e585777264a08a2adab50265d83bbfc688adaa180d84fbc064f8dcfe56ee790f

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 13:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f5fc4db056b3ab51e15422968721e56_JaffaCakes118.html
Size

19KB
MD5

2f5fc4db056b3ab51e15422968721e56
SHA1

cf15e7340936e8f528c9487822edf4cfbe98fdca
SHA256

e585777264a08a2adab50265d83bbfc688adaa180d84fbc064f8dcfe56ee790f
SHA512

4cf2ad2843b48c7a82cf700c8bd259283f325c1d686de798a48728420da8d6a07dc95ac17196816e9a7e00df0154b2254eeb2d630a9fe2c4bbda1003b3f77808
SSDEEP

192:9K/ypUhTViqEWULTgE9d3djsvzMMSjQRf8hbvrMlUx9V6cxjb79DX+OunCiFqiSg:4/yoTViLLXfWwQRM3p55OOunCi8in

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 10892123dfa2da01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90be7235dfa2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001e4d6dbc6a66825fccff56b5ba59447edadfa8bf22289d8026bc30033a1ab9df000000000e80000000020000200000008b60231d65790618a5793e5a6c266552eaa4dcdee074169a51cad97721e318cb900000000244a530d6ae743e61173df82d1b36a50c56fe5ea11bdec8855fbcf6c188bdc8d9a97a8fc77333f4404501a818596d939c6b0e7863f8c4e63af1ee5545119632bab4ae034ad9c4b359425517eee2283875b545eb96b547a88cf09fedb040bb537afb6e4c92ae5539aec6e901fd9f5d8524e7d9c6d6d99663576eadbd4b471d9ba21ddfc2b18065a2c6cdac4f6607355e400000003d3a1c79cb29788bc57a94ac6e564b5dbf42796cb7f41389d190bce7b4ff06300551191842b7e4840f93ae6ef14008d8a6297d10c44a5797080c74929af0f2d6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F163A61-0ED2-11EF-A1DE-66A5A0AB388F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ed2f02af78b150fbb57eafba77c193b3fabe4f83202d3f6d75ae9c0709e38cf6000000000e800000000200002000000074556a28aa05b424084e37d4f99e6ded7f489b52c8c75c55e962fb26b0a936c920000000c2f4d7c42ba7d932f9bf49b2e824da8a5290c8a2ca0404e808b89f9e636c58fc40000000621eeaa893e471fd13feb63fe042c1eb79f4a68b0dd3a6baf49cc13c7a064ba24cea0826728465b6d147ec22c697e5a498cd2dc0d3235f267197ce4390ba31d5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421510084"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2188	2844	iexplore.exe	28
PID 2844 wrote to memory of 2188	2844	iexplore.exe	28
PID 2844 wrote to memory of 2188	2844	iexplore.exe	28
PID 2844 wrote to memory of 2188	2844	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f5fc4db056b3ab51e15422968721e56_JaffaCakes118.html
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2188

Network

DNS

static.mackeeper.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.mackeeper.com

IN A

Response

static.mackeeper.com

IN CNAME

d211q1i6v7lwo2.cloudfront.net

d211q1i6v7lwo2.cloudfront.net

IN A

18.164.52.20

d211q1i6v7lwo2.cloudfront.net

IN A

18.164.52.69

d211q1i6v7lwo2.cloudfront.net

IN A

18.164.52.126

d211q1i6v7lwo2.cloudfront.net

IN A

18.164.52.22
DNS

loadus.exelator.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

loadus.exelator.com

IN A

Response

loadus.exelator.com

IN CNAME

loadus.tm.ssl.exelator.com

loadus.tm.ssl.exelator.com

IN CNAME

eu-west.load.exelator.com

eu-west.load.exelator.com

IN CNAME

load-euw1.exelator.com

load-euw1.exelator.com

IN A

34.254.143.3
GET

http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0

IEXPLORE.EXE

Remote address:

34.254.143.3:80

Request

GET /load/?p=1050&g=2&cat=[popunder]&j=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: loadus.exelator.com
Connection: Keep-Alive

Response

HTTP/1.1 301

server: nginx
date: Fri, 10 May 2024 13:36:59 GMT
content-type: text/html
content-length: 162
location: https://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0
access-control-allow-credentials: true
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
GET

http://static.mackeeper.com/landings/libs/js/loclist.js?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/js/loclist.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/js/loclist.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 0befec97ec8a388fe199ea682db0cdc0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: RZKwrsnA5S05-q9gw2p_U89UuVOgapKS8XfpR6ohmr6lst9ylm7t3g==
GET

http://static.mackeeper.com/landings/123.1/?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 0befec97ec8a388fe199ea682db0cdc0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: tzkuO8N4fpvFDkalx_EqxIHEaooNjB6sNtlIhKIskfhpxor4RbCrxw==
GET

http://static.mackeeper.com/landings/123.1/img/stars.png

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/stars.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:02 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/stars.png
X-Cache: Miss from cloudfront
Via: 1.1 0befec97ec8a388fe199ea682db0cdc0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: gVMUYnNbjezxOIeBJepQ3_TmEnm2hfqxoAAUmC7C_qlTR_uhTHjFhA==
GET

http://static.mackeeper.com/landings/libs/js/cookie.js?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/js/cookie.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/js/cookie.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 03e404344c9f165c7468cdb109674f3a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: 8W3L4jJUxECuugbfla4EXAMSbIGUiEoBASTR6pvP5ZuRIW4lHAdmMA==
GET

http://static.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/Pixels/js/1604.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/1604.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 03e404344c9f165c7468cdb109674f3a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: eRueXlWOAd8Bnumf7m9G-v5DeHaR-TNA4Of4PW35ShQGTHqmDSa12Q==
GET

http://static.mackeeper.com/landings/123.1/img/pin.png

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/pin.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:02 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/pin.png
X-Cache: Miss from cloudfront
Via: 1.1 03e404344c9f165c7468cdb109674f3a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: 6_Z0A4AU6qUrp4M5rPsKHFs0Iie48YjS4mch1Pez4ILwgrLki8_EAA==
GET

http://static.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/css/style.min.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/css/style.min.css?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 0df1e08a236a7f5d1f4f9f78bdb4bb82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: wGOBK_aGaMtarmJW4WO2iYjpMND4nvfeKmwoNriI2wlHjn6xUysxmg==
GET

http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/Pixels/js/859.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/859.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 0df1e08a236a7f5d1f4f9f78bdb4bb82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: -uQFbDOD6WkSZCFQ_7YFvDmzV6R1dFuJtvWdwaoVc76Ax3DdMLMzgw==
GET

http://static.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/arrow_animation2.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow_animation2.gif?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 0df1e08a236a7f5d1f4f9f78bdb4bb82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: A6xURIJRtpvCW_xWtiVICG8pbFXwHLuCq77Udo2NEpKsuW3u_aP_uQ==
GET

http://static.mackeeper.com/landings/123.1/img/main-img.jpg

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/main-img.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:01 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/main-img.jpg
X-Cache: Miss from cloudfront
Via: 1.1 0df1e08a236a7f5d1f4f9f78bdb4bb82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: adoJax20FV_rpnjSfgwyceLNBqbzR2TeRtel4bmukIWu2ez6od74QQ==
GET

http://static.mackeeper.com/landings/123.1/img/steps-arrow.png

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/steps-arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:02 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/steps-arrow.png
X-Cache: Miss from cloudfront
Via: 1.1 0df1e08a236a7f5d1f4f9f78bdb4bb82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: PFJITgQhLoHrXJ4RKabIvKjv35dCm8Pmf0Gq1Mk8R3FbgXGm16kTBA==
GET

http://static.mackeeper.com/landings/libs/reset.css?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/reset.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/reset.css?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 83d0137377604ae8e59d0712f3ef6fe2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: gGXU42d-kcpZJ-HxBmxvP9vc6zlas8mraAX5y3T8Tn4svFWjxNiULg==
GET

http://static.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/overlay/overlay.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/overlay/overlay.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 83d0137377604ae8e59d0712f3ef6fe2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: LYYIx6y7ST5qhMdpfLwOELlubAm45o2PIg0lusVXLtlNHjPK7wxzPA==
GET

http://static.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/arrow_animation.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow_animation.gif?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 83d0137377604ae8e59d0712f3ef6fe2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: blGNF64lSCl7k7nCI2WOLS_dOh6pnYdzNQyp9JwSXVRXxDfcLEbBHg==
GET

http://static.mackeeper.com/landings/123.1/img/arrow.png

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:01 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow.png
X-Cache: Miss from cloudfront
Via: 1.1 83d0137377604ae8e59d0712f3ef6fe2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: 2Y4Xo8bqp8BVs7dvfyNOfhvOLLkqZjUO3lXZOv1UV4A4hZbA_0XEJg==
GET

http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/alert/alerts.js?mkv=4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/alert/alerts.js?mkv=4
X-Cache: Miss from cloudfront
Via: 1.1 a384caf780263a78fbc93ca2ad4cc5a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: H3h2hpLMO9r0ufheBHgyifi0Aqt52Ff4e_WFZ8caLa09hHaeeiOGlA==
GET

http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/Pixels/js/1282.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/1282.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 a384caf780263a78fbc93ca2ad4cc5a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: _NSNWWS_LjRgD3gZP_2hQiVTiik9s3TvGyFLWlwNCpCbaKkMlKqzPw==
GET

http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/sprite-ready-icon.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:01 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/sprite-ready-icon.png
X-Cache: Miss from cloudfront
Via: 1.1 a384caf780263a78fbc93ca2ad4cc5a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: f1u2LVwopw6TMBrjhjefPLgWC_6X9cX0F1OxSV63NiOQwPT0Xe9Zhw==
GET

http://static.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/jquery/jquery.min.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:36:59 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/jquery/jquery.min.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: xJK-Uorz09AaLHHSBT1HsCZerrvmLLwJst9_AK8fn_F_xZqwvzFYfQ==
GET

http://static.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/discounts/css/styles.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/discounts/css/styles.css?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: kA9TTvdStw8PR_hXJVYFpSMpRWoUUTIMhf7qjaO47wxK7572pzSFDA==
GET

http://static.mackeeper.com/landings/libs/discounts/img/back.png

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/libs/discounts/img/back.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:01 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/discounts/img/back.png
X-Cache: Miss from cloudfront
Via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: mY3amYLWszgZRyrdLQiQctAR3AoWzwynnXJgJLva816RJDjwENSqlQ==
GET

http://static.mackeeper.com/landings/123.1/img/sprite-icons.png

IEXPLORE.EXE

Remote address:

18.164.52.20:80

Request

GET /landings/123.1/img/sprite-icons.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Fri, 10 May 2024 13:37:02 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/sprite-icons.png
X-Cache: Miss from cloudfront
Via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P4
X-Amz-Cf-Id: RKjlfhph8C88uroTWLPJn84A9YRRftkw5p0eY3VfOnjjLoDSDCEi7Q==
DNS

IEXPLORE.EXE

Remote address:

34.254.143.3:80

Response

HTTP/1.1 408 Request Time-out

content-length: 110
cache-control: no-cache
content-type: text/html
connection: close
DNS

IEXPLORE.EXE

Remote address:

34.254.143.3:443

Response

HTTP/1.1 400 Bad request

content-length: 90
cache-control: no-cache
content-type: text/html
connection: close
DNS

mackeeperapp.mackeeper.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

mackeeperapp.mackeeper.com

IN A

Response

mackeeperapp.mackeeper.com

IN A

3.217.201.163

mackeeperapp.mackeeper.com

IN A

34.200.74.132
GET

https://mackeeperapp.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/jquery/jquery.min.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
Vary: Accept-Encoding
ETag: W/"57164f85-1762a"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/sprite-ready-icon.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/png
Content-Length: 2412
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-96c"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/steps-arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/png
Content-Length: 434
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1b2"
Expires: Sun, 09 Jun 2024 13:37:02 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/libs/reset.css?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/reset.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
Vary: Accept-Encoding
ETag: W/"5ae70052-33d"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/css/style.min.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 24 Nov 2020 10:39:52 GMT
Vary: Accept-Encoding
ETag: W/"5fbce2f8-4362"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/alert/alerts.js?mkv=4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 04 Oct 2018 13:30:26 GMT
Vary: Accept-Encoding
ETag: W/"5bb615f2-dbe8"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Security-Policy: default-src 'self' *.hotjar.com *.mackeeper.co *.mackeeper.com; frame-ancestors 'none'; frame-src 'self' 'unsafe-inline' *.a.disquscdn.com https://widget.trustpilot.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com *.lporirxe.com *.surveygizmo.com *.liadm.com *.typeform.com mc.yandex.ru *.js.ad-score.com/ *.cdn.onesignal.com/ *.onesignal.com/ *.criteo.com https://www.zenaps.com/; child-src 'self' 'unsafe-inline' *.a.disquscdn.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com *.lporirxe.com *.lporirxe.com blob: *.cdn.onesignal.com/ *.onesignal.com/ *.liadm.com; form-action 'self' *.mackeeper.com *.facebook.com; img-src 'self' 'unsafe-inline' *.a.disquscdn.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com data: *.2mdn.net *.pagead2.googlesyndication.com *.glotgrx.com *.lporirxe.com *.exelator.com *.owox.com *.liadm.com *.outbrain.com *.visualwebsiteoptimizer.com *.yahoo.co.jp *.apimzb-adserver.cloudmccloud.com *.3lift.com *.surveygizmo.com *.surveygizmolibrary.s3.amazonaws.com http://mc.yandex.ru https://mc.yandex.ru cx.atdmt.com *.baidu.com/ *.gstatstrk.com *.assets.kromtech.net *.cdn.onesignal.com/ *.onesignal.com/ *.rtmark.net/ *.taboola.com *.zoomsupport.com *.cloudmccloud.com *.linkconnector.com *.linkedin.com *.linkconnector.com linkconnector.com https://www.zenaps.com https://www.awin1.com *.clarity.ms *.lfeeder.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.a.disquscdn.com widget.trustpilot.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com disqus.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com l2.io *.inspectlet.com *.googlesyndication.com *.sagetrc.com *.glotgrx.com *.lporirxe.com b-code.liadm.com *.outbrain.com *.visualwebsiteoptimizer.com *.cloudfront.net/metrika/watch_ua.js *.yimg.jp http://addtocalendar.com https://addtocalendar.com *.yahoo.co.jp blob: *.surveygizmo.com *.surveygizmolibrary.s3.amazonaws.com *.s.ytimg.com *.typeform.com *.calendly.com *.linkconnector.com *.linkconnector.com mc.yandex.ru *.js.ad-score.com/ *.baidu.com/ *.cdn.onesignal.com/ *.onesignal.com/ *.rtmark.net/ *.taboola.com/ *.engine.4dsply.com *.engine.spotscenered.info *.engine.3dspk.com *.we3red.com *.engine.asadap.com *.engine.nictelroalps.com *.engine.liondigitalserving.com *.engine.addroplet.com *.beritapria.com/pixel/pixel_keeper.js cdnjs.cloudflare.com *.clickcease.com *.criteo.net *.criteo.com https://snap.licdn.com *.linkconnector.com linkconnector.com *.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.clarity.ms *.adcell.com *.lfeeder.com; style-src 'self' 'unsafe-inline' *.doubleclick.net *.flowplayer.org *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com *.a.disquscdn.com *.disqus.com *.googleapis.com *.fonts.gstatic.com *.mackeeperblog.disqus.com *.referrer.disqus.com *.google.com *.google.com.ua http://addtocalendar.com https://addtocalendar.com *.surveygizmo.com *.cdn.onesignal.com *.onesignal.com/ *.addtocalendar.com *.googletagmanager.com *.liadm.com; font-src 'self' data: *.doubleclick.net *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com fonts.googleapis.com fonts.gstatic.com *.surveygizmo.com *.static.mackeeper.com; object-src *.doubleclick.net *.flowplayer.org *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com *.pagead2.googlesyndication.com *.pagead2.googlesyndication.com *.liadm.com; connect-src 'self' *.mackeeper.co *.mackeeper.com https://mackeeper.com http://mackeeper.com https://rp.liadm.com http://rp.liadm.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com *.g.doubleclick.net http://lcidc.liadm.com https://lcidc.liadm.com *.assets.kromtech.net *.assets.kromtech.net *.google-analytics.com *.api.ipify.org *.mc.yandex.ru mc.yandex.ru *.data.ad-score.com *.baidu.com/ *.pushdata.onesignal.com:* *.onesignal.com/ *.onesignal.com/ *.taboola.com/ *.hotjar.io *.clickcease.com s.yimg.com *.facebook.com *.google.com bat.bing.com https://idtg.account.mackeeper.com https://the.sciencebehindecommerce.com *.liadm.com *.liadm.com *.adcell.com *.clarity.ms *.lfeeder.com;
Set-Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; expires=Sat, 11-May-2024 13:37:01 GMT; Max-Age=86400; path=/; samesite=lax; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4; path=/
Request-ID: 8d84a91b206ea9b78a14d61ba066589f
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/discounts/img/back.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/png
Content-Length: 150912
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
ETag: "5ae70052-24d80"
Expires: Sun, 09 Jun 2024 13:37:02 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/js/cookie.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
Vary: Accept-Encoding
ETag: W/"5ae70052-270"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/arrow_animation.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: image/gif
Content-Length: 7944
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1f08"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/png
Content-Length: 926
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-39e"
Expires: Sun, 09 Jun 2024 13:37:02 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/sprite-icons.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/png
Content-Length: 6724
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1a44"
Expires: Sun, 09 Jun 2024 13:37:02 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/libs/js/loclist.js?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/js/loclist.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
Vary: Accept-Encoding
ETag: W/"57164f85-26c"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/arrow_animation2.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: image/gif
Content-Length: 7948
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1f0c"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/main-img.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/jpeg
Content-Length: 38349
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-95cd"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/discounts/css/styles.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 24 May 2016 12:45:39 GMT
Vary: Accept-Encoding
ETag: W/"57444cf3-425"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/overlay/overlay.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
Vary: Accept-Encoding
ETag: W/"57164f85-569"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/Pixels/js/1604.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
Vary: Accept-Encoding
ETag: W/"57164f85-189"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/pin.png

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/pin.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/png
Content-Length: 749
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-2ed"
Expires: Sun, 09 Jun 2024 13:37:02 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
DNS

IEXPLORE.EXE

Remote address:

34.254.143.3:443

Response

HTTP/1.1 400 Bad request

content-length: 90
cache-control: no-cache
content-type: text/html
connection: close
GET

https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/Pixels/js/1282.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Fri, 01 Jul 2016 11:50:23 GMT
Vary: Accept-Encoding
ETag: W/"577658ff-15c"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/libs/Pixels/js/859.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 24 May 2016 10:01:52 GMT
Vary: Accept-Encoding
ETag: W/"57442690-1d2"
Expires: Sun, 09 Jun 2024 13:37:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/stars.png

IEXPLORE.EXE

Remote address:

3.217.201.163:443

Request

GET /landings/123.1/img/stars.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=tt0rod4qbs90rqeb61v5mdkin4

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 13:37:02 GMT
Content-Type: image/png
Content-Length: 1893
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-765"
Expires: Sun, 09 Jun 2024 13:37:02 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

3.162.33.170
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 44849808df37ecbde0b3891640783c20.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: P49XHGCpGEmyxLcAB2C_aStRZ-2A2f9jFfBz4Zhu-ft-Klb7OosVgQ==
Age: 1019
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 549d5003213e897b51ff26b051fb8c78.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: cW_FTdR8i_CwC_sg8pFig0FP4Al-2wSK88n6mXeaWJNLmzHiQK-I2w==
Age: 1019
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 c7deb8fcb33ecb1e5a3a6d85b3f06e68.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: BK7wiMsrfO6C-cEnyFEhozV8LV1hdhHKbBVwNhkM6ga0g741_N89Mg==
Age: 1019
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 c08a0ab3127361278a0f4d97c34cd682.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: wkBgFa2SEr17TmGb9pGcUrgAwUkkKA6FZrfJakiRXXEKC9mSBqDOBQ==
Age: 1019
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 8ef3b122b1955c9b50019a917f1a6a58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: GGDLkRa1wc7rjbI_HRjjCvupA9waiXWaycgP2ti_DWdlZOotYEtMHg==
Age: 1019
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 0f03de5c911def3510d9e3ffa72c0a70.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: Su987Zufgkz71VSRu3hkTBQmphNvjcUoaHQeNR5GP97abAIu8bqluA==
Age: 1019
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 3ebbe9acf1a1455083ed9b89077979dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: P62sQ5YkTLX463_p5bodHmjnz3eCoiaZflp2jSIjsssB_sHWRG5tyA==
Age: 1019
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

3.162.33.170:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 13:20:02 GMT
Last-Modified: Fri, 10 May 2024 13:20:02 GMT
Server: ECAcc (frc/4C8D)
X-Cache: Hit from cloudfront
Via: 1.1 5a012a43a727d36b7bf1976d7c8817dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
X-Amz-Cf-Id: EFTrB4atQ-Pa8n-PeQ6OCJ42zuPcJwZ2kMMn5euVpJRkq1wpuYBvjg==
Age: 1019
DNS

assets.kromtech.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

assets.kromtech.net

IN A

Response
GET

http://fonts.googleapis.com/css?family=Roboto:400,600,700

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Roboto:400,600,700 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Fri, 10 May 2024 13:37:01 GMT
Date: Fri, 10 May 2024 13:37:01 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Fri, 10 May 2024 13:37:01 GMT
Date: Fri, 10 May 2024 13:37:01 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Open+Sans:300,600&subset=latin,latin-ext HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Fri, 10 May 2024 13:37:01 GMT
Date: Fri, 10 May 2024 13:37:01 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

event.mackeeper.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

event.mackeeper.com

IN A

Response

event.mackeeper.com

IN A

52.222.149.61

event.mackeeper.com

IN A

52.222.149.81

event.mackeeper.com

IN A

52.222.149.36

event.mackeeper.com

IN A

52.222.149.107
GET

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff

IEXPLORE.EXE

Remote address:

216.58.212.195:80

Request

GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 31144
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 04 May 2024 13:19:49 GMT
Expires: Sun, 04 May 2025 13:19:49 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 14 Dec 2023 02:01:28 GMT
Content-Type: font/woff
Age: 519432
GET

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff

IEXPLORE.EXE

Remote address:

216.58.212.195:80

Request

GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 31332
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 04 May 2024 20:12:50 GMT
Expires: Sun, 04 May 2025 20:12:50 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 14 Dec 2023 02:01:29 GMT
Content-Type: font/woff
Age: 494651
GET

http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff

IEXPLORE.EXE

Remote address:

216.58.212.195:80

Request

GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 36956
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 04 May 2024 08:25:47 GMT
Expires: Sun, 04 May 2025 08:25:47 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 01 Jun 2023 22:52:59 GMT
Content-Type: font/woff
Age: 537074
GET

http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff

IEXPLORE.EXE

Remote address:

216.58.212.195:80

Request

GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 36788
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 04 May 2024 17:27:26 GMT
Expires: Sun, 04 May 2025 17:27:26 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 01 Jun 2023 22:52:58 GMT
Content-Type: font/woff
Age: 504575
GET

https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=Hit&affid=mzb_255.13053633.1516512846.28.mzb&bundleid=29_342451156&prodid=29&response=json

IEXPLORE.EXE

Remote address:

52.222.149.61:443

Request

GET /event.php?step=Landing_Loaded&substep=Hit&affid=mzb_255.13053633.1516512846.28.mzb&bundleid=29_342451156&prodid=29&response=json HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: event.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8
Content-Length: 62
Connection: keep-alive
Date: Fri, 10 May 2024 13:37:02 GMT
X-Cache: Miss from cloudfront
Via: 1.1 5c0a9fbe4f8b2e7835a09c41c52efb12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
X-Amz-Cf-Id: SzhxkR7eL_E7QOJTGWKFaYb5bZtxaYVotC1vN5CfI1WNKOQnhwobKg==
GET

https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_255.13053633.1516512846.28.mzb&bundleid=29_342451156&prodid=29&response=json

IEXPLORE.EXE

Remote address:

52.222.149.61:443

Request

GET /event.php?step=Landing_Loaded&substep=View&affid=mzb_255.13053633.1516512846.28.mzb&bundleid=29_342451156&prodid=29&response=json HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: event.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8
Content-Length: 62
Connection: keep-alive
Date: Fri, 10 May 2024 13:37:03 GMT
X-Cache: Miss from cloudfront
Via: 1.1 5c0a9fbe4f8b2e7835a09c41c52efb12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
X-Amz-Cf-Id: swuwkMglLCKfGqJeLikO2exqNwutfuB49cRJEDxNou8PBFSwptPEAw==

34.254.143.3:80

http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0

http

IEXPLORE.EXE

854 B
626 B
12
3

HTTP Request

GET http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0

HTTP Response

301
18.164.52.20:80

http://static.mackeeper.com/landings/123.1/img/stars.png

http

IEXPLORE.EXE

1.4kB
3.3kB
11
10

HTTP Request

GET http://static.mackeeper.com/landings/libs/js/loclist.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/stars.png

HTTP Response

301
18.164.52.20:80

http://static.mackeeper.com/landings/123.1/img/pin.png

http

IEXPLORE.EXE

1.3kB
2.7kB
10
9

HTTP Request

GET http://static.mackeeper.com/landings/libs/js/cookie.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/pin.png

HTTP Response

301
18.164.52.20:80

http://static.mackeeper.com/landings/123.1/img/steps-arrow.png

http

IEXPLORE.EXE

2.1kB
4.6kB
13
14

HTTP Request

GET http://static.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/main-img.jpg

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/steps-arrow.png

HTTP Response

301
18.164.52.20:80

http://static.mackeeper.com/landings/123.1/img/arrow.png

http

IEXPLORE.EXE

1.7kB
3.3kB
11
11

HTTP Request

GET http://static.mackeeper.com/landings/libs/reset.css?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/arrow.png

HTTP Response

301
18.164.52.20:80

http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

http

IEXPLORE.EXE

1.3kB
3.3kB
10
10

HTTP Request

GET http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

HTTP Response

301
18.164.52.20:80

http://static.mackeeper.com/landings/123.1/img/sprite-icons.png

http

IEXPLORE.EXE

1.7kB
3.4kB
11
11

HTTP Request

GET http://static.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/discounts/img/back.png

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/sprite-icons.png

HTTP Response

301
34.254.143.3:80

loadus.exelator.com

http

IEXPLORE.EXE

236 B
365 B
5
3

HTTP Response

408
34.254.143.3:443

loadus.exelator.com

tls, http

IEXPLORE.EXE

836 B
4.3kB
11
9

HTTP Response

400
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png

tls, http

IEXPLORE.EXE

2.9kB
45.0kB
28
40

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/libs/reset.css?mkv=1

tls, http

IEXPLORE.EXE

1.2kB
7.0kB
11
11

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/reset.css?mkv=1

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

tls, http

IEXPLORE.EXE

1.3kB
10.6kB
13
15

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png

tls, http

IEXPLORE.EXE

5.4kB
199.5kB
84
153

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png

tls, http

IEXPLORE.EXE

3.0kB
24.3kB
22
26

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg

tls, http

IEXPLORE.EXE

3.1kB
55.7kB
34
49

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/js/loclist.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

tls, http

IEXPLORE.EXE

997 B
1.5kB
8
8

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/pin.png

tls, http

IEXPLORE.EXE

2.0kB
4.8kB
13
12

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/pin.png

HTTP Response

200
34.254.143.3:443

loadus.exelator.com

tls, http

IEXPLORE.EXE

655 B
759 B
8
6

HTTP Response

400
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

tls, http

IEXPLORE.EXE

1.0kB
1.3kB
8
8

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

HTTP Response

200
3.217.201.163:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/stars.png

tls, http

IEXPLORE.EXE

1.6kB
3.8kB
10
10

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/stars.png

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.162.33.170:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/css?family=Roboto:400,600,700

http

IEXPLORE.EXE

536 B
897 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Roboto:400,600,700

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext

http

IEXPLORE.EXE

564 B
916 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext

http

IEXPLORE.EXE

558 B
938 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext

HTTP Response

200
216.58.212.195:80

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff

http

IEXPLORE.EXE

1.2kB
33.7kB
19
28

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff

HTTP Response

200
216.58.212.195:80

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff

http

IEXPLORE.EXE

1.1kB
33.2kB
17
27

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff

HTTP Response

200
216.58.212.195:80

http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff

http

IEXPLORE.EXE

1.2kB
39.0kB
20
31

HTTP Request

GET http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff

HTTP Response

200
216.58.212.195:80

http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff

http

IEXPLORE.EXE

1.2kB
38.8kB
19
31

HTTP Request

GET http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff

HTTP Response

200
52.222.149.61:443

https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_255.13053633.1516512846.28.mzb&bundleid=29_342451156&prodid=29&response=json

tls, http

IEXPLORE.EXE

1.7kB
8.5kB
11
15

HTTP Request

GET https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=Hit&affid=mzb_255.13053633.1516512846.28.mzb&bundleid=29_342451156&prodid=29&response=json

HTTP Response

200

HTTP Request

GET https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_255.13053633.1516512846.28.mzb&bundleid=29_342451156&prodid=29&response=json

HTTP Response

200
52.222.149.61:443

event.mackeeper.com

tls

IEXPLORE.EXE

796 B
6.6kB
10
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.7kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

static.mackeeper.com

dns

IEXPLORE.EXE

66 B
173 B
1
1

DNS Request

static.mackeeper.com

DNS Response

18.164.52.20

18.164.52.69

18.164.52.126

18.164.52.22
8.8.8.8:53

loadus.exelator.com

dns

IEXPLORE.EXE

65 B
160 B
1
1

DNS Request

loadus.exelator.com

DNS Response

34.254.143.3
8.8.8.8:53

mackeeperapp.mackeeper.com

dns

IEXPLORE.EXE

72 B
104 B
1
1

DNS Request

mackeeperapp.mackeeper.com

DNS Response

3.217.201.163

34.200.74.132
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

3.162.33.170
8.8.8.8:53

assets.kromtech.net

dns

IEXPLORE.EXE

65 B
146 B
1
1

DNS Request

assets.kromtech.net
8.8.8.8:53

event.mackeeper.com

dns

IEXPLORE.EXE

65 B
129 B
1
1

DNS Request

event.mackeeper.com

DNS Response

52.222.149.61

52.222.149.81

52.222.149.36

52.222.149.107

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
1KB

MD5
4efc7dc16ae499f76c5c8f975d30b872

SHA1
1acc8709267e57b286b072d047c0a16160851d1d

SHA256
61672d1c3b53b5c0f714773c6335f2d62cd37920e5e338a42ef4f199a3ca3027

SHA512
e7289691ed6fc70973a0cb0f934a8cb627c157df2434e795bcbd65034e88b0bbce1b468fb8281e3d172963be691b13689c2e634afe07551f24f54e6f2b9b0789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

Filesize
471B

MD5
5b55243f3ee19dc5e8c1fba849985285

SHA1
1b651354ce1cd45bdbd359f7d15ea7d561633091

SHA256
2e4ae0f83716d984c3ede8b6f981cd8bcf84e83c9504c04e37a9699230379e30

SHA512
98ca6865bcd2e49ee387d18d11ea231b102087a0d612644d755855f9170b35af5928fa5bd0a1ca7f77e55b139ab054cf3f247f21ebeb0ec5ca1b367998ca176d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
4966252285e49249ec522f5dbd5fb3ef

SHA1
f6180baa9af59fd96b666818097ce4678d5a5c43

SHA256
d38e3275bc4d86028315e15a5f6f6b6e8ad9364128639a5f0437aad868f1d321

SHA512
dc1e92328c4d75f072dc01dda31cd9741d5ce237a0266cc0ab206075a85d85f8656eaf3a5e99077e92c314ffa8aceac17aa492e11f29178d4f053e1bd34396e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
079bcbc687d1b9013a4f742ba24febda

SHA1
f6c3f0b6dc488010d8209ac0e8afec1ea5536df2

SHA256
ca019449d3f045c75fd71c4a4977054efe70d364298e198fd7df6e20299fa976

SHA512
1245414d58ae73cca12e065c264703da2bc97e51b14d3e70717384bc1d895707968afc756e692ffc5844acf5db7765cd629d8525edb8475f1f4d6b46bd57e775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
911dc8247bd7c5ccdef069b6b7e77fd8

SHA1
419274f3c6e82603f0b6f2efa7a7c8b36f20319e

SHA256
381b7c62dcf7fcdad62694e4915adbb8154580c553a7a3dab150db8e933646b1

SHA512
59b4a0a3c7670b2963de90bb02312bcc0d1ce593762d02f16acd735d954bcaa1e456a50bb6986eded973afce05085f4c4178579ee86b1a8f89c8854dcc4234eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

Filesize
426B

MD5
4ac09d92a74ace8080bd2d62195e313e

SHA1
c39c261ed1991aaf5bd9263dd8f17e4750f7b004

SHA256
6ece8918167e4ab106754085f85ec52537d4e3e8fc4a588897192042c731a8b9

SHA512
44e569845a1f304c9ef1d8628065f39d9e1f066695345b197deaeb82faec877591fcafabdc45075279504ad54d2ec5a98d58b6790b0779c3bcc1f7eb20666915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1189fbd63398ae0a5403a3eb1adf00e0

SHA1
ae56f30a28dcfb2ad005f3c2c37300c9cb7e6ad2

SHA256
a5c70c1a6b17a0c7dfe9faa429bdbbe40ec4891f29a0ae631e12473406fe0027

SHA512
1e79fd7e50de01e500dcb07f2c550c48f01e72741c44ba836296583f56b086fe2ed4a7e29a10cef06ea1f5a868bfd3afb0b50f9118d65b6eb790e6e580536a1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
055fa501f245bf40f90af4133d0b812d

SHA1
357622c9163d531eb5301f8e3cf057fa33a31958

SHA256
bd5a31c5f3ef81950b68bc9b30764ad1fbf1a637394331670d3573b3f53132b2

SHA512
bf0ef8aa505af1aacf77ffcede542f87e5923b57a937f34df5ecf94289e79630c26b51384313de752fc409f82d77fe07615fb34ad6f8538db74639b7d43c2e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c928c57a56838ec0d6afc44b36526b97

SHA1
a1984ada39e6a022f69f8f8e0ce80d4d96dff04a

SHA256
fdfad432e49dce0299dea14c5da820e02deec2b78d194c95632291e7d44d7f76

SHA512
552e4fb7a1dcac04b5f7726e0955e31ebff76d2cb6af0665dd597cd78d70f5d9668bd0dd622972280128c316ccad0b1b11d07b3a4f502001e1008c6a2f7684a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2421ece338f2cc328c768c47ecfa2737

SHA1
641462efc874ba53fce4436f1c288c1ea3e236fa

SHA256
22bd0e6c3f50d2600256a0109f8bc18ee5739ac2d6f435e7950c0064bfa797fc

SHA512
61e2346bdadebe275905984774811aaab7d9cf7390905edfa0a30d11ba65dcfb7b64cb2b0450e1862d7a238e1607e44395c1023fcced36ffce519d24177fc532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41e00443f58e54ca30ba8d425f2195df

SHA1
c28d41db1b955b48894ed23ee709b08575b07622

SHA256
fbc8e82419b1e37652d78d7a599aeecc2f459f4252d5bac0314aee48ae050528

SHA512
07d3b833a4df128f9d6acbd79e4abd67dad3d36920baf43145d258d95d0bfb62a73343035af2c66e03742099ef709f7d47744cd16186fec2276044c847be45a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e87a596d80275a94858376703bc1f1ab

SHA1
72dfe5492ea99fb12a8b71878c4856d1dd786cf4

SHA256
44f496f946cea0b33d52f36b396bf35ac381ed4db4d3b6b8bef04e31e71c0266

SHA512
c6cabc4c042ac080ed75f7d2ade54a10d3796e7504599797f8f3a1fc0c950f6b0fbde1522359cf1bf3c66841b08f7fea2509de15bce13dee79623f66d89a6976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94eda2316e8b11742e357e3fd65b7d13

SHA1
b5f75a2ffe07a6036685a3b8854ab265531348b6

SHA256
f69ee4129bc5015c83aed80ca12d1e709ddd0d15b1741cc5e8afd585b0a23ee7

SHA512
65a40535a9250b1377103e6dba55ffaac97dddd12568b3e49d1766c2c3ec9e83031009c7feee68ea5a41a1f8cac909d1d347ce2fcdd8cfcba9b29c054d0837f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6645df564f82a84f3bacbf5b5139d61a

SHA1
4ff23ed62fd5866760dfb9d7a7820b8d6eb07f81

SHA256
f882fed56fe3ff161d13cd002e1ea0da8fcd358778c9bc540a31c9a70825fe09

SHA512
20bfb61a2d3bfe54b8f49b79fe7da417221be89b452e5c2b8abf66aa4bd8351e2b21de4f65e3548245b1f8882279b2c40e2300e0b8064b2b08da8d62271fe595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0b3b862a4a1c9c26e2800bca206782f

SHA1
efa222016c8bf36accef26255daf3fba89520d3f

SHA256
abcde627d9d5c6252bbcab99d98d8f6cd455b8ab0cd7f5cd0fa32b829eae9e84

SHA512
c343ce117e779ac36d7ac77e935d48a8e5e41be481c6e4bb570f0a37153d2e3b56ffc04c115271cb273e3b8116427cfdd2176b316fb7729e6ea066ebd26dca13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6de2b0fce5d2590caaddfff42c3ecb35

SHA1
65ac6343b25d6040e5cc003a61effdb073bfa8d0

SHA256
e2fe9909bbf8ba2882f1765496e6b3a12dbe533fe3ccacae84c8b64e2e0004c5

SHA512
e558ab2b72253063fb8b803e998ad96bbf94ee23f5af4771caaee21f7635721379958dcc8918ae8eafe8fd39e2015c63cfda0305028915c7c6e73f669097ab8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b78e86086a41078c4e3604b8be800fec

SHA1
6bd61039a4703f3a4811b2cb5faed7a29a1dabea

SHA256
982f68af9fed3ac910326ea3d931a24e791cdf54f57003bb29823e29fe31f052

SHA512
ae9982eb82c61c470b1f4ecbc107c7c7da07cac56b93b8a1b153386be465007d4582ba76afc77883c3588552b405a2e1e781c4f28761dfa3460a9d48a8b1c817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
513e47cd7dfeb88351f31febd12fa49d

SHA1
d017f0d5e2eb326ede87650f5621cd38b53d53c9

SHA256
f872e33b755b6436ffde8e4a2e633d46397e87c0e0dbbd5a8afd4800d09aa0b7

SHA512
019ac83aff18b1f7a08d8f09b7f4fa29f2359c629b8d9f28777c6ee6410bb0906052a7663dd6848bafe60ff17ce06e954feaaf446e6d5f4cfb0151c324b3e261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3398de4c6fb46a9fcd3deb9d9484097

SHA1
33ab4d0cb066db578374a941483b1c82f338ba42

SHA256
7cae5fff62fbc662404f20ca2a624861758bfbe10343369621464b6ab2a6644b

SHA512
4a934c84818f59855c2bee7deddd1ceb66a8d11d9fceaef35c505f62c42d07941550a2b36eacd60748bd7b8debf4e52b9071c123c4f2ed78235a2c05869b4115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
349182878c8ec7087423c456f4700104

SHA1
b5571e220593df354194667737cba8569f5d7789

SHA256
1a7e154dcb4bca11e30b6930f3983074417bab5b4a0daccae43a5f47b1f4adec

SHA512
58f0810f75cdf106ab824cce50da036ec1e53b18bb9d82666b3d1fff95c0533a3e81fcd182c95deecf7bc96c8f0ae437c3554817a4bd939ec047817b260345b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0bfd753afc19f241ca59b84680e0594

SHA1
f6554b2202b710166ed0bf9bd4e75b244d54f467

SHA256
53b8c26fa0c59e567607ad69a37127af5041797083e8a29504a9c1350e279b9b

SHA512
6ed4e9e6f863b2a987ec15934b8bcb6d70813e3da6c8c432f0f9dc05134dac57fa6f77b6cd749a961f29f56dabb8d54a0bf0f5a1d2075306ae35d11c5f2217e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a10c046606cc5b005167bc1febc81853

SHA1
252e5e51ee10f093f3a1880eaa9123f8065941dd

SHA256
7eddb2e7c532637633b2c0daff0fa81d78d588fab5602d69beb2558204bd9ebb

SHA512
df19ac3703c4261eb925f87f37e2579eadc76e5e8a2ba734e74dbc3c6f2462ac38861e04b1c21da67651fc73234f3957646962dbef148fa27f4a961fbe3cde30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b57dffeea8eab5c112b1df48b2263e2e

SHA1
4bdf0025057b7e2ee002ea2908ff38938fc3b6cb

SHA256
43cab7ea6a6f8af56adb30e732371400589f730f7889a9a111a10f5fdead4f30

SHA512
4f30f14e825c72751540d2271e584ee72516454548732deae69b106831a9935f7e38ab0ad41ed43757b2a39547925b688219bbc2027c8097acd10c3b5c19cffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90b8a3a334e07646093a791464d29622

SHA1
1d6848e8c5602c5b5fbb6765dd2d2c08b38e3d29

SHA256
e54c1607ee4caab68ce32630e0c422abe0ddaf12208b8dc0f187ba9196226174

SHA512
d852c0e6f36b2e5878a82dc24addfe360eaebd6d5d78cd2e216bf71f481a310e757cba825723322491ffc379819882b8a96c9c7d8e901f31166ce6cfde3aeb45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99412dd1ea0f8f60bd86bcc7efa38e70

SHA1
aa62724e823ba986d03bd620af114c97b07f9f60

SHA256
213592d1390c0edc4731b7284da6dc0b4e04847ee4c95b0fe35112f598ed6721

SHA512
c7ed6244c9e8751f6e9933efc9154a36eb6d5a7f88f18b50b300682e144bbe20c37dd74b186bb75fceb26b3830832aa68cc0c4999d677d86dd8f67721848b926

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
608b450830fde377c8fcc5e48e4fbf83

SHA1
4c8ba27cfe5b084f4219b602919e34e5f278fb2e

SHA256
47e2dfc6844a1c1a31b5ef64d4ba3dbca31e221f228f6ab03518eb37b0b247a2

SHA512
e5cbc2127970cb4709902a9bf3f970cae3c08fa1a409494cb478acd769f59a984c2bc2dc27624eaa6dfb121f3554e32b0446b9c75c6c68dac3cc108d3f70f0aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
318e919532f6bdb7689beceb0a5b6fe8

SHA1
09294e601d51b2a597da0ee8ef94303a8339c417

SHA256
11c6c9a94fc5a1d3f805f72eb5459f1bd958f7f35fdc8ffde69838463d4c39c7

SHA512
80f10122dcb0f5d4b12760ee9389a776e448624e5de3d7345d7ddbee7cc05351ee9b31bb8ccf80c379fd27724b74ed9985de4e6045060b893429e4a304e5a643

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
780eadf07e0cea6f1de948c5c8650ba1

SHA1
e9e2585b4ff2e21b516098e4a01606085d2b4674

SHA256
cfaf888adfe8cdd5162153403a3ccb23826972af18be79e0aefca202fbb2db45

SHA512
eb4523b51e1342a399c15fc81ad154a4b16102ad3bc190e3bbf00618b9a9699ac2c550cfa5900f06a1cab32cf2f52201a4a91c0d5d791085c3f2a1db124f4449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f851c5129dc2b5ecf494d7998f32d3f

SHA1
0cb4d1c63209e7f8945715c7bcbb3e01365efe46

SHA256
c5424e86e6f9b55a7adffacaa58de765d4cbc450d5988e224584106298f569c8

SHA512
ddb4913733120be89d91bbcd89f034085622c7227670aff03b7183b72acf3f76273af6d6b7ebdc9ef26c2149335edcfce0f7cfe62ad97753f189d39c864e6a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
054f35cd5d44e4a8e64827f8ae897273

SHA1
8d32ed83f42e4362c7542fe208a0f1bc7acda8e7

SHA256
1a9634e7929c520d074081781c73145c252d67101fd6799845bf1329540a252b

SHA512
de8a772eb081713159be9e9dbb5b4b06cd3c73523eafe5634d03e5945565f648f408cf0cbfdcf8d15937065bbc7f37143ea0dd98ac43304bfbacbb1875874415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
896500e8b381bf2f92ccd1f460fd4497

SHA1
6c92832f856369a640997c91bd1f7a19bc08c061

SHA256
ec1c02acc97f0cdc11bc9647aead978700a759c500856edade903864b6125121

SHA512
4d19ede753ecd9c1410f6993451ee5b0580927c3ad2508b6e3489649e5d7e2a6f654bcf731e8ae09b1e580087328462bb62cad79c38a72972e19e9c55dd33e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
731ac9aec12163175be91f40e424a314

SHA1
f0fc84f9e7856ee642e80ef69d7fde6a34cdaa7a

SHA256
7adef238e1ffe1504f50f782b64c3261d5da7ffb528cf2cb199e6640d6c3bc89

SHA512
eef5f046aca69d2df0c7b1abe0636efcabece437f0c0c3c1c20ee6407b6d4f4c748e09e41b2da69533c48e20e3378aaac885480be7dd5dc2bfb3bf92ba66cecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbc5c42bf15e921509cd00e61d4f02fc

SHA1
fc9b2f410abaeecbb4cfd87de1edfd2469841c9b

SHA256
9ccc47e34f602987c7910491ed146595740b04edaccb17a183179f522b89b92f

SHA512
b79b0ca547acb51bd30b7e91dc338ad9897b9811a0072806fc699879f329685643954987d22db6d69c84c7e865082dc83db6701fb762e31cacbb7c622f6d95b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac433318e7d1dea0b9b42fbb8e72c4b9

SHA1
d839b4c46d9b148ce7408167b0f6c02c07c11c83

SHA256
25791935eda631855003b00f25607be4115924ab303b3e22b7dfd0a66e2aafec

SHA512
e60d5450852991bf8b95046149ee4c865e1712091e8b9792bd6ba025a50ba9485dc14a28cabe0eb7bc93bc87f1b6a593e21b2f796566d3542f7445063a698bad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
f6720df4da0ad103936c4a189302318d

SHA1
4b7802e3ff72c1c8d035a97cbcb755132c3ab585

SHA256
b7eb93e8ce95d5c661467cf0eb1eb532eb13ed164e0bfe1ed0934d7324a0632c

SHA512
2587b8842aff3cc75e3e2686de7e42617f03709d11066f17dc96c1fe21ddadf86715b6ca8d34708dfcf31c2d03ef6e9ae2b6d2d98f7e08d7feaaaa170632d82f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
36f75fcb00951f234f097b9a7fd849b5

SHA1
181907fe7ab0af52820b7a01ef06c2e823dcc77d

SHA256
7f64735cc493c1ffe7de2835b285dbb388aa3f16b53008198377d9b1bd540283

SHA512
4a75516a95dd7e96e64e1322a4f7619b6a91b36a2949cd35aff440d7edbb17224d894a6f4d909255501581f3f625f9ae7d87f63f025e20994c862f582d04c8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\cookie[1].htm

Filesize
134B

MD5
4aa7a432bb447f094408f1bd6229c605

SHA1
1965c4952cc8c082a6307ed67061a57aab6632fa

SHA256
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

SHA512
497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3536.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3558.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request