d494d707b3dac13fc37c4f6d903393294718081fd748f3a755d453ba6e680052

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 04:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d73ae7672330a750a201ac17d4075bc_JaffaCakes118.html
Size

35KB
MD5

2d73ae7672330a750a201ac17d4075bc
SHA1

acacb04b01a9666b361c33c6655d48901c1b7247
SHA256

d494d707b3dac13fc37c4f6d903393294718081fd748f3a755d453ba6e680052
SHA512

d16fc789ca9177818649fba3c83a48dfb9e8360b2add140cc0935cb945f60c5ac86f75b1ce3bc1b4ae265677875ce94b461e4bd69ca872fef669a6aae14f589b
SSDEEP

768:zwx/MDTHWI88hAR+ZPXFE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6Tpncn6DJtxo6lLd:Q/DbJxNVYu0Se/i8YK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10bfd92d96a2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000037028b9fe6ae6ee5e40adc66732cb20313958546b5e8ae395005519450a5986b000000000e8000000002000020000000ccc642a02445d9bbc1bab9c1b4fd16299fca30dfbd2fc9347eaa276ef304c7ac2000000081d179c2baaab59aa7d09b4b043f52c6e893312d491ea3eb1e72a873ab00e6844000000086a166394db1c96aecb7a7806463b4bb44dddcf3f832ca2f820d7bd6dc7f3901ce3c8a406ff3cd1f7024e3bf91b8b3f07a8aad53e183c2d5d0f8d707362c3a99	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000038de6542c1edc1e451d44e59e4242646ac10e5b54d9ebaf72beb7899adf882b4000000000e80000000020000200000003302a692bc714ba81249b72b782ddc3a29f454dea5301fa31b4f58b33edbeefb9000000025ccef018a42a67892006fbb8f0c4ad4ed8b78dc79349b7293c849c1ef982ea7503b5426d1688fe3b9729e7d7adb98a330dbb425050943ee91d92898dedf37ac1bfc809694da759b5931863bc845fe13f0b05af33ee1ef2c70f1bcfd0b25952888d7d479799d524be56f9683c9ebfcdc9e38497d9c1d65d7a89b5bad8746d566f21c43a75c5257dc4a39fe03b228d0c04000000028db56a185766b687bf280942bce9c1e567e71372d1bc97ac446fea84645ef6706a35e7d849a2756715ff3cc12d4a89f6fec37c4951fdbcc277ef84104d91867	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{577E4C51-0E89-11EF-B195-DEECE6B0C1A4} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421478718"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1608	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1608	iexplore.exe
1608	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2568	1608	iexplore.exe	28
PID 1608 wrote to memory of 2568	1608	iexplore.exe	28
PID 1608 wrote to memory of 2568	1608	iexplore.exe	28
PID 1608 wrote to memory of 2568	1608	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d73ae7672330a750a201ac17d4075bc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1608 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A

Response

coinhive.com

IN A

172.67.165.117

coinhive.com

IN A

104.21.57.186
DNS

saltworld.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

saltworld.net

IN A

Response

saltworld.net

IN A

172.67.166.97

saltworld.net

IN A

104.21.11.155
DNS

www.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gravatar.com

IN A

Response

www.gravatar.com

IN A

192.0.73.2
GET

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gf5kD%2BjbOD9LdwusM9CiiyEBkOSqhDFsBP8tVGa999duBUxC4x1zvYZYdHAJG6TWfhpJQBOmxiXhhZe%2BQ8iBLEnCcDVdiIsOnes0e799BW8lYJXYGilcFaBTyh9j1wwp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547e3dd763a3-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W88Q2R7kFIp1XglJBaCMge%2FDCucEAbSYktVO5SZ2%2BqTAn6XXPTKsxT6Iw6etef%2FYRhs0FS3ENYTmkNWe4jbn6pYcn1JBM2fFF8nO8sjwSyNeun5uLqtARyFP47dpCGH0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817547e2fa87755-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rcTBtLeLazyq%2FlITXJtgYD7BrE94jAnzax9rdfZqN%2BApK6B%2BNW9oyb0rwV5KYTI2JHbc5RHC39k5QRiXI2kOFZ1IQh1hz9stSsPBHc6jV%2F8EU2KIHiutJZ%2Fk0tavoZQa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547e7feb7755-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bn9gfGZ0bycnlfH3n00u3wwgATLpyk1oBQkzd7l5wTYvoKmm3ZG%2FdkhkINiTE6Jl%2BlFQWFxVLuJROcEbWzfj64HtKVoZTGjGdyho%2BnXYlkTqY7Bt8qm%2FMZmmjKBkAeDm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817547ec8237755-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://saltworld.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/uploads/profile/photo-thumb-14002.png?_r=1487942156 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OdVhvB8T7xce6QEdiITrGpCQQ6%2BttYuDp5g8YedoEYQFj8rDdz59Gr4zM3Z51SRFCNDuXSKMAJFSiZwqQnfwM%2BvkCCysvdV%2BDXDs%2BZ3QzOK2lobnvjuJNqyhz9%2BCTTjJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547e2a03385e-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T14xKztv%2FU30LKAXP1on2SYYv5mAnhon1FrQrnD%2FzEtzbcPRBevSZk%2B%2B6XeTlRY3V1aBTO8O%2FowNbWXrj3dKOoAmAkoGJ%2FnWc2nK4VvKIKezFqq9cam%2BuMNFnpnMQYF%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547e3f7f4136-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mMPVqJpjEgbECncRaE4T%2F1EVw7wzck0iEI0MQZPGZDJ5TyV1VNklPunuzOe1feQFrAVn5SHQ1qRRgH2ZeZx22oD8SJcw4u9V46u5C5RockaAeOh6JuMyGRzQiYnPC9td"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547e3d53dcc3-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2FnV8ERQ1ADqavhB%2BDt4Jc%2F4DojyUFD%2BvdnB8z%2FImf8j0Wiv2oSYX4PUTRP9d3JOXAKlsTmlPk3JyfPER0bt8YQjvqgSSbbZrvMG8hdXfIwFwIPF%2Bp%2B6eREru%2Bi2SP8l"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547e8d9edcc3-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gr9K%2FqfWZ2LGX%2FacQOE8C%2BvEgIaVEkC692IYb2%2Bb4D%2FT5PqZBEQMjOMuzi%2F1CaM4dZlZP9u9JCD%2Fz8D9mRTi7vK3j0D22OVnA7CBtxtABrUzr%2BUoI4PLVogT2aIjgpSC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547e3d94653b-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aT2%2Fcq%2BRh0tR91QEWv%2BIZLJLZeiqhNR%2BNke6dYp0B2OMwQ%2FvGisC2%2F1BIsNEp3CfIDIRQotjtJjBHhG%2FAArzcyA9O%2BhvdAI82X%2B%2BW%2BJFUNTXAE5t7%2Bo9pyUakkDdeydG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817547e8dbc653b-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWRIaXYKm%2BuG52Kfa%2FnZqFuHjYof%2B1owHgf60WyMu2q9gOyaaK0FteWe97YJWH5YzifItGKEPVmmylc7ziSRQmzNiv%2BTgzlFypBPbGqtTepcoYc9i%2B3Td9zki4aIgdb8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817547ecdf9653b-LHR
alt-svc: h3=":443"; ma=86400
GET

https://coinhive.com/lib/coinhive.min.js

IEXPLORE.EXE

Remote address:

172.67.165.117:443

Request

GET /lib/coinhive.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: coinhive.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: application/x-javascript
Content-Length: 1115
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ETag: "806233d282cfd71:0"
Last-Modified: Tue, 02 Nov 2021 00:44:41 GMT
Set-Cookie: ARRAffinity=df570bddab35fa38bcda4e51ee426cb371ed4d7d49cfc2eeadb8c92579b67b5f;Path=/;HttpOnly;Secure;Domain=coinhive.com
Set-Cookie: ARRAffinitySameSite=df570bddab35fa38bcda4e51ee426cb371ed4d7d49cfc2eeadb8c92579b67b5f;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
Vary: Accept-Encoding
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSMfwFpX7PDSWDPN4AX1TAI6HISFWfpGY1V6Mc3NmHiQYYGXBXbu86KnohKWFHAtFW8X%2BlGIF2fICs7FCHD7DrGw1QAfSVMrB5fwHDMIbsWxLaHDeeb5F5cQSWkalQc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817548058fddd43-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Fri, 10 May 2024 04:59:14 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 4
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Fri, 10 May 2024 04:59:14 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 3
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Fri, 10 May 2024 04:59:14 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 2
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Fri, 10 May 2024 04:59:14 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 3
Alt-Svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qoy89nja%2BPYUUDngPqmR8RVXA7lCpZw4zxhhkk%2F4Jp8A81pMFCCsvZ06fXdsyMLSd0CbbvuJd76ndrgp2Ws71MF8vYrmkM%2BTid2SBYR%2F%2Fo8QF0%2BhnEn8PQiKSLMY6vUl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88175480591794a2-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hhdRyOMYk6wKp5kli7MGVRS%2FBCI%2BETEadmpCO7xPUDDW62fKMgmNqLG0%2BF4sihZc7m4y97Ks%2ByT6fkKzkm71lScgnKrWPVIgwx5q3jDy7jApphbdNPySS4yobKO5lBvP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754805f92416b-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bq0DhpMd24brBlpY56JRSkv%2F8q5k%2FMiisrKwjqpH6xOD1vIzA0rHZ2qDkOHYBpyyddcybV3THur7GdHgMN0oZBx3EJHyoHzL%2BtTQVUzdk%2FB2mwG9G0hbMrIbER0Vn8MV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88175480afbe416b-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oooFS49aFDkb6TjAGGzw3AK%2BVJCYlUYtECgjP0Nd9%2Bl9%2FnaXS00veyCMgVYMJ2HXOjrE5w9Z3d9y8OGMc43IKHy3hL29OY5chgaEoaYEU%2B0AWrW8gaTWWxZgey5WV0Hc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817548068566349-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=muBTN9tltlO%2F%2Fvdus3i7ZkkOo3lC8rwn6NZryZlE%2BvZJn7RQlBq0bCaPAJjjN2fn143Q9ZRTC7L1uQ0Dsv1GLm%2BeoHthewEIseXIq9e8W0ujYyKUQ2JbTS8H5ChHJ6X3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88175480b8866349-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SSSquBttgpds%2B%2Fn0Dsy5%2BWcUEF58ut%2FHd72Lce6D%2F9Z2VnU5m%2FUPdcn7ELbukz1wFh8UsB%2FEwB%2FQC9S%2FLLvgP67fghTSwuJsGg8nQ9cyIbqq9lTJImLzfPg6juOs6jn5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754851b9f6349-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/uploads/profile/photo-thumb-14002.png?_r=1487942156 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=28EI%2BJ63xF7oIy0AaEiQTFC5WRe%2BOOzUZPMUVHYDi2uoc%2BCPKBmwHW%2FzEzI2u3TuAErwTsq2cZX3mvRzJdvOKp6vZy%2B6KVKJrMAbOqqaTuyMT5rjGu%2FNmRk0e9g813dN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754804ba2889d-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B1e8OBlGR6SXphzbOy%2FN5iyGaFOLbayWoNn08KENpd55s2dDkUQrXX%2F9YBTgiovA2gSNZLq%2BETql7wDgpXDbq7RIoZdRGg0Ysob3mBBLuxsNlZcCBFZ9TB%2BsoHCDS0kv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754809bdb889d-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2F3TcD9GJI2vMacZZp5zlxVCmCKERKpKfmyQHPwWAbbJ721xMYiVOlzRAN0DTZZFxDra4MN4CzJv3gJ1zt0dlZ070ESZDfTkZUoY23oSBV9trdRSCdROfkgvNWPJ2Fw3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88175480dc10889d-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8gW9bCQVvX74R8G%2FxANiyEt0kcCY05r51ZjppCJk%2FV%2FDxWxBVPV7K%2BEX%2FAXcMnEyHyQMXPXoWYQLf9YIH2jlNAagj0zciDADWRRSc6ZSnivQNiFmozCdJY6hAIGQlye"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88175480590663d9-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01VHoqLDyEK6vs8Ynun3NEWxvv3mv7rct80wclcc4k8BW8mk0t6fyj753gf%2BPOtDqVoNBY%2F3rjk4HVvehMJCsTl0pQ7cKnje8V%2FoLuPJ%2Bo7evH4JXqcHo8cAS1gdbPAs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88175480992963d9-LHR
alt-svc: h3=":443"; ma=86400
DNS

gamingw.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

gamingw.net

IN A

Response

gamingw.net

IN A

172.67.160.162

gamingw.net

IN A

104.21.65.85
GET

https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdAnC%2F%2BHSvRjBIbTtdRQheEViprGR3iImmI5pBIvDun%2FMa4NtfC3ptR2Kl80NhfjgY2BcNETWiydgxHH1mjTC%2FkHPbSqqWEJg1ri8qgPemOUfHh2a9y0JNBqrUk%2Bcw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817548129869406-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7AiRIcC8xl1aRTZOqx3nGeb8sQPsHhmbeLJPipbxINFDdJ5SMWU6YKfwGhPRJ%2B1C7RHBNEAzEYbUhzTsm4Hbw%2BHmIX1bAKJnCzeiTOW6J448NfPmcAKb4OprvEb5w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817548179e99406-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jrGNwniYY1l%2FQrkhPTPruzA7%2Bk%2BE8B0adWFfcqoTVKebaFkmouW628T1yrACupBgn7vATmab3GcXFs%2BMtPE7zThfN5EbgVCh3NsXvKg3jojXI%2FGQTI7wJ1lUdVeFMA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754856cc89406-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:16 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dv8yLN3qC%2FzXCvdAGNTHlW3yNVYmgr%2F5WG2vmhpCgYauZUMLzDn1gzEFqD5ST00aDqfAgyC8Iix6WvX%2BlTcZpvhLZ6EP1sreQWE%2FW6YKdz8TBLyiLSNWLzzqEXOzug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817548b68ee9406-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-thumb-14002.png?_r=1487942156 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:16 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vlFLsXEg0ZD%2BNXgKq6irEzXWbRsk0b%2B3SWJICoIoiy6YLe7mFC%2BCspY0ME5AuTqZlTGbmy%2FAVWxnbH1hKGDVrn0yY1wel%2BNVvubl2scmNaF6G3Yg3f1onaExy6%2BXPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817548138a894ff-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:15 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=muE%2BmbszIsn1ZZZIggSMKB07KivNPzuMLCYG13%2Bwi%2FGzDdq7BxS%2BTLYTGYjji8InE6Kzltn3wfVYTDgSgl0NaCZNYp4ivtSeWEvsDcM7Z21iXGKQcuimv8UZnWGh6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754813a5793fc-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:16 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qB0ZCS7d6UwbAi5FOyR%2B65VY8gSDcQDG3PnbXahX0fRj%2FAwGieHtaMfWh7kRkZTtvjsRx%2Fg8phcVlwGsdMgF0ILqVTc1h6ZJEa3zi79m3ggG8qkUKsZCJtvmysCXJg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754813b564194-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EuXrkQV0o6cL09gqKPs5AnWSrpcRpxVACRUPrnHB9smNba9px%2FMCjSsBu0fShgbl8FH4axM5bdfTj5y9vOv2Zw3wTYJGhe9Xosfizt%2F00lgYxi6vkBsmGse51dtOOw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881754815b449413-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:16 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qeXEFwz7%2FL%2Fw05I0uq5CVtIseZLqG%2FxqgfrxN91eTlEciHw5ZPdce8ORaG3%2B6aGQO5FRJfRVEEPu4RGrzvTq3wnUxiYpI6TAfwTOQORiumJj8RUjqifcfyxmUK4%2F3A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817548b6a379413-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 175
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=85ClyP7ltAvangzTP4UhWgJgOSykyfSd8lE5ki%2BDwy0bax2gtYcz9xQTDvUM3zwW0YiEcCNSXy4AnkFcguLrImWaYTBLhi7naIxA6H8jEyc6sJFC4YLROtyPanc7Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817548168e963f3-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Fri, 10 May 2024 04:54:16 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=twKS2gPYbuMYYFFkKUMi2f0oUl3RRX2x%2FR3dFrIWYCwHrCpYGx3z%2FZxdArfpnrQWzWlbCDnCukJJKzTTzwgRptYXUY7e%2B0Oj0bKdDuthtLdXYfVIaYdQZXAFFhuzgA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817548b694c63f3-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

i1.wp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i1.wp.com

IN A

Response

i1.wp.com

IN A

192.0.77.2
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Fri, 10 May 2024 04:54:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: EXPIRED lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Fri, 10 May 2024 04:54:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Fri, 10 May 2024 03:20:55 GMT
Expires: Fri, 10 May 2024 05:20:55 GMT
Cache-Control: public, max-age=7200
Age: 5601
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding

192.0.73.2:80

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

http

IEXPLORE.EXE

589 B
1.2kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302
192.0.73.2:80

http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
172.67.166.97:80

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

http

IEXPLORE.EXE

1.4kB
3.5kB
10
9

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
192.0.73.2:80

http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

692 B
1.3kB
6
6

HTTP Request

GET http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
172.67.165.117:443

coinhive.com

tls

IEXPLORE.EXE

773 B
5.8kB
10
10
192.0.73.2:80

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

692 B
1.3kB
6
6

HTTP Request

GET http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
172.67.166.97:80

http://saltworld.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

http

IEXPLORE.EXE

595 B
1.3kB
6
5

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

http

IEXPLORE.EXE

586 B
1.3kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/top.png

http

IEXPLORE.EXE

1.1kB
2.7kB
8
7

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/feed.png

http

IEXPLORE.EXE

1.5kB
4.0kB
10
11

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
172.67.165.117:443

https://coinhive.com/lib/coinhive.min.js

tls, http

IEXPLORE.EXE

1.2kB
8.0kB
12
12

HTTP Request

GET https://coinhive.com/lib/coinhive.min.js

HTTP Response

200
192.0.73.2:443

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.8kB
11
9

HTTP Request

GET https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
5.6kB
12
11

HTTP Request

GET https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
5.6kB
12
11

HTTP Request

GET https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.8kB
11
9

HTTP Request

GET https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.2kB
6.6kB
11
12

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

tls, http

IEXPLORE.EXE

1.8kB
7.7kB
13
14

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/public/style_images/master/feed.png

tls, http

IEXPLORE.EXE

2.2kB
8.5kB
15
15

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

2.1kB
8.2kB
14
15

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

tls, http

IEXPLORE.EXE

1.6kB
7.3kB
12
12

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

302
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

2.4kB
10.5kB
16
18

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/top.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/feed.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-thumb-14002.png?_r=1487942156

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

tls, http

IEXPLORE.EXE

1.3kB
7.2kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.3kB
7.3kB
11
12

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.6kB
8.3kB
12
14

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

tls, http

IEXPLORE.EXE

1.6kB
8.3kB
13
14

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

606 B
554 B
6
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

606 B
515 B
6
5

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
858 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

606 B
555 B
6
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
142.250.179.238:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

858 B
18.3kB
13
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
142.250.179.238:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

785 B
7.7kB
9
13

8.8.8.8:53

coinhive.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

coinhive.com

DNS Response

172.67.165.117

104.21.57.186
8.8.8.8:53

saltworld.net

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

saltworld.net

DNS Response

172.67.166.97

104.21.11.155
8.8.8.8:53

www.gravatar.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

www.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

gamingw.net

dns

IEXPLORE.EXE

57 B
89 B
1
1

DNS Request

gamingw.net

DNS Response

172.67.160.162

104.21.65.85
8.8.8.8:53

i1.wp.com

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

i1.wp.com

DNS Response

192.0.77.2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b6e71adf7324685d8f60c97bdb99f892

SHA1
ac45dd58c3dfb5d68ffdbc27817f1e5ad5720830

SHA256
40a181e9a8b85b862afc89a604eb290be3b5cd68937feb9ccfc467d3589e8e5c

SHA512
f864a712e300632059c0678ff5f54412fc7f7a1db02e469bcdc77be452886b55cd3d08ff51076278d1a21b091b2fc459e30c53b0d8e8855dbfefa59f0ee4cea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
40f16163b47d4d9d21e7cf4d5e2f292f

SHA1
82959c11ab6de77cb9dec45ac801ebfb54cd8d9f

SHA256
81f15e6f62c96d53e4bc9c17c4f15e31e61430cc46a50d3582267338bcdb1115

SHA512
69e5a0797f953912cb4116eb273eb748565c0659b1d281ef6ab90208ab48be9a7925f86261f851b1fae30c9f0b09c1cd470845c9844ad633bb3a54c97e5c66b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46a41f885a4c89256909863d66e2d892

SHA1
01419481bf3ccfda06e70327f5056064f9e04b93

SHA256
64cbc136dc52cd4e17c4c511e74d22671a7e869cbf99f8ae7db7de3b1a155b5c

SHA512
cd6845ef1c4b370ea088f6d8c837df83211941ac4778b287c6b150317b444fb9b4f853163d52f90948daee79cf69bd626604d041178c04692f2730c963a22ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5876935ed904f7a124c4edb6f76d2770

SHA1
87173568fa0b363d7db51ca0463c6255d637e244

SHA256
bc7e52475392cc97e709a799c173665d51bea69c6863e9d8a47bad030fcad521

SHA512
84f5af96d288d5cba8933e5e1f0e166dffb6f4509741a724195f99a3370968745857ffdf86de0bd94179eca8f89017360d36b4946f3257f61764b4d1d7373385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91748809a473ceb9b3c33ab8533f035d

SHA1
6e771a8950c93b8800361a5817cfe860ee2d74e0

SHA256
c2a1d1af4539dac891ef5c8429a1fe00d8e6de36962695c7540ee43e5b92bbd5

SHA512
0e4f776d184b2f10ec288c2e63d4ed9bcbdb8488877576b6d951e7b0248e08b385acba0dbff22cff8826c9b4561bad21631d38df3086ab511bee8bb53b1afefa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f62835400a165622dddfec0768f5b05e

SHA1
34ce9fc56c51752a922e6a69e40c9cbc3f7debe7

SHA256
dd0e23ad7c1f2d424289f9e3142184e049462fc6a0f844dd04942928dfc862fb

SHA512
fb86117e4cefa689f82d685c58405eae827856a1d54e141b8dc33f78d2d5760c9f65386224de3ae3887175029988e990e8961bd06ade49c752738ce16f64f4bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b5d6c53087f4e3fa31c1a75cec0ad2b

SHA1
8e9896099450e04cfb0b2642835f441c021c386e

SHA256
b9a6d908989dbe0f7ede0b0fde7e0905e8f0166e295133133f4b6978188e9d20

SHA512
591a2e24cb0ccf958712d29c47aaed967740c31a78496415e8bdb5ffd890a7fea57249606b0277ad2ae1d19e4fb6ee99fcadef446f036cb9883d90665c2b68a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b084b9adb88c6e955bd02e5f582f14a

SHA1
4b7299c6bf1392242601a8fba1eff77956078231

SHA256
085334b7764ca745511c6da3f53391188a49e8f720294f401a132ff434a4a5ec

SHA512
d9ef66f38fa49034e5630adb657c4f315442d2a281a9ac1d6d496eaec631cfe516b92c7968a2f6fca946ab5e0c5cae67e1467aef374ff4cf0c78b2dd320e8b49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8912acbfa0ebe39a79299acd281caae8

SHA1
1a5a041e630393a1548f73df68f99854633aa57d

SHA256
e5cbb8d21860095970e56112355ab6f32ee7eac6b86cbb3e6f822cd3024776a8

SHA512
1e36e3b59d32a634ee6e0c84d98d9673b3e9bff63b2fa4c05553ca2131648d4bd1ae2bfd51c79b7b755a609efa4db787469aaa2188a302e0e9af86e06b3b1332

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abc9cbf66890cb3a3aa2b5391bdb1449

SHA1
a1e67c03d7e85fc05755c5d20d5f08dddc306d8f

SHA256
02d09f721301c40511760918a0851923b6bb7122a5e9a6008b0d5b665d964a9e

SHA512
c133f276ea2678126792b108d70c1d0bcb49569fe500684698b21a60e366cbd0765988404b403dbc14e84cdfed2c5aa1395c40d922f2d77d5ff748ca0160191a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d74aa54d3d46ca148d3d4b8a33dfb018

SHA1
9d3c49c7dfb8e3b1500ce68235717b9860294da0

SHA256
6bf06ff63d4e26d0f7fc004123e8f69383cef522376ffa9a5875109ddc431eb3

SHA512
68aee1ea3396e97ea0cdd1a7076042058449480b2afae07dfeb586f6aeeb137a3835da10d86131e1ff86e89f6eb5f871d61b7b63de81a8f90b62b48ad1241ad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df59b2e94d342c9156ad23e2b74e81e1

SHA1
9286e0a470ad9e0981d2fdceb2bff1dcfa8545b1

SHA256
46faad639d0d6df9771c1629a15d6c73ea5832212a91e179994a2425139508ca

SHA512
d48d4755629180192af916570c55bf3a75e07f0819bbc06c0566b776c9afa1877008359efd3874af7dd82dfb483911248ea8fb2a08a67693df7bc46e044b499a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9abfb7cd919c11bb66c3dd7d142ef3ee

SHA1
f3e49830881b83a4c55422d41d9944f7fe16ae5c

SHA256
10fd177b27877f56b74943db3762b33a872f44b1049699c96ec3e4204248a2d9

SHA512
b7bad2a120fee150ed3f5afa17c29d280950aebad7099a02b4bfc317929be6ee5a3b4a7ce55818338459fa06f50a9337c2d48d22fc2d42ef8f4f4bdf30ac43f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31832b37db833f0d42acc500b983156c

SHA1
fbf6899f4b88853f5dc7e573280244234b0ce2a6

SHA256
7fc305159855c9ecf2c2c0379b204b5173ee4026863609d988b332a6c09835a7

SHA512
96d8f8130987e7e092503aaafd26ccea29b265a9a43d803c21a0dc3d4029bbe8a9b0bd3c9ab216d284580fe61296b93af00fe2b930557ad8764e704655e4d9ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cfb23d6b65c167dc0b97792536f4143

SHA1
d3bb37c634ba68cc67d0ba225f0b5562dfec9974

SHA256
6902ea79b43f50272b8b923589646b8426439ab5e087a7217e5f24e125c64057

SHA512
1d441778a8b5ba9bc5974090b87e927ed83c60311619ca122a3cf5df9d91f494b2f65da29ac0d0f58ff69e56aa477be42299517c2cee5d3bf7ef1439f0939094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65fa1c18a52e26e3d6a0d33d3eb059d6

SHA1
70d075d5a6063e3bdb5a130529a7f866058792bc

SHA256
d7ee037f9ace6fbefb9ce0822acd0c8f9c8ba8cea4a57d10fcc2b7b78a14a0c6

SHA512
1020fa7cfdbb570864c7a695283a596571f8bbac0174bf14e3cbef7e19d1ff1254233820011d6083522cdca62b39bbca5129064f0937baf8a6446a6ab2a28697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
789b34bdfd362356bb31bcd37a5f6b5e

SHA1
259881ec7ba6f4d72f8b8d33b0dede685e787a38

SHA256
97b314d8bbebef73f661f01dfc5ac8d8912b97e8ab99e04c28734ff0f860ddf4

SHA512
cc8ee958468a4301ca76001f1378ec645f76d9eef5f29d2a02a64a600a6a35d26030311246245367a3054ea6cf60cf20e0fa6e69fcb61c88a8ae176660e77b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
828d494ce37a42822bcad6546a2f7660

SHA1
4ea6107396fc885415b0083f974e759d76797056

SHA256
1d5049ee26b676830c177d31b0dd2529c0d99beaa5651c777aac74b23c305eca

SHA512
a84a0fd2d366fa79e5cd111d4b76064773e858272397264c126b3ae9b8d297795c3c07456fc1f6618c6af5f4e6a763c1759b2e503f0d5a1d0a14ca3831fee3f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6128021db8e287f4e534f1130599941

SHA1
51bbb47c9e4f41f26cbc040d9ea6fb75569fe138

SHA256
8ec86dba3895aae36181516f4fad3e6e253c754a9fa4637de42031356beabb45

SHA512
5124d6c6324da7ac567e70a1831c807142061ddebfd251639b9c251e860fa49c861496343145240cb92078b8b2316d5fda4c13a0b58fbefde2dd3e3b2660ab22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ad7e5af51d68aae3cf76e3cbc0d09d1

SHA1
ced1e7ad78d02007e3e8d6975961cd8da607f3e0

SHA256
432a12bc7981babf37e015b439228d9c40a7c9bd8ce9a150f5fa544b5865bbca

SHA512
af3779f4b74bc92df1a9470b06ff31ce1f2be8e1d8b304e36d7467e65ba88ce146c81bf639de0cb4013e2a8f1b398cead823f7270947ffb771db0f2502ed34e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a5f73db8803810a2db9647fb90248b5

SHA1
806c097dc21f427ed129890a3798f9ae66ee9cc6

SHA256
4115befa38f10eda2e7fbdb478678a5c509f5511be4d3b3a40f87eb41fed5397

SHA512
67a9a3d7ef22955324657fad24f34ad391ff5dfba89f15c638f1183953a4d6602f1747e2c6a3a34a7df4bac4414ca2523e7db5b910f772f43b8b22565a784e2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63b230da04067d78f872cdfed63d3129

SHA1
94e1993e7b16551848a10f82c152ff89207bd6a0

SHA256
ba31ec8367e09cb7f3307eb4ac10e770985beeef9b7ad95b5fe2eaff23add59c

SHA512
942c138ae69ea7a4239f8f2c752045f5bb56081d2aaff60ef4088c5379e0af2edb27e17d153eda99b894638b55270f08a8de921c9fb5e6197163084c33c4855c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dbe7371e38bb43451cf2d8bdfe6479e

SHA1
b9dd651ed7ed228ad92b0cb55177a03ab4f17781

SHA256
84c9e42c4ce753e7aad85335e0ee22fbf73cb966e85936ea16f26bd8586e4b1d

SHA512
34be237e8e6ad0fcf1f55ffeb3e0e933c04dae15f28024d2917c7e69f6136a2adf9c7a9ffb087933f72bd50b9cd0ff0b0fd4564005c3a043f1036889dc011c76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
cc7eaa8581e28abdb29eae2a76b2f781

SHA1
dea30d3c40e8ca88083bc06f7a3142af3b84cdd8

SHA256
90b80f7b8326e572e5b5dea3ce16003ef33d18ef186ec8580b89fbd6f2283b90

SHA512
c2794344e545c21998f604136dd9db3b832a1986bf5d91714743cf92e1d0079c4b7c7936393e7aed411b184e6aab0875e865219b2f73ba2aa0083ae70edc0b62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
7d2314b54a7fdc5a1d922a087530e367

SHA1
711e8f80c1d9207caabc1993857b5a6abc50e6dc

SHA256
e7e0f49b0f34d1c6721148317b2367b368b5a96a91bf85ff0552e11460af2865

SHA512
921026ec05fabf3fa8c5e4c3e371ff98a1639a5790e58e8309fdee92f88a949b725c916b29650125ce7aa269f98ac521bbced036bc1ecced7febac24024a4037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2510.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2513.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request