eb46e13dbed8710b05a08c4a947f2b82d114e133b550e7c687fc1d93002bec64

Analysis

max time kernel
130s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 04:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html
Size

61KB
MD5

0fb3e268c9333aac59df08d6cc022a5a
SHA1

3d38e42083988aec35a5670ef957b7133b8c0e7e
SHA256

eb46e13dbed8710b05a08c4a947f2b82d114e133b550e7c687fc1d93002bec64
SHA512

2515e2d2e7aa46d765f2f95b80efbcc2b4500f5fe3e60266597ff884f4e5b49188aa1de5035492df7d54fe75c149ed26a6e84bbcefb131e2957c0ba95043a1b4
SSDEEP

1536:Su+srMtjImcDHqAta4DAzWMHXtW9SCUg5H8RKjOmfnylw6EOS5L5dsSso6v+cw0m:SbsrMth4HJFr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a1a339159dda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a960690000000002000000000010660000000100002000000015b62d645ecbbbffb8f660cb87f8ea76ef9fd7a447452aa712d4e85804268216000000000e80000000020000200000000b16c480ee4951da31e51ed89833633f2049ebbfe90a0d810a52df7554a134fa9000000047d9d9d91d44b9cccfe161b57c5f25492b9fdeb82a78b90e85a19260c4ebd90ea97faecac4352a4deff137b59b8e6c0877de7b000bbc6557825a90c8b7d5c6e998b476e6c6c73ba6e4f2acaf2288236c25d5e48c6edb2fa2d57130ad6c36d63251e9a0b6fdffa394a0f1791b85c979f66d75f4beb5327687799ccad8af61c85f93d97edb415c196eab590fbb35d7809740000000ed21c55734709edd71a9b720636699486afd9a0c381440ed029028c6bae8850b18b931c079e009cf26e1a9b539ffd3df075739a529ee7e2c46f424002c40d7c4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{580965F1-0908-11EF-B5E8-DE62917EBCA6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000fd476923038ffe15d198c4ebd84872e53df9a6dc6257704b52e347200677315c000000000e80000000020000200000007a700b6a15262c51530c40837a86c47d9214f5e65bf344fefc0b85d0306c37f12000000014d1d47aaceb7f1d7ddad136c11536ca1435cc1fe527d808b3b2fd820ae26c554000000025dfe5ed7c0297ebb570c06f896021e666f9b2e5b4be1d585106e9e99b456ea9aa665ba78ea46cee18e92a9586ba9d4716f14cf732f53e71ef6ec2cc51b1f1eb	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420873559"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2808	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2808	iexplore.exe
2808	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2532	2808	iexplore.exe	28
PID 2808 wrote to memory of 2532	2808	iexplore.exe	28
PID 2808 wrote to memory of 2532	2808	iexplore.exe	28
PID 2808 wrote to memory of 2532	2808	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2532

Network

DNS

paypercall.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

paypercall.org

IN A

Response

paypercall.org

IN A

69.28.67.78
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
DNS

platform.linkedin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

platform.linkedin.com

IN A

Response

platform.linkedin.com

IN CNAME

2-01-2c3e-0055.cdx.cedexis.net

2-01-2c3e-0055.cdx.cedexis.net

IN CNAME

cs767.wpc.epsiloncdn.net

cs767.wpc.epsiloncdn.net

IN A

152.199.22.144
DNS

1.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

1.gravatar.com

IN A

Response

1.gravatar.com

IN A

192.0.73.2
GET

http://paypercall.org/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 03 May 2024 04:48:14 GMT
last-modified: Sat, 06 May 2023 17:25:38 GMT
etag: "176-5fb09b1bac42e-gzip"
vary: Accept-Encoding
content-encoding: gzip
content-length: 239
content-type: text/css
age: 0
accept-ranges: bytes
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/styles/green.css

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/styles/green.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:14 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/styles/green.css
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/uploads/2012/01/site-banner-bw2.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/uploads/2012/01/site-banner-bw2.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 03 May 2024 04:48:14 GMT
last-modified: Sat, 18 May 2019 19:16:55 GMT
etag: "1101-5892e579d97c0"
content-length: 4353
content-type: image/png
age: 0
accept-ranges: bytes
server: Apache
GET

http://paypercall.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 03 May 2024 04:48:14 GMT
last-modified: Sat, 12 Aug 2023 05:43:22 GMT
etag: "3509-602b34ea729e5-gzip"
vary: Accept-Encoding
content-encoding: gzip
content-length: 4872
content-type: text/javascript
age: 0
accept-ranges: bytes
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/custom.css

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/custom.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:14 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/custom.css
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-includes/js/jquery/jquery.js?ver=1.12.4

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 03 May 2024 04:48:14 GMT
last-modified: Sat, 30 Dec 2023 05:53:07 GMT
etag: "45a96-60db3c357cd74-gzip"
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
age: 0
accept-ranges: bytes
transfer-encoding: chunked
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/functions/css/shortcodes.css

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/functions/css/shortcodes.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:14 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/functions/css/shortcodes.css
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://1.gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Fri, 03 May 2024 04:48:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://1.gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g
GET

http://paypercall.org/wp-content/themes/headlines/includes/js/superfish.js?ver=a445b835742b4511cf5f6fa2335af4fe

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/includes/js/superfish.js?ver=a445b835742b4511cf5f6fa2335af4fe HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:14 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/includes/js/superfish.js?ver=a445b835742b4511cf5f6fa2335af4fe
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-home.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-home.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:15 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-home.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-search.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-search.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:15 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-search.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-social-digg.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-social-digg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:16 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-social-digg.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://fonts.googleapis.com/css?family=Droid+Sans

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Droid+Sans HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Fri, 03 May 2024 04:48:13 GMT
Date: Fri, 03 May 2024 04:48:13 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://paypercall.org/wp-content/themes/headlines/includes/js/woo_tabs.js?ver=a445b835742b4511cf5f6fa2335af4fe

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/includes/js/woo_tabs.js?ver=a445b835742b4511cf5f6fa2335af4fe HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:14 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/includes/js/woo_tabs.js?ver=a445b835742b4511cf5f6fa2335af4fe
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/style.css

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/style.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:14 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/style.css
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-includes/js/comment-reply.min.js?ver=a445b835742b4511cf5f6fa2335af4fe

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-includes/js/comment-reply.min.js?ver=a445b835742b4511cf5f6fa2335af4fe HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 03 May 2024 04:48:14 GMT
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
etag: "ba5-5dc2a2438e980-gzip"
vary: Accept-Encoding
content-encoding: gzip
content-length: 1351
content-type: text/javascript
age: 0
accept-ranges: bytes
server: Apache
GET

http://paypercall.org/wp-includes/js/wp-embed.min.js?ver=a445b835742b4511cf5f6fa2335af4fe

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-includes/js/wp-embed.min.js?ver=a445b835742b4511cf5f6fa2335af4fe HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 03 May 2024 04:48:14 GMT
last-modified: Sat, 30 Dec 2023 05:53:07 GMT
etag: "4e3-60db3c3588121-gzip"
vary: Accept-Encoding
content-encoding: gzip
content-length: 694
content-type: text/javascript
age: 0
accept-ranges: bytes
server: Apache
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Fri, 03 May 2024 04:48:14 GMT
Expires: Fri, 03 May 2024 04:48:14 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "80d5c9d57d5f206f"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 55813
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 20:43:43 GMT
Expires: Fri, 02 May 2025 20:43:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 29073
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 35323
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 20:56:43 GMT
Expires: Fri, 02 May 2025 20:56:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 28294
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/rpc:shindig_random.js?onload=init

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Fri, 03 May 2024 04:48:18 GMT
Expires: Fri, 03 May 2024 04:48:18 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "9b77125b6924cb07"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 23473
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 20:48:45 GMT
Expires: Fri, 02 May 2025 20:48:45 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 28773
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=tall&origin=file%3A%2F%2F&url=http%3A%2F%2Fpaypercall.org%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=tall&origin=file%3A%2F%2F&url=http%3A%2F%2Fpaypercall.org%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 03 May 2024 04:48:17 GMT
Expires: Fri, 03 May 2024 05:18:17 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://pagead2.googlesyndication.com/pagead/show_ads.js

IEXPLORE.EXE

Remote address:

216.58.204.66:80

Request

GET /pagead/show_ads.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Fri, 03 May 2024 04:48:13 GMT
Expires: Fri, 03 May 2024 04:48:13 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 14587502881926898581
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 14438
X-XSS-Protection: 0
GET

http://platform.linkedin.com/in.js

IEXPLORE.EXE

Remote address:

152.199.22.144:80

Request

GET /in.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: platform.linkedin.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Age: 2458
Cache-Control: public, max-age=3600
Content-Type: text/javascript; charset=UTF-8
Date: Fri, 03 May 2024 04:48:13 GMT
Expires: Fri, 3 May 2024 05:07:15 GMT
Last-Modified: Fri, 03 May 2024 04:07:15 GMT
Server: ECAcc (lhd/35B8)
Vary: Accept-Encoding
X-Cache: HIT
X-CDN: ECST
X-CDN-CLIENT-IP-VERSION: IPV4
X-CDN-Proto: HTTP1
X-Content-Type-Options: nosniff
X-Li-Fabric: prod-lva1
X-Li-Pop: prod-lva1-x
X-LI-Proto: http/1.1
X-LI-UUID: AAYXhNrZf4rMr4+e0CHfCw==
Content-Length: 163630
GET

https://1.gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 03 May 2024 04:48:14 GMT
Content-Type: image/jpeg
Content-Length: 3785
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2016 23:36:13 GMT
Link: <https://gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g>; rel="canonical"
Content-Disposition: inline; filename="d731682e36d3d7f422328936916ee8f2.jpeg"
Access-Control-Allow-Origin: *
Expires: Fri, 03 May 2024 04:53:14 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 3
Alt-Svc: h3=":443"; ma=86400
Accept-Ranges: bytes
GET

http://paypercall.org/wp-includes/js/wp-emoji-release.min.js?ver=a445b835742b4511cf5f6fa2335af4fe

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-includes/js/wp-emoji-release.min.js?ver=a445b835742b4511cf5f6fa2335af4fe HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 03 May 2024 04:48:15 GMT
last-modified: Wed, 03 Apr 2024 08:32:10 GMT
etag: "4926-6152d0f1345c0-gzip"
vary: Accept-Encoding
content-encoding: gzip
content-length: 5062
content-type: text/javascript
age: 0
accept-ranges: bytes
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-time.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-time.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:16 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-time.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-social-facebook.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-social-facebook.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:17 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-social-facebook.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-comment.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-comment.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:16 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-comment.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-social-mail.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-social-mail.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:17 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-social-mail.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-social-twitter.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-social-twitter.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:16 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-social-twitter.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-social-delicious.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-social-delicious.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:16 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-social-delicious.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-social-stumbleupon.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-social-stumbleupon.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:16 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-social-stumbleupon.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

www.livehelpnow.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.livehelpnow.net

IN A

Response

www.livehelpnow.net

IN A

184.170.245.181

www.livehelpnow.net

IN A

184.170.245.180
GET

http://www.facebook.com/plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60

IEXPLORE.EXE

Remote address:

157.240.221.35:80

Request

GET /plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60
Content-Type: text/plain
Server: proxygen-bolt
Date: Fri, 03 May 2024 04:48:16 GMT
Connection: keep-alive
Content-Length: 0
GET

http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx?div=&zimg=562&lhnid=2645&iv=1&iwidth=120&iheight=103&zzwindow=0&d=0&custom1=&custom2=&custom3=

IEXPLORE.EXE

Remote address:

184.170.245.181:80

Request

GET /lhn/scripts/lhnvisitor.aspx?div=&zimg=562&lhnid=2645&iv=1&iwidth=120&iheight=103&zzwindow=0&d=0&custom1=&custom2=&custom3= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.livehelpnow.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
location: https://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx?div=&zimg=562&lhnid=2645&iv=1&iwidth=120&iheight=103&zzwindow=0&d=0&custom1=&custom2=&custom3=
cache-control: no-cache
GET

http://www.livehelpnow.net/lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526

IEXPLORE.EXE

Remote address:

184.170.245.181:80

Request

GET /lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.livehelpnow.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
location: https://www.livehelpnow.net/lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526
cache-control: no-cache
DNS

IEXPLORE.EXE

Remote address:

184.170.245.181:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

http://fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSaw.woff

IEXPLORE.EXE

Remote address:

216.58.212.227:80

Request

GET /s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSaw.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 24936
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 23:28:27 GMT
Expires: Fri, 02 May 2025 23:28:27 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 19 Apr 2022 18:03:56 GMT
Content-Type: font/woff
Age: 19189
GET

https://www.facebook.com/plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60

IEXPLORE.EXE

Remote address:

157.240.221.35:443

Request

GET /plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.facebook.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html;charset=utf-8
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
X-FB-Debug: yPG0Tl0+B5fSPWhM4RKEgp5WgBNzpbKY0PVPlUrZHKB2EEDfcnWc1g8jYJ5NHqggpkwp6y9+47nHexRCEhOFYQ==
Date: Fri, 03 May 2024 04:48:17 GMT
X-FB-Connection-Quality: GOOD; q=0.7, rtt=65, rtx=0, c=10, mss=1357, tbw=3221, tp=-1, tpl=-1, uplat=23, ullat=0
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 0
GET

https://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx?div=&zimg=562&lhnid=2645&iv=1&iwidth=120&iheight=103&zzwindow=0&d=0&custom1=&custom2=&custom3=

IEXPLORE.EXE

Remote address:

184.170.245.181:443

Request

GET /lhn/scripts/lhnvisitor.aspx?div=&zimg=562&lhnid=2645&iv=1&iwidth=120&iheight=103&zzwindow=0&d=0&custom1=&custom2=&custom3= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.livehelpnow.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

cache-control: no-cache
pragma: no-cache
content-type: text/javascript; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-xss-protection: 1; mode=block
date: Fri, 03 May 2024 04:48:17 GMT
content-length: 2683
GET

https://www.livehelpnow.net/lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526

IEXPLORE.EXE

Remote address:

184.170.245.181:443

Request

GET /lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.livehelpnow.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

cache-control: private
content-type: text/html; charset=utf-8
location: http://advercalls.com/images/help-button.png
server: Microsoft-IIS/10.0
x-xss-protection: 1; mode=block
date: Fri, 03 May 2024 04:48:17 GMT
content-length: 161
GET

http://paypercall.org/wp-content/themes/headlines/images/bg-gradient.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/bg-gradient.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:17 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/bg-gradient.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
GET

http://paypercall.org/wp-content/themes/headlines/images/ico-social-technorati.png

IEXPLORE.EXE

Remote address:

69.28.67.78:80

Request

GET /wp-content/themes/headlines/images/ico-social-technorati.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: paypercall.org
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Fri, 03 May 2024 04:48:17 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://paypercall.org/wp-content/themes/headlines/images/ico-social-technorati.png
vary: Accept-Encoding
content-length: 0
content-type: text/html; charset=UTF-8
age: 0
server: Apache
DNS

developers.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

172.217.169.78
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

209.85.203.84
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

172.217.169.78:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: c36d72957dcdcd5147dd47db15807438
Date: Fri, 03 May 2024 04:48:18 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

209.85.203.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 03 May 2024 04:48:18 GMT
Cross-Origin-Resource-Policy: same-site
Content-Security-Policy: script-src 'nonce-wGXH4VpqO8tNS75yBRmZbg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

advercalls.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

advercalls.com

IN A

Response

advercalls.com

IN A

23.21.120.75
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

172.217.169.78:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 02 May 2024 17:23:48 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.3377220656.1714711703; Expires=Sun, 03 May 2026 04:48:23 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-UCq+9mpuWjzCxyRgxUExaZCm18rheI' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: 67a1690dd2f947ad8ae5a5805449c7d8
Date: Fri, 03 May 2024 04:48:23 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

http://advercalls.com/images/help-button.png

IEXPLORE.EXE

Remote address:

23.21.120.75:80

Request

GET /images/help-button.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: advercalls.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 May 2024 04:48:18 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://advercalls.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.180.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

IEXPLORE.EXE

Remote address:

142.250.180.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ssl.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
Content-Length: 4846
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 21:24:49 GMT
Expires: Fri, 02 May 2025 21:24:49 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 25 Apr 2024 20:08:02 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 26609
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

tpc.googlesyndication.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.200.33
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

IEXPLORE.EXE

Remote address:

142.250.200.33:443

Request

GET /sodar/sodar2.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Date: Fri, 03 May 2024 04:48:36 GMT
Expires: Fri, 03 May 2024 04:48:36 GMT
Cache-Control: private, max-age=3000
ETag: "1637097310169751"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

IEXPLORE.EXE

Remote address:

142.250.200.33:443

Request

GET /sodar/sodar2/225/runner.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Content-Length: 5046
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 May 2024 21:29:23 GMT
Expires: Fri, 02 May 2025 21:29:23 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 21 Jun 2021 20:47:05 GMT
Content-Type: text/html
Vary: Accept-Encoding
Age: 26353
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/generate_204?G3dVlw

IEXPLORE.EXE

Remote address:

142.250.200.33:443

Request

GET /generate_204?G3dVlw HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 03 May 2024 04:48:36 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

fe0.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A

Response
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

209.85.203.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 03 May 2024 04:49:20 GMT
Cross-Origin-Resource-Policy: same-site
Content-Security-Policy: script-src 'nonce-D9WzBLOLLLAThHLUZ7c-KQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

209.85.203.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 03 May 2024 04:50:22 GMT
Content-Security-Policy: script-src 'nonce-I2voHPLnfb9XctB7BM2Vdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

69.28.67.78:80

http://paypercall.org/wp-content/uploads/2012/01/site-banner-bw2.png

http

IEXPLORE.EXE

1.3kB
5.9kB
9
10

HTTP Request

GET http://paypercall.org/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70

HTTP Response

200

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/styles/green.css

HTTP Response

301

HTTP Request

GET http://paypercall.org/wp-content/uploads/2012/01/site-banner-bw2.png

HTTP Response

200
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/custom.css

http

IEXPLORE.EXE

923 B
5.9kB
8
8

HTTP Request

GET http://paypercall.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

HTTP Response

200

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/custom.css

HTTP Response

301
216.58.204.74:80

fonts.googleapis.com

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/functions/css/shortcodes.css

http

IEXPLORE.EXE

2.3kB
87.5kB
38
68

HTTP Request

GET http://paypercall.org/wp-includes/js/jquery/jquery.js?ver=1.12.4

HTTP Response

200

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/functions/css/shortcodes.css

HTTP Response

301
192.0.73.2:80

http://1.gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g

http

IEXPLORE.EXE

643 B
1.1kB
7
6

HTTP Request

GET http://1.gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g

HTTP Response

301
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/ico-social-digg.png

http

IEXPLORE.EXE

1.6kB
2.0kB
8
10

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/includes/js/superfish.js?ver=a445b835742b4511cf5f6fa2335af4fe

HTTP Response

301

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-home.png

HTTP Response

301

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-search.png

HTTP Response

301

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-social-digg.png

HTTP Response

301
216.58.204.74:80

http://fonts.googleapis.com/css?family=Droid+Sans

http

IEXPLORE.EXE

528 B
886 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Droid+Sans

HTTP Response

200
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/includes/js/woo_tabs.js?ver=a445b835742b4511cf5f6fa2335af4fe

http

IEXPLORE.EXE

563 B
591 B
5
4

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/includes/js/woo_tabs.js?ver=a445b835742b4511cf5f6fa2335af4fe

HTTP Response

301
69.28.67.78:80

http://paypercall.org/wp-includes/js/wp-embed.min.js?ver=a445b835742b4511cf5f6fa2335af4fe

http

IEXPLORE.EXE

1.2kB
3.3kB
8
8

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/style.css

HTTP Response

301

HTTP Request

GET http://paypercall.org/wp-includes/js/comment-reply.min.js?ver=a445b835742b4511cf5f6fa2335af4fe

HTTP Response

200

HTTP Request

GET http://paypercall.org/wp-includes/js/wp-embed.min.js?ver=a445b835742b4511cf5f6fa2335af4fe

HTTP Response

200
192.0.73.2:80

1.gravatar.com

IEXPLORE.EXE

190 B
132 B
4
3
216.58.201.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

6.5kB
159.3kB
81
123

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200
216.58.201.110:443

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=tall&origin=file%3A%2F%2F&url=http%3A%2F%2Fpaypercall.org%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.3kB
5.4kB
11
10

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=tall&origin=file%3A%2F%2F&url=http%3A%2F%2Fpaypercall.org%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

301
216.58.204.66:80

pagead2.googlesyndication.com

IEXPLORE.EXE

190 B
92 B
4
2
216.58.204.66:80

http://pagead2.googlesyndication.com/pagead/show_ads.js

http

IEXPLORE.EXE

830 B
15.6kB
12
15

HTTP Request

GET http://pagead2.googlesyndication.com/pagead/show_ads.js

HTTP Response

200
152.199.22.144:80

http://platform.linkedin.com/in.js

http

IEXPLORE.EXE

3.6kB
169.3kB
72
128

HTTP Request

GET http://platform.linkedin.com/in.js

HTTP Response

200
152.199.22.144:80

platform.linkedin.com

IEXPLORE.EXE

190 B
132 B
4
3
192.0.73.2:443

https://1.gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g

tls, http

IEXPLORE.EXE

1.3kB
8.8kB
14
14

HTTP Request

GET https://1.gravatar.com/avatar/d731682e36d3d7f422328936916ee8f2?s=80&d=mm&r=g

HTTP Response

200
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/ico-social-facebook.png

http

IEXPLORE.EXE

1.4kB
6.5kB
9
10

HTTP Request

GET http://paypercall.org/wp-includes/js/wp-emoji-release.min.js?ver=a445b835742b4511cf5f6fa2335af4fe

HTTP Response

200

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-time.png

HTTP Response

301

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-social-facebook.png

HTTP Response

301
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/ico-social-mail.png

http

IEXPLORE.EXE

898 B
1.0kB
6
6

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-comment.png

HTTP Response

301

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-social-mail.png

HTTP Response

301
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
132 B
4
3
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/ico-social-twitter.png

http

IEXPLORE.EXE

549 B
560 B
5
4

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-social-twitter.png

HTTP Response

301
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/ico-social-delicious.png

http

IEXPLORE.EXE

551 B
562 B
5
4

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-social-delicious.png

HTTP Response

301
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/ico-social-stumbleupon.png

http

IEXPLORE.EXE

553 B
564 B
5
4

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-social-stumbleupon.png

HTTP Response

301
157.240.221.35:80

http://www.facebook.com/plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60

http

IEXPLORE.EXE

735 B
924 B
7
5

HTTP Request

GET http://www.facebook.com/plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60

HTTP Response

301
157.240.221.35:80

www.facebook.com

IEXPLORE.EXE

190 B
92 B
4
2
184.170.245.181:80

http://www.livehelpnow.net/lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526

http

IEXPLORE.EXE

1.7kB
891 B
14
4

HTTP Request

GET http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx?div=&zimg=562&lhnid=2645&iv=1&iwidth=120&iheight=103&zzwindow=0&d=0&custom1=&custom2=&custom3=

HTTP Response

302

HTTP Request

GET http://www.livehelpnow.net/lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526

HTTP Response

302
184.170.245.181:80

www.livehelpnow.net

http

IEXPLORE.EXE

236 B
365 B
5
3

HTTP Response

408
216.58.212.227:80

fonts.gstatic.com

IEXPLORE.EXE

190 B
92 B
4
2
216.58.212.227:80

http://fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSaw.woff

http

IEXPLORE.EXE

1.1kB
27.9kB
17
23

HTTP Request

GET http://fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSaw.woff

HTTP Response

200
157.240.221.35:443

https://www.facebook.com/plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60

tls, http

IEXPLORE.EXE

1.3kB
7.0kB
12
11

HTTP Request

GET https://www.facebook.com/plugins/like.php?href=http://paypercall.org/&locale=en_US&send=false&layout=box_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=60

HTTP Response

200
184.170.245.181:443

https://www.livehelpnow.net/lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526

tls, http

IEXPLORE.EXE

2.1kB
8.8kB
14
13

HTTP Request

GET https://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx?div=&zimg=562&lhnid=2645&iv=1&iwidth=120&iheight=103&zzwindow=0&d=0&custom1=&custom2=&custom3=

HTTP Response

200

HTTP Request

GET https://www.livehelpnow.net/lhn/functions/imageserver.ashx?lhnid=2645&java=Yes&ck=true&referrer=&pagetitle=Baidu%20CEO%20Discusses%20Q1%202011%20Results%20%u2013%20Earnings%20Call%20Transcript%20%7C%20Pay%20Per%20Call&pageurl=file%3A///C%3A/Users/Admin/AppData/Local/Temp/0fb3e268c9333aac59df08d6cc022a5a_JaffaCakes118.html&zimg=562&sres=1280x720&sdepth=24&custom1=&custom2=&custom3=&t=&d=0&rnd=0.9889839889554526

HTTP Response

302
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/bg-gradient.png

http

IEXPLORE.EXE

542 B
553 B
5
4

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/bg-gradient.png

HTTP Response

301
69.28.67.78:80

http://paypercall.org/wp-content/themes/headlines/images/ico-social-technorati.png

http

IEXPLORE.EXE

552 B
563 B
5
4

HTTP Request

GET http://paypercall.org/wp-content/themes/headlines/images/ico-social-technorati.png

HTTP Response

301
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

487 B
179 B
7
4
172.217.169.78:80

http://developers.google.com/

http

IEXPLORE.EXE

584 B
690 B
7
5

HTTP Request

GET http://developers.google.com/

HTTP Response

301
172.217.169.78:80

developers.google.com

IEXPLORE.EXE

190 B
92 B
4
2
209.85.203.84:443

accounts.google.com

tls

IEXPLORE.EXE

756 B
4.8kB
10
9
209.85.203.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.3kB
6.4kB
11
12

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
172.217.169.78:443

https://developers.google.com/

tls, http

IEXPLORE.EXE

1.4kB
24.2kB
18
23

HTTP Request

GET https://developers.google.com/

HTTP Response

200
23.21.120.75:80

advercalls.com

IEXPLORE.EXE

242 B
144 B
5
3
23.21.120.75:80

http://advercalls.com/images/help-button.png

http

IEXPLORE.EXE

1.4kB
18.9kB
24
24

HTTP Request

GET http://advercalls.com/images/help-button.png

HTTP Response

404
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
142.250.180.3:443

ssl.gstatic.com

tls

IEXPLORE.EXE

700 B
4.7kB
9
8
142.250.180.3:443

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

tls, http

IEXPLORE.EXE

1.4kB
10.7kB
12
13

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

HTTP Response

200
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

432 B
231 B
7
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

403 B
179 B
6
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

487 B
219 B
7
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

662 B
219 B
9
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

340 B
179 B
6
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
132 B
4
3
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

409 B
179 B
6
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

449 B
219 B
7
5
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

737 B
231 B
8
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

588 B
231 B
9
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

490 B
231 B
8
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

380 B
219 B
7
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

744 B
278 B
9
6
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

744 B
278 B
9
6
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

242 B
92 B
5
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

692 B
219 B
8
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

501 B
226 B
8
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

357 B
179 B
5
4
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

395 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

288 B
179 B
5
4
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

449 B
219 B
7
5
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

236 B
132 B
5
3
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

432 B
219 B
8
5
69.28.67.78:443

paypercall.org

tls

IEXPLORE.EXE

386 B
179 B
7
4
172.217.169.78:443

developers.google.com

tls

IEXPLORE.EXE

577 B
355 B
7
5
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

340 B
144 B
7
3
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

290 B
88 B
6
2
69.28.67.78:443

paypercall.org

IEXPLORE.EXE

190 B
92 B
4
2
142.250.200.33:443

https://tpc.googlesyndication.com/generate_204?G3dVlw

tls, http

IEXPLORE.EXE

2.1kB
18.9kB
18
23

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/generate_204?G3dVlw

HTTP Response

204
142.250.200.33:443

tpc.googlesyndication.com

tls

IEXPLORE.EXE

710 B
4.7kB
9
8
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
209.85.203.84:443

accounts.google.com

tls

IEXPLORE.EXE

523 B
355 B
6
5
209.85.203.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.1kB
1.8kB
9
8

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
209.85.203.84:443

accounts.google.com

tls

IEXPLORE.EXE

431 B
315 B
4
4
209.85.203.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.0kB
1.9kB
7
8

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200

8.8.8.8:53

paypercall.org

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

paypercall.org

DNS Response

69.28.67.78
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
8.8.8.8:53

platform.linkedin.com

dns

IEXPLORE.EXE

67 B
162 B
1
1

DNS Request

platform.linkedin.com

DNS Response

152.199.22.144
8.8.8.8:53

1.gravatar.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

1.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

www.facebook.com

dns

IEXPLORE.EXE

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

www.livehelpnow.net

dns

IEXPLORE.EXE

65 B
97 B
1
1

DNS Request

www.livehelpnow.net

DNS Response

184.170.245.181

184.170.245.180
8.8.8.8:53

developers.google.com

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

172.217.169.78
8.8.8.8:53

accounts.google.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

209.85.203.84
8.8.8.8:53

advercalls.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

advercalls.com

DNS Response

23.21.120.75
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.180.3
8.8.8.8:53

tpc.googlesyndication.com

dns

IEXPLORE.EXE

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.200.33
8.8.8.8:53

fe0.google.com

dns

IEXPLORE.EXE

60 B
110 B
1
1

DNS Request

fe0.google.com
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
69cce266aea6c3333b85242b9db21d4e

SHA1
a26be82712249a02cc7d1482654c12000dea4133

SHA256
67506ccddb89a4f148274ed31a8d066a97825384eaa7ce8ef44cd89cc6d0423f

SHA512
57e3bab7e710a80a7049892a82f959c38d47982ac2426a8a8e3118b3287468fc906fd2a9bc66a4e2c9cd2c46082bf5837f6922f5785ec2a23761367bd42e6736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87b89a0ab076c7618f20458735245b73

SHA1
75833f2673cd9f7299306994808896cab8fd0b8b

SHA256
4084c5344b22c897326687a829ade5848860561f3f9d6add250440bdae41de97

SHA512
efa33210525647eae7abb0d1aa558588ee6fd87f6d008845dd8be69c3059cd9a801f9753fd9599a77d6cb60496683e68c08fef257f328dd24ac957500b6ae1a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7249b23ddbdd3d185f4f88e7f02fccba

SHA1
c9af3223116abac78be25d5cb1fbd49c60c252a2

SHA256
8557d0ddb3b94a0827499162d4aa173fd72d5e7d8e79cf0edf6d35b49bbbbcf2

SHA512
49cd0bcceef8304b80b6a56149445341c625f4023ca2c7d55dbc2948d740a555b6d4838baefc1cbd17b15e7ba8b78f3a3d74341ce258777c82887aaa7070cfd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8343a5db51e88f86ea69c388735d1279

SHA1
442bda5efd852ceb9e195f0cc7a8b785aa33891a

SHA256
c8bf553a14fea9676ab10117d94ef20d8311228d979708a2153a3e0e17fa8ed4

SHA512
97cf61507ac3bc871950b849f41c3d3480afef824b22ea85f487b94acddc796ab3d91171009cbcd71c39c08bb6631920cd2d3bd394905058239d40f3b09a9b22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e845700f35e8e265adb385fbf2586586

SHA1
c8d84c2456cbe3676b9ce3cf8d776fff321df3a9

SHA256
e05132b930a3e48f665a6b25dc6b97405d4df5f3dea472e149c46fc46733860e

SHA512
f35f2b2304588183e1340ebbec4fc07286bafaf0fd5d37b286a7bcfece2e055f6c7b67381af66368255843c0c4d45ffe3838894039ba394c30d9d83e014a400a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
702ee2c9704f1bcf13c550e59ebb4162

SHA1
c3aab44787c695b7ee40856a0fb81f083421a4cf

SHA256
8682cf085bb51d871597181b1af699e2fbbd03dfcf4bf79789f5b30c2576dc58

SHA512
5445609736a1fa69546e275bbb1913f013996eb50935970277c5ce9c4f27121b9ebcc2af06b68076ab7253b2997bb414e9c10b019900bba4333698325a087497

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52af1c132e6767a05adfa3f77366ff61

SHA1
d6bb6965524c24a0c362c4ff1674d3f3b802aa41

SHA256
6cde8021438c4311cde0df00bfb8ced3adf28f1ac1b931686dd6d9f78ef3d21d

SHA512
fd8318e7cd6ed86fbcad15a4132e98153e4f2c0246f1a4800b38d6c43edc456d878a8279b51d4f5c431a7107696cd02614db4d927de0bc9313792159652f0d59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfaddde6715e06ed343a5563dd90eade

SHA1
17b7a547e724350dd447ac881ee8b0982aae1979

SHA256
def33ee336cfbb815364910480c45a65aa0d81bdad5cc4d1fc076f9b05ba9566

SHA512
fd1b9bad29668d7545ce1f3fa49c8a2808f2f884c2f6d7ff12074de30a911a6f8555a033f931301cd704f9c58328852ca650c78d2d94ac845deb1ea11c2d75b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
196c157bdf9b6a39765b766156f508d1

SHA1
a00f5d793b5c0a7ab81f414b2afea4d13607328f

SHA256
1369daab82e79f00f3b9d10badea087132be1c28dbf19f9ac56dde7020b66a07

SHA512
2b43fcfcf0efce12db9f610f7fc031e893641ee514f4377993c508f10d37f92d4d92d9f511293ddd55c90e1ccd7e2deeaca6ef0700650ff9690a9cd21f0e938d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
517b8ef3aac0ffa1d448b6c148385aaf

SHA1
6dc6141aae2d06c43ec8ebf1a2d295ca08085110

SHA256
cab49c7156b4fb33249624545dd1f0cf2be574c7d20387b786b3f6e6cf6b6256

SHA512
7baa2b6a7098f2ef41379c15e318c0366d490ba2c11d932192e90eaa307170d877782c02ad84db47d8e5ee45e65ecb750a276a12c44df81fa6aefb2d709a67fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
793c27203fba2a106af573dbe9e03f43

SHA1
63a23e6e8892269d25ef94ffe657a2b9e5dbebc0

SHA256
4326472c8ccee0fd4b453deebbb8c345adb97cfcc604f749dcd798d6de1a786e

SHA512
310fbbc8606948512e245c541314be255ab4d62a808560a1e468a2f864dc76c1e4ea413437263160c720ad9b6a9beebfc1a4ca051e36b69ec709498b68ee8c6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01f44f79d738e03331ddc18a25c4c8bf

SHA1
136ae41485f8875b2e0c1fd41bbf153897a32dba

SHA256
d814fa0e09acc0f9831e31cd4f85ced6142fd46df0016e65caf1fbd1bbe929f3

SHA512
f834a9baca601e281bfb29174f3bb5dbb98117d8262169b7c33585ccfc99e0b68396163b17f1f5f67d10b782398c50f65fc46df979ee79a781898ea13b7c3c66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ac84363a521bd5c3c0c23d0b82dbe9d

SHA1
43bfaf2f9efda77be07ad6aef2331dfe40d55742

SHA256
6f732f3e6136d40471b642d2566a0dcf6c202f7f5c3b7fd0ea3fb9d556bfd506

SHA512
a7c0fcdb87378d10ac284287d4f6ed271b693f02a4d891e63eaf0aa501edb5a6ab78501823fdeda3db2c654c2eb88f2168f796ad80453a2a150aa5b94ca6b8eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16a0f1b3a585897d7edeabf4d9073b37

SHA1
34d0a553db941008fc26565358652def4e44aa16

SHA256
16fb7b66a7bc8f9fcf4eeac2f4682eb6b65db855b2095a02f5c78a5ed011b92e

SHA512
777e7982afedfd353a5e203070d1a1513ac93997b048b51eb88df0f184b3e93ee7581029dd826d98c17f77a9482c385f0b17ef16ffbeafe45555d674805a5e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2acd0802eebd4f119ddd967c1e64aabe

SHA1
c68312d688b98deb77e8ebafe012d4de0f454ef2

SHA256
38dde75d352ab7fdea3b43b7875ac4fb46147e484884bb809a4b123b39fe3eb7

SHA512
2d25c971965392e7c7335a3ca075ee527dbc2b2d2562cf936d07d4dee77e2e8c424698f9b461aa9cd2ffe6d4c37c9575bc91e8488ab7aff2353d4cdd9b169dd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f8528787d3fb363ca5be5e49e48ec85

SHA1
c28ae0cfbbb248a68b12e23a50b1bafce9471061

SHA256
d793da99475823fe32db15e7e11f7f510d1d1f7aed3a25033f32e01f2b09d0c5

SHA512
29b815b5973ebf226148c5d638c5b0910648111adec18044296e6a77077b4e00bebf461b99b9e446b60e915d39a701715d0610f36897b43b0603209ace4c0cd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8d3c0147c593b1f1d570ec3014b5326

SHA1
5ff7360e491de680c6ccb36f41a274f14266269b

SHA256
2d79c33d304e9759b277f950d13a7db8c0cf5f067827878bbfb1003f44f8e584

SHA512
44c3d1af28bac08b0a43b79909ffcf946afe0378f83dd21e03a0cac2a61335a736fd9e913b31365201e2224a2ada12074204565b6c1583c603955eb61d622af3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e686d46ce34b17e60eb23eb70691680

SHA1
50991ba4a25736c3279794a21f224cd408a8febf

SHA256
7655075cdc9eee5cea22e709d628a2fea851f94eeff2d17e42f8985eb2112260

SHA512
00d9478a0005725100601557151be649f3d0d5a2258ae1d13a2cdfef89306e7eccaf6bebf2837e4ecd2b50fb1072fecfee8b9caa161f0b7a08607baa8e057244

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
425fb83503bcba5c39623a5a1ce0b1c6

SHA1
0ba49c71cd3fc59b9846cc5adb9b7b714bbf6384

SHA256
3c00b5bcc98df2b094f0fa562fb4055fe22c65e011c21812b444f551b7861b08

SHA512
74df685f73aee1ee0a01fa3837ce41590f1fdc839369566e2ba87e13ab212fc2879c1e66527c0003f0b7f21932a3463f66df937a53642164d28c0a6a122c0f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a84ede27b182c1714bdc50a2a814b4a

SHA1
4924243376ae98a67a288dbbdd509a3a930e760f

SHA256
875ba6ae4aee4bf2542dea5c09c58977bcdae6292f8a9a1408da3b349ecee7eb

SHA512
5c1df860bd1445fce1799c6d7ac1f782bc24f6cf8d28ba709fd2bdebb7e8165876395fed15d62d3ee051f2eeef3b756ffcdea0c9739f7726bb0749c1eaa3fa9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7559b3d807cccfe3ffe7b6b184f46a67

SHA1
dd0b75e864ef6260aa66706083a088f0826aa47c

SHA256
dd9f3232861cfe95e602c7f24017d904dd59babd3c99711d2f798b815c812a7c

SHA512
aa6575906c612717c8e4166d2480a92dbde9fc99fea50526cfdcc21b8d1a17af2256d9e1c4b56c1817e873d5157b476dac57a2cc897b116d6b83a3015dd3ebbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb7e9c3ae7ab9c964d0f720d6fcd6c4a

SHA1
0e400572b5d7dcdc5323cb50d17347012ea9ad7b

SHA256
0e3ec8919a59f61c1ef66c06cf333af3e63e6950d209a2eab739a57391a6364a

SHA512
8848e61ff4a25e7ea8742627439cb6c4362be0ade13125108aacee42c973711849e8415bb17a0dbf1c3c68074bc47fec85ed9fd05cd6f6fa4aaf87c751c8db81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e2d5a74475f86bad7cedccd7380da6d

SHA1
818252f5476f271a2f2b9667c51934ae7533e3ab

SHA256
94f5a4038fdc0b16e79def3fecdf78d32b895cd83e570fe6db311e02c4579654

SHA512
407a7766bf2563cffe490293a4154383e6e5e8d0164e572524c985e3b63216d417df9807f0c6585e80da9857e0877cf23b45a64693761779967ba679796ed204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
73c9636e8237e7c5f1c5154ba4b83210

SHA1
4a8d3413acbdf08e434d2f702864eb55f57d8c58

SHA256
fe96165978479e69b3e04b773a625436a296fb2533bacbf6a8819c7c7ba345ef

SHA512
b49e531b435099d657f9df292201ddeb53bd2502f631fc5f731b2696614a86623d5df7e514c7f484245493ad70b5e7444fbffe2bebbf04df6dbb558b42da4fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\cb=gapi[2].js

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\rpc_shindig_random[1].js

Filesize
14KB

MD5
23a7ab8d8ba33d255e61be9fc36b1d16

SHA1
042d8431d552c81f4e504644ac88adce7bf2b76f

SHA256
127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

SHA512
e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\3604799710-postmessagerelay[1].js

Filesize
11KB

MD5
40aaadf2a7451d276b940cddefb2d0ed

SHA1
b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

SHA256
4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

SHA512
6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A4B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request