a1775c19006e605ac9d9ce7949564cd82949b462b319c7477161b053768581a2

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 23:47 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6caf0e84efcda401481c0e1980375535_JaffaCakes118.html
Size

35KB
MD5

6caf0e84efcda401481c0e1980375535
SHA1

8409a4cc9ad2d5ce849174e5eaedea9ffa4ff7cf
SHA256

a1775c19006e605ac9d9ce7949564cd82949b462b319c7477161b053768581a2
SHA512

a9751b5324ded3b776529097cd2ace7f58a6e75d310e8df41f9eca46242af1a629325bc26ce511b36effca6b92af9e346755594528265d7a99b06d5f2e692a2a
SSDEEP

768:zwx/MDTHDL88hAR7ZPXWE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TIZOZ6DJtxo6lLi:Q/fbJxNVxu0Sb/v8xK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104993a56badda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE68E5C1-195E-11EF-9911-62ABD1C114F0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000002f38575b5c87e4489b4c848afd25b2600000000020000000000106600000001000020000000304cbae6c3302828fa6b59c85ee70ec2b29d5a5424e7292a51b540fdb90e6562000000000e80000000020000200000000580067eca2c3cc5a074e03a9feb599d1cc7f8cdfc89274ef7a636f250bef961900000009477ef29b30f5b68726817c6d17c010fe1c7e8b4dd5d6e5d33d134ab49b2436aaba385033b08b1f8de0d461e10eb2d61ce92b68b31d5880830ec1fa60950a47d00af5379dd90d83764b8c629e35b05a4dbf613f0fdf3de9236a2e10c59a7c3d80ebe70b70901588cc2f182ab1fd8dfe3c9c879b5e8de4537b1c3d7b7a295dfbc671fd7d37be7724584b90d3ccaa7496240000000f9b9638db153b551c14a62342603e26d050a1dcafa5d6ae622ee32a4ad17f3709df303578645d403c6a02e9900a65bc255e37c240745adb9dadfd8fbb1d38df7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000002f38575b5c87e4489b4c848afd25b260000000002000000000010660000000100002000000033d800bf3fc856ce8850d0be0a2bb378ad166b6d67409837ce66ad1adaa436f2000000000e80000000020000200000002b8d7f669223450358b360adf3fbed56ccc02c57697881f34e60d7674feed3fc20000000f9dc1ef07fa673a18579ca936cb6c9c29e451694cfc39436718ae244e803f64e40000000d7f22a7b6eacd7b8f1d5f6f66b9bec99e1d23f08d8a94aed3c9e00fea2b08fd53d13b3ea548a8f9a9fd0edd1057e3a0caa9fd94602ba8641bc93fdbdb6f65459	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422669913"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2024	iexplore.exe
2024	iexplore.exe
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1616	2024	iexplore.exe	28
PID 2024 wrote to memory of 1616	2024	iexplore.exe	28
PID 2024 wrote to memory of 1616	2024	iexplore.exe	28
PID 2024 wrote to memory of 1616	2024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6caf0e84efcda401481c0e1980375535_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1616

Network

DNS

saltworld.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

saltworld.net

IN A

Response

saltworld.net

IN A

104.21.11.155

saltworld.net

IN A

172.67.166.97
DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A

Response

coinhive.com

IN A

104.21.57.186

coinhive.com

IN A

172.67.165.117
DNS

www.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gravatar.com

IN A

Response

www.gravatar.com

IN A

192.0.73.2
GET

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8SONkl1lGRtkkQ9kAYTtJPR%2Bz4zeP%2Bl%2FFywnBXgL9JNYTiUtH9gB7lSebrqylIOxfvkjkl045M55v%2BzTUwa8xhFbTj1nLHD0iJzPeddKxx21wscwRA21u%2Fcdf%2Fq5AN%2FQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee5e0b686548-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFqgdO35FIk0EDcnwNF%2FpoL0eZsaDGN%2BCl9X1lE%2B2Iy7pvLTg2edDYgVCp8sGrbIRdtu%2Bi5fHOP1w3xPBE5YM%2F0dB1cttBgtL2FQ%2B7Dn30kY%2FggMzQy8IVVCLDCBlEme"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee5e0ff171b1-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ArYaBjdhuqDAuaBvlrcdQnnWXtHJPRdOQoVdS97YS%2BpeMxPt9nAHVwdwVo%2BBzkFuSb1M2jSAUqzwvUyxOIbJKU7kZ66Chtb7TMpSH6H12qK5MmfFdeZAue1msPYmRvW5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee5e781e71b1-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QGX6yrhFp5ciJB51738pvHi9cKLVzTg1cG0nbSH3iqfUyrRtjQ7dIHzY%2F88qISJxkCxAMI4vaIKjKktYNI9UvHQ9m23FRYF7pZogeXII8KcQW9kjLTnR2UY3tNjZ67TP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee5e1e3293dc-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q74TxUnroYoCjLfqKiIk0Rl04aeJ9cf4rC8zqo5D9kjUURqkCCGjbVyQNcLb1%2Fm9F0LR3qw%2Be7hqoogWlAQKxcTw0L81z5qE7jK1RhfClGr%2Bjqu2e4QMGIAzaFbF5OUs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee5e0b824922-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L2XNS4Fi8xRWpa%2FLGf344Ptej%2B2oPgttUvW%2BuL0GSwsd9p1pN4G8yiKHQok2G6zNU9x31KUGQK%2FEC%2BvJk%2FrqKT%2BywF%2BOBDewTtR91nCD%2FC3dhTt%2BOx5i%2BujKlz4RzCek"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee5e7bc64922-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hingY5gbl4YhCpfW%2FDHDXSQhMJw9uczvEpwFf8kV24kjCNjeqwK16t0kPY4jrvFhQpdQX0A0BlHwcaYrL9BTe8wCh4bjxo7xwdD%2B5Doj42XiYtukWeS8PcicLIGcRloF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee5eec214922-LHR
alt-svc: h3=":443"; ma=86400
GET

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

https://coinhive.com/lib/coinhive.min.js

IEXPLORE.EXE

Remote address:

104.21.57.186:443

Request

GET /lib/coinhive.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: coinhive.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: application/x-javascript
Content-Length: 1115
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ETag: "806233d282cfd71:0"
Last-Modified: Tue, 02 Nov 2021 00:44:41 GMT
Set-Cookie: ARRAffinity=2c67d33be6b9592c13d11097748916f7e95d849041273820c139acf9e6d026ba;Path=/;HttpOnly;Secure;Domain=coinhive.com
Set-Cookie: ARRAffinitySameSite=2c67d33be6b9592c13d11097748916f7e95d849041273820c139acf9e6d026ba;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
Vary: Accept-Encoding
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2BwI6tS2wgIy4KQQTyusTN8XF0JBAKwtCPT1p%2BifSlXkKaNRPG5Zh86NON1h2w6egHd7G7PI%2FGSOtBrFtgb6S1WNn6VFNQZv5ewm9nv5FlOwLVtDZ5Vwa%2BsnQDg4Fms%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee646978639a-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c9Ljh41wspIlwf6gsJKSXvVcFIJG9wxK5rfJsmT46bH6xt4NU%2Bahbh1UBcubXuaZmmXFtNS8G8Y2q9Rq4ZDfSegtNPrQtJ311%2Br5zzIVyw%2FxLRDXqlyqFsmkliaRshH4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee5e0f916515-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jVwNTzmirHJQOt%2BqJxGvUxjJ3xnLXld5u1qvGLK2u9%2Fae5xMiGSzdtddGWkmAEmfTtJRn5SiXA7jJ6sLSlRH6pEqnGq6i4H4UjYypKTcTY35hQ01H0a9JMX7S0Mm9emg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee5e19f779b8-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

104.21.11.155:80

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:27 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4mPsEO4HEV6kb9h5GaL%2BiGd8UJeG9h04EPdKe%2FiJaINqgK4ilao9e4mf1rjlgFccRaTBL%2Ba5%2FYvAH3Zm5z%2B4eWe4NO0%2B2I5V2gOuSMABEiSI88S%2Bu0Sl8hKSsOtuETfx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee5e9a4e79b8-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Thu, 23 May 2024 23:52:28 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 3
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Thu, 23 May 2024 23:52:28 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 4
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Thu, 23 May 2024 23:52:28 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 1
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Thu, 23 May 2024 23:52:28 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 3
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Thu, 23 May 2024 23:52:28 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 1
Alt-Svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tu0F40Rwz4%2B8%2F%2FxMjqAkiXHZz%2F3qRqvFpmWs2zO7SYEYk72s%2BRxJZkqO5N2O4CnvDoLZKZdRTN1KNs2IYYWH1rZpdGBTM7zdfjoc8dJS42hyZzhoSh%2FXizNBDDbJ11P5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee64686c3867-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHgqVF87hm8KFCFrpS2RzZ28RBqFCLNeZOM5lJM6WlIgwPhTBFNa94wRcCzqEXEoCjhsnSC2uuqEQgA%2B2U9%2BYrAbN3y%2BikUFOsP5VxIbNVrrUOkiBZd4ZHTYFydtTD0s"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee648efcdc73-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IpO4P1AHk4q0cIAM6gV6nQ8SoyeAxAclXpPB9oHVPkU7apFFZ4mqBc4n686Hz0xdFtK6PAlO0dqSSQK7tJEBS8gw7F27KN96psmP%2FcFU2rBHkzY8uXMObl2qHxX0Z8V7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee647feddd54-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fXDvzdwS7D%2BOBKXwOxCqGSVnQ6MhmpgmyWCB3imvJfneY%2BQVPD7HEaEiFVyd68v4LuXPsETeTleK2iwGphvdaeExDiYEWS8fAMnJyQhMP7RgJS7BXZorAC45Q1edOEr%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee64d819dd54-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uklASD3QW6EyfKxz9xvfmUwjPhsUQMgCyTMmmKmXNL%2BsaYAUgI1uYOeZ7BUI5%2FW2jqukWxLJMlZe7v%2BUNnU8FzVg6OHjict6VmP0%2FVLetCrylkDYB89vr1%2Fn4TEJMIT0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee647cc4496e-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TABTv4AcScadCtpVNNGmOE7KFJgvyVXAChUC9EoTfsjbvJ6ihPWJ1CkNGQKiZ5izoeUAZbZiyU0EoLYkuSdZYdHdekfMaCS0pPWZ%2BVdH%2Bb%2FzzRxQQ3BHbO4tSZBCaUb7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee64dd16496e-LHR
alt-svc: h3=":443"; ma=86400
DNS

pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pki.goog

IN A

Response

pki.goog

IN A

216.239.32.29
DNS

pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pki.goog

IN A

Response

pki.goog

IN A

216.239.32.29
DNS

pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pki.goog

IN A

Response

pki.goog

IN A

216.239.32.29
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 May 2024 23:33:44 GMT
Expires: Fri, 24 May 2024 00:23:44 GMT
Cache-Control: public, max-age=3000
Age: 823
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 May 2024 23:33:44 GMT
Expires: Fri, 24 May 2024 00:23:44 GMT
Cache-Control: public, max-age=3000
Age: 823
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 May 2024 23:33:44 GMT
Expires: Fri, 24 May 2024 00:23:44 GMT
Cache-Control: public, max-age=3000
Age: 823
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 May 2024 23:15:30 GMT
Expires: Fri, 24 May 2024 00:05:30 GMT
Cache-Control: public, max-age=3000
Age: 1917
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 May 2024 23:33:44 GMT
Expires: Fri, 24 May 2024 00:23:44 GMT
Cache-Control: public, max-age=3000
Age: 823
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 23 May 2024 23:33:44 GMT
Expires: Fri, 24 May 2024 00:23:44 GMT
Cache-Control: public, max-age=3000
Age: 823
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
GET

https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVdbeyteGlNPFs94IRixeI%2FW2ZCwSb6hReRu5GGlLf%2FmrCBynFptGLYawQ0mFo7NopP5rOd6G9c5R0BqtoIXBWYLmL1vkhECtxbH2s7nYyvGlmam0cDzyE5j8eFy%2FN9d"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee646ebb93dd-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FULiVamuiLOACI3mq1mPr%2BV8gJYDk2xf8TpG8KpAT%2FSa2onFBpIo5ICm9TmVf8CK9m4ieBLeKcK0shTwq9kd7E%2BAOp2jtft7vwqWsWDd2NNzbXnE8DlcOajDzVQ%2BwHhw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee64df3793dd-LHR
alt-svc: h3=":443"; ma=86400
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
GET

https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FgaGO56SLuJisJ0XQbhRQUIvnlIa%2FuWF0MI71NoDWe22bU75Z7kTl%2BNW2bXrYruHFPz9PqDYrivs7M1WqeSfQ3DNmMl5qiMCMPiFKlK4ltqudf5TU3doz%2FrO8WNxIqRk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee655832d16c-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

104.21.11.155:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Thu, 23 May 2024 23:47:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrUVjXZjnPWE0sT9hKtCiSfk41qH3kw9RQfJaNU2GiOeiSQ%2FImPMAN3sI8B8NN8qTL2YM5XHb9Ul7w%2FEM6HoX9TRQF1wH1by%2FPTiVCkJGYT7%2FWTC5r8Q2FPLcNS3qWYE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee655b5e71c3-LHR
alt-svc: h3=":443"; ma=86400
DNS

gamingw.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

gamingw.net

IN A

Response

gamingw.net

IN A

172.67.160.162

gamingw.net

IN A

104.21.65.85
GET

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:30 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aQXf69bQJ3b2%2Bp7xQr1TVEYV6TeeUjfagc97dUe2yOCbHYk%2FMBrmF2jDgDumHH2vl9r6ZWyI7Id9whiARzHbcTiWKGohhGwXVcfm1qHYuDgypY4aw9ixA1y6WlTnPw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee65fe8a6585-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:30 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZsXftFmVfW4pWkrfbzxylZx72%2B2cAbqY32aNmfRYv4HLndh5KOjrwMERteZEo5SF4DbwzDRMi8pD0NTmU%2F1uDvLY1uWunTYjwRYfE8T%2BlUjPtPVBZsEs6mNsPqVFw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee65ee2a48b8-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:31 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2FQpJgxVW8AMmXKj0dv1Eo7Q9sNzzTB2s%2BV4pRyLUQMPBF62HH0K8e1GZt%2Fw1V4pLqZVj6yF0Z5aR1v%2BXjphWID2tJcU1KfXjus90N7NrnWfd%2Ba%2BC59YF%2FzmOzWTFA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee72de4748b8-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:30 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHsdAB45hKedte9ZoU%2BlvPhMY0dknYOLFFNL3LCqgvK1X6d8u7N5xKVp8iqOUefy7qDM7jaVAFLa7pXfVhPKEcupMj8gYrH%2BuUQNu5jzQXpS2FJhfSEAq9qFo%2FAYhg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee65eccd652d-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-3619.gif?_r=1358402341 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:31 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxXOZTx1wCftMRRT%2Bl%2FK0XOrjkadi2JPGbp0s6Wj1lfbuAsaAyqJtMXMjw6254s3fxvpuApCPRjPsP5sa6ueLWcLCB8aNngMobI82gKrrsYyCdgoDUe7npH26EA0Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee6619c048ac-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=njxbWZvu7YLmFUdtmXf4ZPS%2FZS3HcBRA2BrEZSJ9qvsAFdOx8GWlogwpnWs6XPIRrE0KQGHaq3y06%2FcnqMmoWesp2Zrxmw63re78vmEKqSnQfwC3D85cAx%2BmYeLMHA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee66182d527a-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:31 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RWoeW%2BEGkBr49ZBae5zj215i%2F3fq9UDu8UgNw4D74PYfuUlCJIojm3QxjHKeSMofvXCS5%2FgfkLFyoLYH1DbXNuC56OUs3q34A6yDEf4SAUHYWuGtUe%2F8JeAs6R%2BxWA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee6afa4a527a-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:31 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1TO8k6sIaxGoTv7pHFFq184e%2BNqLFin5QtBgJm9%2BvvAlieJPLGdRVhTAl2GuF61Idv7mnkQwkzyCdluPFn5d%2F0c4W%2Bmd2ZwUs%2BuxjQ9GHWpCZ%2B%2BQWVFDvn561DRSw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8888ee66286b9442-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

i1.wp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i1.wp.com

IN A

Response

i1.wp.com

IN A

192.0.77.2
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Thu, 23 May 2024 23:47:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: EXPIRED lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Thu, 23 May 2024 23:47:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:29 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0EvyNMGQKEew8k7FMoxPCJLb08CdV68jBunIsjduxdqgi2D6tqak%2Ba2usYkEi8Hv0So9VpLzXuGYN%2FLE%2Fwkmlk6SFJXUb%2BiFFsA1ex2IBXdgv%2B%2BxOXxpEfWsSIZ5nA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee6f0ff60732-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 23 May 2024 23:47:31 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KjKa6e3wANIHMENEja2q5Q0SG5IdwPQFMNOweLr1eNBwFe1noug255mJ1kqX4iriPRHSYe3GSYXSXHUev21ufazDDwhOETU4%2FShbR8gWWHg2Qhf2tNw8I2aFQWuzfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8888ee733f0d652d-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Thu, 23 May 2024 23:23:41 GMT
Expires: Fri, 24 May 2024 01:23:41 GMT
Cache-Control: public, max-age=7200
Age: 1430
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

http://www.bing.com/favicon.ico

iexplore.exe

Remote address:

88.221.83.249:80

Request

GET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: www.bing.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: public, max-age=15552000
Content-Length: 4286
Content-Type: image/x-icon
Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
X-EventID: 6616e083b7344f20a2b483d4b540da12
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
Content-Security-Policy-Report-Only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-cusTcK8CCGssThJ5A5CZNsdmXlFoEbDQbyee3iNIhuI='; base-uri 'self';report-to csp-endpoint
Report-To: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
X-MSEdge-Ref: Ref A: 5382C59339C44375B05EC9511A00083C Ref B: LON04EDGE0920 Ref C: 2024-04-12T12:48:51Z
Date: Thu, 23 May 2024 23:47:41 GMT
Connection: keep-alive
X-CDN-TraceID: 0.f553dd58.1716508061.362fe3d
DNS

iexplore.exe

Remote address:

88.221.83.249:80

Response

HTTP/1.0 408 Request Time-out

Server: AkamaiGHost
Mime-Version: 1.0
Date: Thu, 23 May 2024 23:48:16 GMT
Content-Type: text/html
Content-Length: 314
Expires: Thu, 23 May 2024 23:48:16 GMT

104.21.11.155:80

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

http

IEXPLORE.EXE

589 B
1.3kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302
192.0.73.2:80

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
104.21.11.155:80

http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

http

IEXPLORE.EXE

984 B
2.4kB
8
8

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

302
104.21.11.155:80

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

http

IEXPLORE.EXE

619 B
1.3kB
6
5

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
192.0.73.2:80

http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

640 B
673 B
5
4

HTTP Request

GET http://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
104.21.11.155:80

http://saltworld.net/forums/public/style_images/master/feed.png

http

IEXPLORE.EXE

1.4kB
3.6kB
10
10

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
192.0.73.2:80

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

686 B
713 B
6
5

HTTP Request

GET http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
104.21.57.186:443

https://coinhive.com/lib/coinhive.min.js

tls, http

IEXPLORE.EXE

1.2kB
8.1kB
13
13

HTTP Request

GET https://coinhive.com/lib/coinhive.min.js

HTTP Response

200
104.21.11.155:80

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

http

IEXPLORE.EXE

722 B
1.6kB
6
6

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302
104.21.11.155:80

http://saltworld.net/forums/public/style_images/master/top.png

http

IEXPLORE.EXE

1.2kB
2.7kB
9
7

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
104.21.57.186:443

coinhive.com

tls

IEXPLORE.EXE

819 B
5.8kB
11
10
192.0.73.2:443

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.8kB
11
9

HTTP Request

GET https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.8kB
11
9

HTTP Request

GET https://www.gravatar.com/avatar/59df318a5dd5b358077fb9a7e56e80a2?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
5.6kB
13
11

HTTP Request

GET https://www.gravatar.com/avatar/e93d7024558d2ee595265c43dc1084df?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
4.9kB
12
10

HTTP Request

GET https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.8kB
11
9

HTTP Request

GET https://www.gravatar.com/avatar/cafd83e895d821e4ada3e3e38f93582d?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.2kB
6.6kB
12
12

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.4kB
6.8kB
12
12

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/style_images/master/feed.png

tls, http

IEXPLORE.EXE

1.8kB
7.6kB
14
13

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/public/style_images/master/top.png

tls, http

IEXPLORE.EXE

1.6kB
7.3kB
13
12

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

558 B
3.5kB
7
6

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
104.21.11.155:443

https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

tls, http

IEXPLORE.EXE

1.7kB
7.4kB
14
13

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

tls, http

IEXPLORE.EXE

1.2kB
6.5kB
10
11

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

302
104.21.11.155:443

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.2kB
6.5kB
10
11

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

tls, http

IEXPLORE.EXE

1.6kB
8.4kB
12
15

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-49877.452_28dc3908f6bd85bb27e1a22e0fcd0ed8be31401d?_r=0

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

tls, http

IEXPLORE.EXE

1.3kB
7.2kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-3619.gif?_r=1358402341

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.8kB
8.4kB
13
14

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/top.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/feed.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/feed.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
858 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
858 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

606 B
554 B
6
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
858 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
858 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.0kB
2.0kB
9
8

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.3kB
7.3kB
13
12

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

404
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

858 B
18.3kB
13
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.213.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
88.221.83.249:80

http://www.bing.com/favicon.ico

http

iexplore.exe

640 B
6.0kB
9
9

HTTP Request

GET http://www.bing.com/favicon.ico

HTTP Response

200
88.221.83.249:80

www.bing.com

http

iexplore.exe

340 B
746 B
7
5

HTTP Response

408
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12

8.8.8.8:53

saltworld.net

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

saltworld.net

DNS Response

104.21.11.155

172.67.166.97
8.8.8.8:53

coinhive.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

coinhive.com

DNS Response

104.21.57.186

172.67.165.117
8.8.8.8:53

www.gravatar.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

www.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

pki.goog

dns

IEXPLORE.EXE

54 B
70 B
1
1

DNS Request

pki.goog

DNS Response

216.239.32.29
8.8.8.8:53

pki.goog

dns

IEXPLORE.EXE

54 B
70 B
1
1

DNS Request

pki.goog

DNS Response

216.239.32.29
8.8.8.8:53

pki.goog

dns

IEXPLORE.EXE

54 B
70 B
1
1

DNS Request

pki.goog

DNS Response

216.239.32.29
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

gamingw.net

dns

IEXPLORE.EXE

57 B
89 B
1
1

DNS Request

gamingw.net

DNS Response

172.67.160.162

104.21.65.85
8.8.8.8:53

i1.wp.com

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

i1.wp.com

DNS Response

192.0.77.2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
6e66bd2d283b36991f7460262e5ff4ae

SHA1
eb6906c6d9350ef0b8ff2edd81c3e51649b4a916

SHA256
564b4fa6970bf22294bceca2fb8f53087f3f5dec9565872d731cedd80aa9e7c3

SHA512
974fef50144e97b5bbae326f07ec863082693396e85dd42a0f85c86b6a3d0928b2da485cb7b3e541942d3c9bf49ce2f8063acf0ced79d6ed755928fdba453727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
72d4880bc5c5e75d2c69ea85932f6015

SHA1
ac33593f45a034fef778aa22b0b93dd29a6c7366

SHA256
7e576ce866607f8e6802355e09db9431853bd6568fc239ff4e3308b4edc06b6d

SHA512
ba0976e2b8652d3dc71558e669ab450b793c49a61aa01a1b0b4dfe9a6c8bf0ab065548a314bad955104be5d5ef6948d959569433c40c69b01dd8b3ac09fa36e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
bc90511177a4597118c0cd5572567295

SHA1
ab38408b2f638d16ee748aae07dea098071f7aed

SHA256
eacd1a0ba09bb02dc47fa6e150be8a7d27ac8d082f33a3549e12be8161765784

SHA512
126d34d1095e69c89fff418e21cb72ed71d63977cc30a1202d7c5ebd80b6c4d960db4964ef7d1972a370f561205def244e33628632c44226ad1cb30f6c0dd1f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ac9f90e3627f6f4fce8071faa45580de

SHA1
64ecbafe9b7a443269c5de66d50285583ceaf47b

SHA256
1a513ef0b48ce7bd290e8202fb7f46fb74ea4a75aac3291d11870e8af7402fe3

SHA512
5d5652bdd204b3ed97701ff35adf0712f7a25bd9e4510b09ea2ca09a21207281e40c63d02fb2f1a1f1a9485610a9ab868002228bc6587e031adf7dc6cf1621e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6e1ea50506fb92665e630da642687673

SHA1
0bbb5afee55b912641f528dbd75165fe121c5043

SHA256
45b5c9fc3d5a6b9172bc5f8d3d5d933c66b5a6a267f594e75a2c719f9a23aeb0

SHA512
5ed5a99e3ebdfee09e235d04c41531cc58351689685b9c5bfccce694ea59fb740e209649bc08fc7623538bbc203a9660d953b5afc3ea9cf688a11d34191e4259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1c38c604e3a11614f104134d16417b56

SHA1
bb443ea4fc5384510d8442452cfefdd860623c22

SHA256
03fd70555892ffbf6cc7fe3f68d54eacbe317d12c2fee24d2bcceffe4f6ca4b2

SHA512
c9bff3fe33ca98f83e69cfa2ac0012597bb4c964fb0230a2847096a085ccf7771ea5b91e7b6c0ac5e15ab789578cb5303cf66f8ae0c475cef7067cd82dd33d93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c515f9d222f3cf02d52a7f8ade296891

SHA1
c26a9db357f08c0f915bf4642de43c919d172d83

SHA256
601209ad79cbfc4a81d7a7904f0b7e4a1fb89dd556e93ea93be50ee7fe570464

SHA512
ed9b1205b1587b8502061a72c97487099d7e5c6b63d8b85c58f212acb01ac36381c2cf55cd9c0e4e3365e40dfa29be9b948f7c619c9ac9e8f09324604ce319ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fd61bc45f4e117499c5153bbd53cbb7

SHA1
7816b47e0673aaf45799e39ae8d03edd2bbdf4e5

SHA256
f31fe09465b05b5b58786deb7b5c696458d662d2cf9ed05f229eab84c9a30108

SHA512
006776307088002d15396710f3c45d0f1d126e659f388ae6dd825050e6ab1c088140bfa3b7a35d05353b6d5679e5ce78910aaa52b37fc5bbd96e5b1920a0d54c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62372e3666de8c62d743e074ba6dce4b

SHA1
c2b0615f6a1341033081c139a53f58760c263d7a

SHA256
4b9b718ce10f572802989c283c6b7d94a87892833b13d8da78305f90f459bf7e

SHA512
8fd449310f175a57d949604fd779b701e25749d4f6f5147a4a074036da48a39349364a21f2b81739b2f7f30f7fc2ecd3458520b318976b4693124abd7d8a42ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c8d87d62f7ba4027e11815a75c5c34f

SHA1
331dbe81f6723e90e619e7adf250330ea4beceb0

SHA256
cec649a3d490b8ece2c3ec233c63c8572d9937ab2d204a23e7c56a2c95b82f3f

SHA512
bb52f7bf5e2c0ec4a10642b0c34f7995f3fa802596e4dbed9efcab06c159a09459f7ac2a9893e421c1ce3eae8a159910b3c278e32595deeda596515035b7cf40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d86ee1e67ca3cc220de7fd80e093cc3b

SHA1
9ec469413949ebf772ef868d6f246edde093f3df

SHA256
da20f0898d6bc52259d800c82bf59016f4c73176187328ae4970990467778aa3

SHA512
4a233c496f20c585fab9b0b7f108630a043578cf55fab0114a4f54eae5a3bb4c5be2bd0dd837c7e1665c602605aad1a0e3e74d26aab3e1dba2b176d33c71092c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79126dbbdce8c9488c5ca649ff78875e

SHA1
0f8ad5d4b478bcc8d0940276985dcf593a29c859

SHA256
b4f4c22cc44fb3aba6f240f10ac1cf25ca6ddc8d96e4507e7b23601793ed245b

SHA512
2b3206124b6ee4b3f977f7e90a322323232978d1fcb831c5cf64cc96c82b9a6809dd8c737d47fc0dcc7fae012626423b75075d11b3024d53b46c5e8fc1e2fa0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd1072af0e40ecdbeb663953a6f3c93b

SHA1
e87bf02f9d5ca12d5703b4f0b18fac52a47d73ba

SHA256
9415bdf47aa8bf7d88078ac5cf8981bd7c700ee8034a845678529e772a5367f9

SHA512
a657110fa2c8d8b685d874328f3cc1b1c9fba49767e0905b446c5a63e107674dc3e0042eda7a4843a0554b37a8384bfcb329b83e99f28e9c1fd096bc01ac5e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c143b138994a1089ff57120a243f505

SHA1
a6be657dab6b5e2bdd6ad24f2da73e1fd8bd960b

SHA256
9a2907236f67d1ea1d40782f4bdf6d5cf5f47df594f33c0463165184af23a2c0

SHA512
1495eff2d46ad3f05f999ea201f4fa2eb73d2e4bfdd62718026bb6b82e3d8856a70a393bb98803a48f2b23b01f75a1f8453ac3d06f0a6453a206aca9b7f995f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61be2f0d7e7aca339a24e70acaea98ef

SHA1
f9f60b94a887f77439a0cd480a2b8e17123d4fad

SHA256
bba20380689a4f2de8809ac36664cd709c2ad75ffe0bb36090540e3d357866ae

SHA512
050168427758c118fa921104792321f7db607e3424f092c8bd2643f85bd62743f8c06137a3b42646169454f1c904299b0b7606d1f40585a51c08b5b828ce247b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf7d71cd270452cad5fc364647fb0652

SHA1
50b4db809aec8a4d5bd3de4445423a6953fef6ef

SHA256
3faa31cf12450b5e2b0e653a2103031a2c750189948189a8c31d6bc58f3c3d17

SHA512
5c010eebc412469a8ccc59a2c20a84cae24d558d0aa9ab688c580beb47b5f3469ac4fd17a648e30ea9cd49dbd59c936dbaba5281b830806505805461f320b754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d1b307730710baed03b2aae9889ecd0

SHA1
eb924cf67d5ada38f8a941e63a8971895bed8c82

SHA256
6b9480208221e38d452f515a0e8c7d33f8f604c4c6011a645bbfac78710d4d44

SHA512
9f5435cbca4aed35db97c50e34cf552bb35abddb848eda93b4c4b11f710e7e40b3a6d14478375ad7eff53957d64e97e63eb56d3aecd9e0f9f9533629ba1a1dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a92aa201e075bf6313a483500ac09db8

SHA1
f4c9d4861039acbbec9fed03f19bd96ab11d10d5

SHA256
29f98d71e26e431af76abe267a10f775c08bc31855cc54dab004feef70b2a685

SHA512
6258b4b2bdfa28eaaf7c080e03802f9d46676b2f9b56398dd65874ae524930e9d0ac8a90debd57d61d68f1dc12a6fe7ab4d53c4979532ffdeac8726ad5a1b182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8941504628e23c78ad31b765b54f7690

SHA1
9a04fef9fbfb5db936ffa15c791a1ec336f3b39a

SHA256
506fb3e6880062c0e04a03a9300ec471c45cba48bb06139d2ad7a15a54f27324

SHA512
445916e320f56c96d83ab40aa44addf2d5a37bb2fda8fef7926aafde3c33affc0608db96c5ee8a579201498eaa1a4e0e49f37a793d3c638230e84b8da5a2c2f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
707ec39bf1d9c36d39f1f8195fa3d596

SHA1
262aea8936f21879d28236195f7d1ce7c3e22526

SHA256
e4d90ddd401ba429e484a2e2030cae6565623cf891d980511639f08cdbb99d92

SHA512
d36e25cc635361f251deea8f8cf793bbe5bec4ff79003e02b19e58bb88c1be8ea682e127950fe3e7fc5ca6e67195f91a89de98873ca2362a12983cf5e20836ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a58e1307055e41cd6e72994ad754d109

SHA1
30857e15652ff9b041dab5b75618f972c8fd9c07

SHA256
11581c26da637603faa49e03b4ff45ee579d5415b54f03c4e833882125eec811

SHA512
0119954a4f42ff677f496aab29d4a76c81f885f59f9ab5eb670a6d179ff6eac83f5c99d620757b331d6ceb055caa01b8b6b87b24251f1f5aed30c978b542a13e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
507866c1e166bc7ff79fadc458f5b82d

SHA1
444d77c3bf7e826dc3ab9daf88ea81a9d70e508a

SHA256
dffa7679174821ac464a588c55f49f7f0f4a62f42340920f289fa9a6a99ba3ba

SHA512
03e45740dad718059a82d01de27a747a93cd5cc1f4b1ff0898c704355bd8f2af4a2b16a22cff1288244cfff5820332cc6ef505a8c8f359f7d32bee5001624d1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
aaab81c0d238402f1cfe57f2f64cfc20

SHA1
82c3e845f2000dcc6f568b9e6de881ca0107acd0

SHA256
68076f9898582e30e180e92d9c47adcb2a2e6d548aabfc95fcb0d0fae71f94da

SHA512
a928d53be1d23a3e63bb8c8d3f0b5bf9a783c44b6ba3aa31174c84b1e7712f220738ad2161c71b0f583f8891f16165bc51fdcdbd720c4c88433a2f6bfd73226c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
dd6601639b05bbd570c6b0b49b19683e

SHA1
1f658da313b12caa7833949e4f70b5e97fb30501

SHA256
338d64c5e36f8c39d7c974abfa48735c06f3caee69c14294d337869b3854eee9

SHA512
df9ae8637bf6b5aed9a0e291235abe11c0850640c73bad81cf32a5a13bff7f5b41b9b576dc5323e4ca05e0f2a41d137e59c091b37374971a31e6b743a36b0752

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
d127618a4ba0de5f79890e1592951689

SHA1
e13b8b4aecf5aa1f0654ab1f594dd61c8e09084e

SHA256
0d4c2a7ecccae649feafe511a160965ed8539c0aff241316c5e6823a07f9e711

SHA512
069ca08b4a945e5366f7a261b13117cf12514f97ff583b2af4eca311134e9bd3880244a16a37251b63fb63c32e4e166bb79762eb554a1e95a2176a6122270971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ab8f9afca349f5c2cb2a87f3b794b206

SHA1
a6359d3dce22ee6006ff053ab4f2a330baba5cd4

SHA256
1f0d362f89b4846a5ed0cf0dbb9d1d284146dee55555c3fb751cb24de10147f9

SHA512
b33d92db3e6a5d5cff1dae0ef58dae1fcbc6c34b42b8c0c3e9f733bb530b691aa079e32c677b9a66237b189e680ba61725964c5f4f3243f3ace3f8c446584822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YO1R02Y\6128162e0ab80b6aaefd01d25ec9fefe[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar987.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request