f5d3b46346141d2f9b02a3

SHA512
6a865731ffe02ec9d4d247fdbfc4bdeb8a8190f4a4d6af86f79bec9b547f9e18d04580c4bd5025ae0b8f5dfe9cd037aa39889b20b4edb616fecc74842b13a302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
492e116a0b5c6db62cff16c6f65bb7c9

SHA1
d94379cdaf27b4c3ea4481f04b8818754d930b67

SHA256
4bb8dde36a57a62fc5fb9141e17ab70b8061fc9c28ad37acd09fd1413af9dd6b

SHA512
cdda65f71e0facf1e7d59254d9e87b243ce1dc3d6cb858bd453646fa9445b4fe0f2e2e365263c9d917187723595c0deeeb18a44f22e548b242bec4334d0fadf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8dca704b239a32811acd016cacf8da1

SHA1
a1f5890ff989e5b134aa32d1874eb1986ffce34a

SHA256
2eac35c70c83ff70ae66f7e47b01b5116f09412f7328340cec85bdbe80f5b2e1

SHA512
062c5ffe3ae0bb52294ae2aa9dc63e348d94f6d6c5fa5eeeed8a75bc756e759771af126ec4e49f3287379051771cf745a74c9cc7454a5a17f1e1329d5034357a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
7034ca89e40b2758aa9c0cfaae864e72

SHA1
8e2b680ae62c9256d845e4c97d9a2d782abda4c1

SHA256
9d35d8beb5aedbe1a35fe1f88b474d75934ab2293e936e85b30cb3609ed2e097

SHA512
753ccf665bfc70f55e9e9a326288ebdadc7874e50b77df2f65446a5b7ad3af488f66bd5f34c009f84dd24a5cd616827d541662f32f74b3e0098bce52b5d85539

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
201ebf8b9e20d389543a3cc4c386e625

SHA1
675abdb72e19e54a43e13358f26e3dbd22ebe477

SHA256
4aef5c916f49277aad2dd9bf83d01e93e6eedc1ca595e3c5bbfa16ad95031caa

SHA512
f90dd8a313ac38b77b49fd4b532bf4aba5884e53040aaa0d019709b914fc69d976dd62881ca3fb1c67e592437a778e3f99ccfd6b23da039f9b062f98d7b39619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2ab003989642292e08ef5d0497aa7e46

SHA1
5124312f818b2909f405e075b80f96f152f43cc0

SHA256
7485247e18cb2ae2485b927335698f98a6f1e58e1cab628defeedd70da390d5f

SHA512
e6ca82e1437830edb036bca5852a5111da0418f0c9f5f1fcef8fa3f370b33a5813b680d2e693504c894daa8a5c1a79de4d8d5f815612bbbf564a351f4aefe078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\e93d7024558d2ee595265c43dc1084df[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6D94.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F31.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6DA6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F46.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request