Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 16:40 UTC

General

  • Target

    6b96096c063229cca1e95e3993bfcca2_JaffaCakes118.html

  • Size

    19KB

  • MD5

    6b96096c063229cca1e95e3993bfcca2

  • SHA1

    fd50f116c8f27e21c19f0e333e311b1819fb42a4

  • SHA256

    4a6b9ce46937f2a1480b9bb9de122cbbd5a42d675c508e780c6f526d67247f99

  • SHA512

    a615977b113e1b8003607451b6f723dd81c2cf411496be8048c8790217aa2979193092c7926c6f02bd65681c8b1a44296f9c5fd93fa46e7cc45d708ee37583ab

  • SSDEEP

    192:9K/ypUhT8iqEWwLTgE9d3lOhx4MfljQB2ghJxOMlUx9V6cxjb79DX+OunNiFliSg:4/yoT8iTLXfFEQBdMp55OOunNiXin

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b96096c063229cca1e95e3993bfcca2_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1908

Network

  • flag-us
    DNS
    static.mackeeper.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static.mackeeper.com
    IN A
    Response
    static.mackeeper.com
    IN CNAME
    d211q1i6v7lwo2.cloudfront.net
    d211q1i6v7lwo2.cloudfront.net
    IN A
    13.225.10.120
    d211q1i6v7lwo2.cloudfront.net
    IN A
    13.225.10.3
    d211q1i6v7lwo2.cloudfront.net
    IN A
    13.225.10.80
    d211q1i6v7lwo2.cloudfront.net
    IN A
    13.225.10.38
  • flag-us
    DNS
    static.mackeeper.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static.mackeeper.com
    IN A
  • flag-us
    DNS
    loadus.exelator.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    loadus.exelator.com
    IN A
    Response
    loadus.exelator.com
    IN CNAME
    loadus.tm.ssl.exelator.com
    loadus.tm.ssl.exelator.com
    IN CNAME
    eu-west.load.exelator.com
    eu-west.load.exelator.com
    IN CNAME
    load-euw1.exelator.com
    load-euw1.exelator.com
    IN A
    34.254.143.3
  • flag-us
    DNS
    loadus.exelator.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    loadus.exelator.com
    IN A
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/js/cookie.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/js/cookie.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/js/cookie.js?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: metSsAmCYnpCimOMvRVoIXSMdGYW9txI23EXAJwU3a2iRnh32nKGyA==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/sprite-ready-icon.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/sprite-ready-icon.png
    X-Cache: Miss from cloudfront
    Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: uAw5DGyySdbDfHdlDTnLI-tqnyV5PJb9x_s9MJJDJzk38p23EZULYA==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/css/style.min.css?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/css/style.min.css?mkv=1 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/css/style.min.css?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 2c10dcf9c9dce806048d7878d8a850dc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: 5k7mFHYZ5_WD--jxyiDuCNwkyQrJHa_fGYqEQWDKNmucWROzEKYhUQ==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/Pixels/js/1604.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:38 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/1604.js?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 2c10dcf9c9dce806048d7878d8a850dc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: WMtdmKTR6pePktEBnUvKSM2pmX9Hoevk58XIRwcJZeXMqD9waNof-A==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/main-img.jpg
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/main-img.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/main-img.jpg
    X-Cache: Miss from cloudfront
    Via: 1.1 2c10dcf9c9dce806048d7878d8a850dc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: Mr4y1KSHblqEtmT8-smskPcXEh-QmwfBWgRNLswi_LVgphYnpeL3fw==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/jquery/jquery.min.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/jquery/jquery.min.js?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: HfYwu50n-TSAKeYMVQdW3fJ6GF3XFjldqzEF9WjqJqz7C5Xjbi4xkQ==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/arrow_animation2.gif?mkv=1 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow_animation2.gif?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: e1wFfcE-Xa-H6TAjZLGkWhV5kDOgisJGw6jzxoBosYJnTiLkghqLFQ==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/pin.png
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/pin.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/pin.png
    X-Cache: Miss from cloudfront
    Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: IE2KGoWL1YvdIv1EJ2t0XYTq8YtwzbTubPEe3AGJ6O7DesVPULcx5A==
  • flag-ie
    GET
    http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0
    IEXPLORE.EXE
    Remote address:
    34.254.143.3:80
    Request
    GET /load/?p=1050&g=2&cat=[popunder]&j=0 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: loadus.exelator.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301
    server: nginx
    date: Thu, 23 May 2024 16:40:37 GMT
    content-type: text/html
    content-length: 162
    location: https://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0
    access-control-allow-credentials: true
    p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
  • flag-ie
    DNS
    IEXPLORE.EXE
    Remote address:
    34.254.143.3:80
    Response
    HTTP/1.1 408 Request Time-out
    content-length: 110
    cache-control: no-cache
    content-type: text/html
    connection: close
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/js/loclist.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/js/loclist.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/js/loclist.js?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 52bc27d24f50f7935e430abc56300f7c.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: OEbKoGwrekKtDB5azoj4gi3QCUeDesaRPQ-Pxw1hqpO-msNjunQvZA==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/?mkv=1 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:38 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 52bc27d24f50f7935e430abc56300f7c.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: IFaE3gvCE1HLg7U6LqbEe3XPFUZ_BWSPaXRUrkMhb9ZMAKnKlpwd_g==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/discounts/img/back.png
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/discounts/img/back.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/discounts/img/back.png
    X-Cache: Miss from cloudfront
    Via: 1.1 52bc27d24f50f7935e430abc56300f7c.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: _XPF4B-sWBWeT_nUOot-cPYaNiiv--SOojO-HLBYpVUBfI2uoRpm5Q==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/alert/alerts.js?mkv=4 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/alert/alerts.js?mkv=4
    X-Cache: Miss from cloudfront
    Via: 1.1 65fac79c4b1023a8d83e5e5bfb978ce0.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: 28kQ4Ck5WSDF7lU3leLE4ekIDBApZCMir41EQYN0WBYHU-VgkgfVwg==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/reset.css?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/reset.css?mkv=1 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/reset.css?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 8c82def71be6f7f1f6c2d1f6c8b83b0e.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: XvLHFeUbxdgz5cRnWbsdOKarfoPEWLhGRYWnLk9N5aDjdz38Cyac4A==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/overlay/overlay.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/overlay/overlay.js?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 590ad044183138a492a9344ba0b0a7ac.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: jjBCZkrUPFGelRGL3cGk8_zqg1xAmM8FsElkYDb5Q-F8YZ4yKdZjww==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/stars.png
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/stars.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/stars.png
    X-Cache: Miss from cloudfront
    Via: 1.1 590ad044183138a492a9344ba0b0a7ac.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: mMV3Oiz0iSVLEjc3_4Mg-XkbJ3TNxi2S9rVtM1jiV2mYnvXljKKlDQ==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/sprite-icons.png
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/sprite-icons.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/sprite-icons.png
    X-Cache: Miss from cloudfront
    Via: 1.1 590ad044183138a492a9344ba0b0a7ac.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: 7521I0qimrX4uEWjOgPr0ZGKb_08IwvbjfSN_mOMkEnl8DgjsW6jjA==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/discounts/css/styles.css?mkv=1 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/discounts/css/styles.css?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: y6D001BFJGu1ljIH0jwIs6v0dj_HpU4apf8bQ9cLv1sZ4O6I7Y3NzA==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/arrow_animation.gif?mkv=1 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:38 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow_animation.gif?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: krnMT-BdG_B_GDQler1Obp0KfDWKr-sjDMr8eUSNehP4DMgJh-OcoA==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/arrow.png
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/arrow.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow.png
    X-Cache: Miss from cloudfront
    Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: wY3rBuniOsPax1KyE7IxycA_uClKDNiP8g0ZiRX9Y0PZgkKfUNrs2w==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/123.1/img/steps-arrow.png
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/123.1/img/steps-arrow.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:41:00 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/steps-arrow.png
    X-Cache: Miss from cloudfront
    Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: Obs14bxZXqFUcpxNywDSKIUcBoWzPTPuN25jcMZl5mJntl25gtXWnw==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/Pixels/js/859.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/859.js?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 89695f3a4a3f2f2d6df76a407130856e.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: mxe2pmhshPRctsJ7bw4HtNKb00F1fJIZ5J98GUG910wYGA_8IhreJQ==
  • flag-pt
    GET
    http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    13.225.10.120:80
    Request
    GET /landings/libs/Pixels/js/1282.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: static.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Server: awselb/2.0
    Date: Thu, 23 May 2024 16:40:37 GMT
    Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/1282.js?mkv=1
    X-Cache: Miss from cloudfront
    Via: 1.1 d9ebcca3f9f33c28ea30019abcbd7da8.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: 6VSxC1pTBYbHR3YEQOYEspsmKu_8_lsHhe0nyj21SnJl_Q0r0sQijQ==
  • flag-ie
    DNS
    IEXPLORE.EXE
    Remote address:
    34.254.143.3:443
    Response
    HTTP/1.1 400 Bad request
    content-length: 90
    cache-control: no-cache
    content-type: text/html
    connection: close
  • flag-us
    DNS
    mackeeperapp.mackeeper.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    mackeeperapp.mackeeper.com
    IN A
    Response
    mackeeperapp.mackeeper.com
    IN A
    54.237.18.11
    mackeeperapp.mackeeper.com
    IN A
    3.225.22.167
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/discounts/img/back.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:00 GMT
    Content-Type: image/png
    Content-Length: 150912
    Connection: keep-alive
    Server: nginx
    Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
    ETag: "5ae70052-24d80"
    Expires: Sat, 22 Jun 2024 16:41:00 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/img/main-img.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:00 GMT
    Content-Type: image/jpeg
    Content-Length: 38349
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-95cd"
    Expires: Sat, 22 Jun 2024 16:41:00 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/?mkv=1 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:44 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Vary: Accept-Encoding
    Content-Security-Policy: default-src 'self' *.hotjar.com *.mackeeper.co *.mackeeper.com; frame-ancestors 'none'; frame-src 'self' 'unsafe-inline' *.a.disquscdn.com https://widget.trustpilot.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com *.lporirxe.com *.surveygizmo.com *.liadm.com *.typeform.com mc.yandex.ru *.js.ad-score.com/ *.cdn.onesignal.com/ *.onesignal.com/ *.criteo.com https://www.zenaps.com/; child-src 'self' 'unsafe-inline' *.a.disquscdn.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com *.lporirxe.com *.lporirxe.com blob: *.cdn.onesignal.com/ *.onesignal.com/ *.liadm.com; form-action 'self' *.mackeeper.com *.facebook.com; img-src 'self' 'unsafe-inline' *.a.disquscdn.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com data: *.2mdn.net *.pagead2.googlesyndication.com *.glotgrx.com *.lporirxe.com *.exelator.com *.owox.com *.liadm.com *.outbrain.com *.visualwebsiteoptimizer.com *.yahoo.co.jp *.apimzb-adserver.cloudmccloud.com *.3lift.com *.surveygizmo.com *.surveygizmolibrary.s3.amazonaws.com http://mc.yandex.ru https://mc.yandex.ru cx.atdmt.com *.baidu.com/ *.gstatstrk.com *.assets.kromtech.net *.cdn.onesignal.com/ *.onesignal.com/ *.rtmark.net/ *.taboola.com *.zoomsupport.com *.cloudmccloud.com *.linkconnector.com *.linkedin.com *.linkconnector.com linkconnector.com https://www.zenaps.com https://www.awin1.com *.clarity.ms *.lfeeder.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.a.disquscdn.com widget.trustpilot.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com disqus.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com l2.io *.inspectlet.com *.googlesyndication.com *.sagetrc.com *.glotgrx.com *.lporirxe.com b-code.liadm.com *.outbrain.com *.visualwebsiteoptimizer.com *.cloudfront.net/metrika/watch_ua.js *.yimg.jp http://addtocalendar.com https://addtocalendar.com *.yahoo.co.jp blob: *.surveygizmo.com *.surveygizmolibrary.s3.amazonaws.com *.s.ytimg.com *.typeform.com *.calendly.com *.linkconnector.com *.linkconnector.com mc.yandex.ru *.js.ad-score.com/ *.baidu.com/ *.cdn.onesignal.com/ *.onesignal.com/ *.rtmark.net/ *.taboola.com/ *.engine.4dsply.com *.engine.spotscenered.info *.engine.3dspk.com *.we3red.com *.engine.asadap.com *.engine.nictelroalps.com *.engine.liondigitalserving.com *.engine.addroplet.com *.beritapria.com/pixel/pixel_keeper.js cdnjs.cloudflare.com *.clickcease.com *.criteo.net *.criteo.com https://snap.licdn.com *.linkconnector.com linkconnector.com *.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.clarity.ms *.adcell.com *.lfeeder.com; style-src 'self' 'unsafe-inline' *.doubleclick.net *.flowplayer.org *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com *.a.disquscdn.com *.disqus.com *.googleapis.com *.fonts.gstatic.com *.mackeeperblog.disqus.com *.referrer.disqus.com *.google.com *.google.com.ua http://addtocalendar.com https://addtocalendar.com *.surveygizmo.com *.cdn.onesignal.com *.onesignal.com/ *.addtocalendar.com *.googletagmanager.com *.liadm.com; font-src 'self' data: *.doubleclick.net *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com fonts.googleapis.com fonts.gstatic.com *.surveygizmo.com *.static.mackeeper.com; object-src *.doubleclick.net *.flowplayer.org *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com *.pagead2.googlesyndication.com *.pagead2.googlesyndication.com *.liadm.com; connect-src 'self' *.mackeeper.co *.mackeeper.com https://mackeeper.com http://mackeeper.com https://rp.liadm.com http://rp.liadm.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com *.g.doubleclick.net http://lcidc.liadm.com https://lcidc.liadm.com *.assets.kromtech.net *.assets.kromtech.net *.google-analytics.com *.api.ipify.org *.mc.yandex.ru mc.yandex.ru *.data.ad-score.com *.baidu.com/ *.pushdata.onesignal.com:* *.onesignal.com/ *.onesignal.com/ *.taboola.com/ *.hotjar.io *.clickcease.com s.yimg.com *.facebook.com *.google.com bat.bing.com https://idtg.account.mackeeper.com https://the.sciencebehindecommerce.com *.liadm.com *.liadm.com *.adcell.com *.clarity.ms *.lfeeder.com;
    Set-Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; expires=Fri, 24-May-2024 16:40:44 GMT; Max-Age=86400; path=/; samesite=lax; secure
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6; path=/
    Request-ID: 114ff7e3ab3e7e4f1cb44a4cbb040c83
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/alert/alerts.js?mkv=4
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/alert/alerts.js?mkv=4 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:43 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 04 Oct 2018 13:30:26 GMT
    Vary: Accept-Encoding
    ETag: W/"5bb615f2-dbe8"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/discounts/css/styles.css?mkv=1 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:44 GMT
    Content-Type: text/css
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 24 May 2016 12:45:39 GMT
    Vary: Accept-Encoding
    ETag: W/"57444cf3-425"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/overlay/overlay.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:51 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
    Vary: Accept-Encoding
    ETag: W/"57164f85-569"
    Expires: Sat, 22 Jun 2024 16:40:51 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-ready-icon.png
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/img/sprite-ready-icon.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:00 GMT
    Content-Type: image/png
    Content-Length: 2412
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-96c"
    Expires: Sat, 22 Jun 2024 16:41:00 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/img/steps-arrow.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:01 GMT
    Content-Type: image/png
    Content-Length: 434
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-1b2"
    Expires: Sat, 22 Jun 2024 16:41:00 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/js/cookie.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:45 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
    Vary: Accept-Encoding
    ETag: W/"5ae70052-270"
    Expires: Sat, 22 Jun 2024 16:40:45 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/Pixels/js/1604.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:43 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
    Vary: Accept-Encoding
    ETag: W/"57164f85-189"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/css/style.min.css?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/css/style.min.css?mkv=1 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:43 GMT
    Content-Type: text/css
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 24 Nov 2020 10:39:52 GMT
    Vary: Accept-Encoding
    ETag: W/"5fbce2f8-4362"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/Pixels/js/1282.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:43 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Fri, 01 Jul 2016 11:50:23 GMT
    Vary: Accept-Encoding
    ETag: W/"577658ff-15c"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/Pixels/js/859.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:44 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 24 May 2016 10:01:52 GMT
    Vary: Accept-Encoding
    ETag: W/"57442690-1d2"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/img/arrow_animation.gif?mkv=1 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:44 GMT
    Content-Type: image/gif
    Content-Length: 7944
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-1f08"
    Expires: Sat, 22 Jun 2024 16:40:44 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/img/arrow_animation2.gif?mkv=1 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:43 GMT
    Content-Type: image/gif
    Content-Length: 7948
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-1f0c"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/libs/jquery/jquery.min.js?mkv=1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:40:43 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
    Vary: Accept-Encoding
    ETag: W/"57164f85-1762a"
    Expires: Sat, 22 Jun 2024 16:40:43 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/pin.png
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/img/pin.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:00 GMT
    Content-Type: image/png
    Content-Length: 749
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-2ed"
    Expires: Sat, 22 Jun 2024 16:41:00 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png
    IEXPLORE.EXE
    Remote address:
    54.237.18.11:443
    Request
    GET /landings/123.1/img/sprite-icons.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:01 GMT
    Content-Type: image/png
    Content-Length: 6724
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-1a44"
    Expires: Sat, 22 Jun 2024 16:41:01 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-us
    DNS
    ocsp.r2m03.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ocsp.r2m03.amazontrust.com
    IN A
    Response
    ocsp.r2m03.amazontrust.com
    IN A
    13.225.9.161
  • flag-us
    DNS
    ocsp.r2m03.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ocsp.r2m03.amazontrust.com
    IN A
  • flag-ie
    DNS
    IEXPLORE.EXE
    Remote address:
    34.254.143.3:443
    Response
    HTTP/1.1 400 Bad request
    content-length: 90
    cache-control: no-cache
    content-type: text/html
    connection: close
  • flag-us
    DNS
    ocsp.r2m03.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ocsp.r2m03.amazontrust.com
    IN A
    Response
    ocsp.r2m03.amazontrust.com
    IN A
    13.225.9.161
  • flag-us
    DNS
    ocsp.r2m03.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ocsp.r2m03.amazontrust.com
    IN A
  • flag-us
    DNS
    ocsp.r2m03.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ocsp.r2m03.amazontrust.com
    IN A
    Response
    ocsp.r2m03.amazontrust.com
    IN A
    13.225.9.161
  • flag-pt
    GET
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    IEXPLORE.EXE
    Remote address:
    13.225.9.161:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: ocsp.r2m03.amazontrust.com
    Response
    HTTP/1.1 200 OK
    Content-Type: application/ocsp-response
    Content-Length: 471
    Connection: keep-alive
    Accept-Ranges: bytes
    Cache-Control: max-age=7200
    Date: Thu, 23 May 2024 15:12:30 GMT
    Last-Modified: Thu, 23 May 2024 15:12:30 GMT
    Server: ECAcc (lhd/3585)
    X-Cache: Hit from cloudfront
    Via: 1.1 89695f3a4a3f2f2d6df76a407130856e.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: SKhk0BHlJu13N9-Psnd56lqq87Rq50DprvLoz5fX4hhKeddkb0cBCQ==
    Age: 5293
  • flag-pt
    GET
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    IEXPLORE.EXE
    Remote address:
    13.225.9.161:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: ocsp.r2m03.amazontrust.com
    Response
    HTTP/1.1 200 OK
    Content-Type: application/ocsp-response
    Content-Length: 471
    Connection: keep-alive
    Accept-Ranges: bytes
    Cache-Control: max-age=7200
    Date: Thu, 23 May 2024 15:12:30 GMT
    Last-Modified: Thu, 23 May 2024 15:12:30 GMT
    Server: ECAcc (lhd/3585)
    X-Cache: Hit from cloudfront
    Via: 1.1 84e82c8a6f436c18da1182c07f463906.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: fFQjGJMLa8mQfjTPnw19upSSnf56xxVwbemXpoya6YJRep6RwSvl3g==
    Age: 5293
  • flag-pt
    GET
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    IEXPLORE.EXE
    Remote address:
    13.225.9.161:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: ocsp.r2m03.amazontrust.com
    Response
    HTTP/1.1 200 OK
    Content-Type: application/ocsp-response
    Content-Length: 471
    Connection: keep-alive
    Accept-Ranges: bytes
    Cache-Control: max-age=7200
    Date: Thu, 23 May 2024 15:12:30 GMT
    Last-Modified: Thu, 23 May 2024 15:12:30 GMT
    Server: ECAcc (lhd/3585)
    X-Cache: Hit from cloudfront
    Via: 1.1 da1f6d03da0e6ca0243f47b48ec7ed16.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: 752EAeRZdspgmfYO0ZgBdV_O5xB0s7a8JTs-74NmKbzcMyu1fJS2EA==
    Age: 5293
  • flag-pt
    GET
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    IEXPLORE.EXE
    Remote address:
    13.225.9.161:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: ocsp.r2m03.amazontrust.com
    Response
    HTTP/1.1 200 OK
    Content-Type: application/ocsp-response
    Content-Length: 471
    Connection: keep-alive
    Accept-Ranges: bytes
    Cache-Control: max-age=7200
    Date: Thu, 23 May 2024 15:12:30 GMT
    Last-Modified: Thu, 23 May 2024 15:12:30 GMT
    Server: ECAcc (lhd/3585)
    X-Cache: Hit from cloudfront
    Via: 1.1 7980824cba87aa390d64c8693d060524.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: LIS50-C1
    X-Amz-Cf-Id: nCuy1Onbp0SLBAnrg4OMzdS6Mptf5JU2vhMjECO1lY12TbDDveufUA==
    Age: 5294
  • flag-us
    DNS
    assets.kromtech.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    assets.kromtech.net
    IN A
    Response
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/libs/reset.css?mkv=1
    IEXPLORE.EXE
    Remote address:
    3.225.22.167:443
    Request
    GET /landings/libs/reset.css?mkv=1 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:00 GMT
    Content-Type: text/css
    Transfer-Encoding: chunked
    Connection: keep-alive
    Server: nginx
    Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
    Vary: Accept-Encoding
    ETag: W/"5ae70052-33d"
    Expires: Sat, 22 Jun 2024 16:41:00 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Content-Encoding: gzip
  • flag-us
    GET
    https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png
    IEXPLORE.EXE
    Remote address:
    3.225.22.167:443
    Request
    GET /landings/123.1/img/arrow.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: mackeeperapp.mackeeper.com
    Connection: Keep-Alive
    Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6
    Response
    HTTP/1.1 200 OK
    Date: Thu, 23 May 2024 16:41:00 GMT
    Content-Type: image/png
    Content-Length: 926
    Connection: keep-alive
    Server: nginx
    Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
    ETag: "5d7a07e4-39e"
    Expires: Sat, 22 Jun 2024 16:41:00 GMT
    Cache-Control: max-age=2592000
    Cache-Control: must-revalidate
    Vary: Origin
    Accept-Ranges: bytes
  • flag-gb
    GET
    http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext
    IEXPLORE.EXE
    Remote address:
    216.58.204.74:80
    Request
    GET /css?family=Open+Sans:300,600&subset=latin,latin-ext HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fonts.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/css; charset=utf-8
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Expires: Thu, 23 May 2024 16:41:00 GMT
    Date: Thu, 23 May 2024 16:41:00 GMT
    Cache-Control: private, max-age=86400
    Cross-Origin-Opener-Policy: same-origin-allow-popups
    Cross-Origin-Resource-Policy: cross-origin
    Content-Encoding: gzip
    Transfer-Encoding: chunked
    Server: ESF
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
  • flag-gb
    GET
    http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext
    IEXPLORE.EXE
    Remote address:
    216.58.204.74:80
    Request
    GET /css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fonts.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/css; charset=utf-8
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Expires: Thu, 23 May 2024 16:41:00 GMT
    Date: Thu, 23 May 2024 16:41:00 GMT
    Cache-Control: private, max-age=86400
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin-allow-popups
    Content-Encoding: gzip
    Transfer-Encoding: chunked
    Server: ESF
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
  • flag-gb
    GET
    http://fonts.googleapis.com/css?family=Roboto:400,600,700
    IEXPLORE.EXE
    Remote address:
    216.58.204.74:80
    Request
    GET /css?family=Roboto:400,600,700 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fonts.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/css; charset=utf-8
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Expires: Thu, 23 May 2024 16:41:00 GMT
    Date: Thu, 23 May 2024 16:41:00 GMT
    Cache-Control: private, max-age=86400
    Cross-Origin-Opener-Policy: same-origin-allow-popups
    Cross-Origin-Resource-Policy: cross-origin
    Content-Encoding: gzip
    Transfer-Encoding: chunked
    Server: ESF
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
  • flag-us
    DNS
    event.mackeeper.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    event.mackeeper.com
    IN A
    Response
    event.mackeeper.com
    IN A
    18.172.89.116
    event.mackeeper.com
    IN A
    18.172.89.90
    event.mackeeper.com
    IN A
    18.172.89.107
    event.mackeeper.com
    IN A
    18.172.89.113
  • flag-gb
    GET
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 31144
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:01:15 GMT
    Expires: Sun, 18 May 2025 12:01:15 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Thu, 14 Dec 2023 02:01:28 GMT
    Content-Type: font/woff
    Age: 448785
  • flag-gb
    GET
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 31332
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:31:12 GMT
    Expires: Sun, 18 May 2025 12:31:12 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Thu, 14 Dec 2023 02:01:29 GMT
    Content-Type: font/woff
    Age: 446988
  • flag-gb
    GET
    http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 36788
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sun, 19 May 2024 00:40:25 GMT
    Expires: Mon, 19 May 2025 00:40:25 GMT
    Cache-Control: public, max-age=31536000
    Age: 403235
    Last-Modified: Thu, 01 Jun 2023 22:52:58 GMT
    Content-Type: font/woff
  • flag-gb
    GET
    http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff
    IEXPLORE.EXE
    Remote address:
    216.58.201.99:80
    Request
    GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff HTTP/1.1
    Accept: */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: file:
    Accept-Encoding: gzip, deflate
    Host: fonts.gstatic.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
    Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
    Timing-Allow-Origin: *
    Content-Length: 36956
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 18 May 2024 12:13:08 GMT
    Expires: Sun, 18 May 2025 12:13:08 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Thu, 01 Jun 2023 22:52:59 GMT
    Content-Type: font/woff
    Age: 448072
  • flag-gb
    GET
    https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=Hit&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json
    IEXPLORE.EXE
    Remote address:
    18.172.89.116:443
    Request
    GET /event.php?step=Landing_Loaded&substep=Hit&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: event.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Content-Length: 62
    Connection: keep-alive
    Date: Thu, 23 May 2024 16:41:00 GMT
    X-Cache: Miss from cloudfront
    Via: 1.1 802b22fb82cbd19ab6347f222b45a3fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: MAN51-P1
    X-Amz-Cf-Id: 3Lqs7sEsgtl_FKfuXy3pSNJmJ7IQzrlMUlTJYUfLNBmbiR5s_IqchQ==
  • flag-gb
    GET
    https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json
    IEXPLORE.EXE
    Remote address:
    18.172.89.116:443
    Request
    GET /event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: event.mackeeper.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Content-Length: 62
    Connection: keep-alive
    Date: Thu, 23 May 2024 16:41:02 GMT
    X-Cache: Miss from cloudfront
    Via: 1.1 802b22fb82cbd19ab6347f222b45a3fc.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: MAN51-P1
    X-Amz-Cf-Id: c7f8sQp7TY7Y4-gKuKi1EgNj9lR1r2S1Tv8-kKLWCb_Uj549W-ZWZg==
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png
    http
    IEXPLORE.EXE
    953 B
    1.4kB
    8
    6

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/js/cookie.js?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/123.1/img/main-img.jpg
    http
    IEXPLORE.EXE
    1.7kB
    3.3kB
    12
    10

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/main-img.jpg

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/123.1/img/pin.png
    http
    IEXPLORE.EXE
    1.7kB
    2.7kB
    11
    9

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/pin.png

    HTTP Response

    301
  • 34.254.143.3:80
    http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0
    http
    IEXPLORE.EXE
    906 B
    1.2kB
    13
    4

    HTTP Request

    GET http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0

    HTTP Response

    301
  • 34.254.143.3:80
    loadus.exelator.com
    http
    IEXPLORE.EXE
    236 B
    365 B
    5
    3

    HTTP Response

    408
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/libs/discounts/img/back.png
    http
    IEXPLORE.EXE
    1.7kB
    2.7kB
    11
    9

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/js/loclist.js?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/discounts/img/back.png

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4
    http
    IEXPLORE.EXE
    614 B
    1.4kB
    7
    5

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/libs/reset.css?mkv=1
    http
    IEXPLORE.EXE
    582 B
    836 B
    7
    6

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/reset.css?mkv=1

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/123.1/img/sprite-icons.png
    http
    IEXPLORE.EXE
    1.3kB
    2.1kB
    9
    8

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/stars.png

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/sprite-icons.png

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/123.1/img/steps-arrow.png
    http
    IEXPLORE.EXE
    2.1kB
    4.6kB
    14
    13

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/arrow.png

    HTTP Response

    301

    HTTP Request

    GET http://static.mackeeper.com/landings/123.1/img/steps-arrow.png

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1
    http
    IEXPLORE.EXE
    517 B
    751 B
    5
    4

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

    HTTP Response

    301
  • 13.225.10.120:80
    http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1
    http
    IEXPLORE.EXE
    518 B
    752 B
    5
    4

    HTTP Request

    GET http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

    HTTP Response

    301
  • 34.254.143.3:443
    loadus.exelator.com
    tls, http
    IEXPLORE.EXE
    836 B
    4.2kB
    11
    8

    HTTP Response

    400
  • 54.237.18.11:443
    mackeeperapp.mackeeper.com
    tls
    IEXPLORE.EXE
    2.2kB
    4.2kB
    14
    11
  • 54.237.18.11:443
    mackeeperapp.mackeeper.com
    tls
    IEXPLORE.EXE
    849 B
    6.0kB
    11
    10
  • 54.237.18.11:443
    mackeeperapp.mackeeper.com
    tls
    IEXPLORE.EXE
    797 B
    5.9kB
    10
    9
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png
    tls, http
    IEXPLORE.EXE
    4.2kB
    157.4kB
    72
    120

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png

    HTTP Response

    200
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg
    tls, http
    IEXPLORE.EXE
    2.1kB
    46.2kB
    28
    40

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg

    HTTP Response

    200
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1
    tls, http
    IEXPLORE.EXE
    1.6kB
    29.6kB
    20
    29

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1

    HTTP Response

    200
  • 54.237.18.11:443
    mackeeperapp.mackeeper.com
    IEXPLORE.EXE
    152 B
    3
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1
    tls, http
    IEXPLORE.EXE
    2.2kB
    16.2kB
    18
    19

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

    HTTP Response

    200
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png
    tls, http
    IEXPLORE.EXE
    3.1kB
    5.7kB
    18
    15

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png

    HTTP Response

    200
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1
    tls, http
    IEXPLORE.EXE
    2.4kB
    1.7kB
    14
    10

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1

    HTTP Response

    200
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1
    tls, http
    IEXPLORE.EXE
    3.2kB
    16.4kB
    20
    24

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

    HTTP Response

    200
  • 54.237.18.11:443
    https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png
    tls, http
    IEXPLORE.EXE
    3.9kB
    53.1kB
    37
    47

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/pin.png

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png

    HTTP Response

    200
  • 34.254.143.3:443
    loadus.exelator.com
    tls, http
    IEXPLORE.EXE
    897 B
    751 B
    9
    6

    HTTP Response

    400
  • 13.225.9.161:80
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    http
    IEXPLORE.EXE
    476 B
    1.1kB
    5
    4

    HTTP Request

    GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

    HTTP Response

    200
  • 13.225.9.161:80
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    http
    IEXPLORE.EXE
    476 B
    1.1kB
    5
    4

    HTTP Request

    GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

    HTTP Response

    200
  • 13.225.9.161:80
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    http
    IEXPLORE.EXE
    476 B
    1.1kB
    5
    4

    HTTP Request

    GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

    HTTP Response

    200
  • 13.225.9.161:80
    http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D
    http
    IEXPLORE.EXE
    476 B
    1.1kB
    5
    4

    HTTP Request

    GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

    HTTP Response

    200
  • 3.225.22.167:443
    https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png
    tls, http
    IEXPLORE.EXE
    1.7kB
    9.7kB
    13
    13

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/libs/reset.css?mkv=1

    HTTP Response

    200

    HTTP Request

    GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png

    HTTP Response

    200
  • 216.58.204.74:80
    http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext
    http
    IEXPLORE.EXE
    558 B
    938 B
    6
    5

    HTTP Request

    GET http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext

    HTTP Response

    200
  • 216.58.204.74:80
    http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext
    http
    IEXPLORE.EXE
    564 B
    916 B
    6
    5

    HTTP Request

    GET http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext

    HTTP Response

    200
  • 216.58.204.74:80
    http://fonts.googleapis.com/css?family=Roboto:400,600,700
    http
    IEXPLORE.EXE
    536 B
    897 B
    6
    5

    HTTP Request

    GET http://fonts.googleapis.com/css?family=Roboto:400,600,700

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff
    http
    IEXPLORE.EXE
    1.1kB
    33.0kB
    18
    27

    HTTP Request

    GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff
    http
    IEXPLORE.EXE
    1.1kB
    33.2kB
    18
    27

    HTTP Request

    GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff
    http
    IEXPLORE.EXE
    1.2kB
    38.8kB
    20
    31

    HTTP Request

    GET http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff

    HTTP Response

    200
  • 216.58.201.99:80
    http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff
    http
    IEXPLORE.EXE
    1.7kB
    39.0kB
    28
    31

    HTTP Request

    GET http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff

    HTTP Response

    200
  • 18.172.89.116:443
    https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json
    tls, http
    IEXPLORE.EXE
    1.7kB
    8.0kB
    11
    14

    HTTP Request

    GET https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=Hit&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json

    HTTP Response

    200

    HTTP Request

    GET https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json

    HTTP Response

    200
  • 18.172.89.116:443
    event.mackeeper.com
    tls
    IEXPLORE.EXE
    750 B
    6.6kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
    7.6kB
    9
    12
  • 8.8.8.8:53
    static.mackeeper.com
    dns
    IEXPLORE.EXE
    132 B
    173 B
    2
    1

    DNS Request

    static.mackeeper.com

    DNS Request

    static.mackeeper.com

    DNS Response

    13.225.10.120
    13.225.10.3
    13.225.10.80
    13.225.10.38

  • 8.8.8.8:53
    loadus.exelator.com
    dns
    IEXPLORE.EXE
    130 B
    160 B
    2
    1

    DNS Request

    loadus.exelator.com

    DNS Request

    loadus.exelator.com

    DNS Response

    34.254.143.3

  • 8.8.8.8:53
    mackeeperapp.mackeeper.com
    dns
    IEXPLORE.EXE
    72 B
    104 B
    1
    1

    DNS Request

    mackeeperapp.mackeeper.com

    DNS Response

    54.237.18.11
    3.225.22.167

  • 8.8.8.8:53
    ocsp.r2m03.amazontrust.com
    dns
    IEXPLORE.EXE
    144 B
    88 B
    2
    1

    DNS Request

    ocsp.r2m03.amazontrust.com

    DNS Request

    ocsp.r2m03.amazontrust.com

    DNS Response

    13.225.9.161

  • 8.8.8.8:53
    ocsp.r2m03.amazontrust.com
    dns
    IEXPLORE.EXE
    144 B
    88 B
    2
    1

    DNS Request

    ocsp.r2m03.amazontrust.com

    DNS Request

    ocsp.r2m03.amazontrust.com

    DNS Response

    13.225.9.161

  • 8.8.8.8:53
    ocsp.r2m03.amazontrust.com
    dns
    IEXPLORE.EXE
    72 B
    88 B
    1
    1

    DNS Request

    ocsp.r2m03.amazontrust.com

    DNS Response

    13.225.9.161

  • 8.8.8.8:53
    assets.kromtech.net
    dns
    IEXPLORE.EXE
    65 B
    146 B
    1
    1

    DNS Request

    assets.kromtech.net

  • 8.8.8.8:53
    event.mackeeper.com
    dns
    IEXPLORE.EXE
    65 B
    129 B
    1
    1

    DNS Request

    event.mackeeper.com

    DNS Response

    18.172.89.116
    18.172.89.90
    18.172.89.107
    18.172.89.113

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

    Filesize

    1KB

    MD5

    1142a4a2b96b712b2fccb3802b50d01b

    SHA1

    2283883c128ff11adec068619dae1345bf5fdd50

    SHA256

    93e98c83f8ac00dd60d71be7278005a4841c7992ce95503f1b56aec89df807f6

    SHA512

    63d1756c7fdc3e1883e9b0f0d8ca9ca2489d6ad866c0577fcda9fd9b50ab24a3993acd836de524203fbcdb2d09e910e902f6d8b040b7d2951f11d3930451f50b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    b008694037d69cf6085849531add5dbf

    SHA1

    6e66b82dcd93596e3ba1250d72f08e6853db86ae

    SHA256

    9150c5665787e0a631753e769c5c57c54b48ba10a9d14441e94fc11ddcb20d78

    SHA512

    364d235568a0578a9ced7c34f04ff4c1951de123a35d51012384b4341de783e305c86fc8c9e75ebd9fabdcbbe2023d38d7ec9c9a80febc16fd2604acc7cda84e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0b27ad62a8d9b9da4f2342b6c152110f

    SHA1

    f95d009cdea828097fd8d71b04a0c060ab08e7c6

    SHA256

    9d2b32e571f6c8aa969fbc8037660ad621253ae12c7b4bdfe3ea0151e6853004

    SHA512

    a082bf3fe526affa324439c59ded5283f783de05cd35735887da65e6389f985ba432a6fbaef1651cb7c3a14077b85243ee4353ceef29bf1d48119fae6cdfaed2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e9a9d2fa9f32a3772f73ea8811d637f

    SHA1

    0da8f66cc54a97cafe930604714939317b863f84

    SHA256

    e9944facb0c33f26bb78865927d7efcd8f395a9a4b78798337c7518dd9c13f18

    SHA512

    d98d807f486937e7d807101725d1020462db33c8c79a6ac49bb9d76902dbea56436f67c7308237f7c322137e6758f34ca2863d414b125991845b6412064da9cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ab7f8b14b6e37b693f1dd6559465a40c

    SHA1

    3e8252135d1f4a30681900d0191a212e6828b8f4

    SHA256

    363ff9945896d613c741ad3fc06c33f27a2f4ca8a85356567e374625aa2cbac7

    SHA512

    99b09539e7ff4d606e2e23902da779c080fbc1f8bed6531967aebc9cecebb564c6d2dec98d7afa84e4fabfdad88a96130a99ac017588c35a314a39a69962fc5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    648867fa4cb50d6dce6f139d2783311c

    SHA1

    21b5f37946ff85d91cc87facbd7d87d106ac96ef

    SHA256

    a69b7612d6f4a616c80b341a36da4dbc7100e42edcf3d5bb9caa50168a9706a0

    SHA512

    6946d1d92e69305d5355197c5906b6712e113d59c487f56ea210d337983b3b5aa0e68f3a635a00ca91493cae355678cd963a9c33b9b7267acbb57270cbab0f13

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b75d5b429327f6bab34eb1be36d5937

    SHA1

    98f1c0b9dee26fa93b362dd59878c36e56730378

    SHA256

    4fbbada3c5d8b846b973368d1d988da09aef4333f889e1e81e46cfdf0355ce9c

    SHA512

    c724b0f628347a830ec437fda0d3e64f87bf969db2ed3d7a40c33f6addfb1314f17d62b2b0c8e4c5c0fc7b70cda4ed02b866c3c8f25077554ce808f2369378a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8fcde73ff8b84791d5e6fba4d861f448

    SHA1

    a3dd28d9897d69b05928eeffaf8a9613724b5a87

    SHA256

    0493b18fe09c0a774ea7e23cdfdd0b69b8ec792e82ad348041b1c34286bc1942

    SHA512

    cf6730060b8c4548dfd18d291cdbfea87ced9c0e22db744d6d857f8b7bcc56de8c767b9231fd5e3e32c6b9c21452ae9649f9d43853428527fb9685bb8d61a881

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e9cf29fb533eb8abffa2efbdd1713ed4

    SHA1

    63c191e0b6fa08c9458aae19935c75f0d41c9640

    SHA256

    856c3b3ba5ae0de303665f4751e95ecdf2eb6a71c2a431dbce3c79e0c470550d

    SHA512

    41d815d7815c656389048508d569b88b74b3b045f3dc79d7f4aabaf03884abbfa59b7c843347480e207bf4a4594c08698e7a890881e787ebaa604b5cacb3bf4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3e12b387c55aa00071604333e05e2257

    SHA1

    214be66db6f3d100439e902305b6c6345b6fb278

    SHA256

    8a5ee9503b185f4a820dc961e5889ddf35bc53230b27ea9c6449c195115ddead

    SHA512

    d34a9e4cf8297d0feec79dacace745f4500430aa98c37fbb9a56af146602172ecbf9734bc869bf09020a428a3626aee7d67c0075cf7ff707e071c93d010acb56

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e2085499067d403906267334225f1720

    SHA1

    597884af5f1f80d907f006cee9a5944a09997039

    SHA256

    4d08f877f60c5d7ec5d8350f8db65f355ad6aa7dd43bbbb5388b05644a6af3af

    SHA512

    84084b4c8de345a7dc19d27773daf3000261c5252fe2d99c4259f55d45a04f9d61d6c33be6240645dc7ffc9cd4fd087dac316cb217cb60932b02b3805b67d24b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e5e14661dca808757170880acdb01c7a

    SHA1

    b43e1343d6c9d1516074849bbaa39ec5e7d593c7

    SHA256

    f601681491d1ef4c84ba23316f75d8aea5597bc4bae898916366bcc0b3e53037

    SHA512

    d5a16d193fb91d050a3ee34456d71581d4f467bcaee2ab16239fc1c6a8faf0f7a6832b6ad98fa76827c6d8cf46952a834f5db308553bc12b384711e2c2efb13f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a5b86254927e9ce139ba8843f9299bbb

    SHA1

    36afa3e161f4ed797aaac046eb8a96073e94e169

    SHA256

    4c47845bb0a5b46275c69c2e7ad0dcadb68de0100d8199858426a17d8b317998

    SHA512

    f92989b66faaa1db68c3eae0d4023047756c017a047793d8ab965f7c05dee8120b7b186e5f96b0ca179184c437b4e3cc187a0b92b1adf343a9cd57c8821a9bfd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb3e22e127d19d55d5990fcbb3704467

    SHA1

    72ef47d1f78d5eb7adcdfd522c199f9223cd6114

    SHA256

    ca04f93e8dc837f42ef38849480377559fcb606e37b7467d246ac7709ba65dea

    SHA512

    f5f4863a67703fc0f1e42047ef28597d415ade63226793860ac6eb5496ba4bfadd1be29ff6cf7f13d8e289e46c6f5cdbcd38f6ac644e586647d772531932b997

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b8b00df1777ad8a8d7fd307bd05bb79b

    SHA1

    4f7ff8b0bc7900cc0908b567d5bea4d2241827d1

    SHA256

    b456abb2bcee008cc9361adb9eaa548d60bfd2a1992f2e65ea5d40e277b7f050

    SHA512

    8634a79c9262beb1a94dbac298ce7510dd98caef8db33b5db52ac36aaba8980937a184c62cf44ce5e4dce1b716f3f64f2723a71feaf3b48871c32a5472360e2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9c8faa2cf3370a3c70b5afe150c03834

    SHA1

    65817a1ae8fa166a12ea6e9c2796b51cef416894

    SHA256

    bb29a65b096355ceca7d04139e7f72f05e0b9a3b45e293ee61c13661b48fff16

    SHA512

    b4531bec0588086bac532ef191d202ede75ff90a639d363a812d289aa411d44bbe6a6e5ff88b04d83a37538d84397b7714d0292afed8a79c20edee475c93f8a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aec30ffec64adcfc79dd11e36e91a512

    SHA1

    9dec6d26c7abbfc30400a78951e0e57ae453cea3

    SHA256

    6a1da9b088e644721a4801ab2c72e322ff4c4063cdcdce0fa05a4ed9d4bf96b3

    SHA512

    883b463075ec5eb0553fa8fa6544cbcf10042273feeed77739e654c71b5fa1d5bbb6abf803aa18f9b61c115b8038c55f15cea69712038f5ba446a92713037392

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d697d77e56ed2693b2de137f087bb969

    SHA1

    a762942501b573728df328bf61bb64a3c46ac10b

    SHA256

    4edf96a92495e2960d9301c59f09c282a17693dd9d1bcbf3ce3c7f7e23007cd3

    SHA512

    46543e71d57de88b4c98d2bf713d0451862560b31e0967675882086949b9485087974f3f9af7481e12b22b06d7dad0dff970cf7c5f6167b8271c4ced56bf355c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b6efdc65aa5246f512e16dc3c98bebdd

    SHA1

    398e45ac1b6b9b0883e68f8968b08037a78fedfc

    SHA256

    b678f0868044821f0ca5fd2c31c41cb21bb08f6970f960d4e468aef44f50d830

    SHA512

    dfbcfd467205054925cae5333954ba888783bd3ede3d3bdaa4cd713114d31dbde30837523e52df23ef129233aa65862da4b95889f3d5755a2b290eee32f0e82c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aa0cb37aef7e803b6735d795b3b3a043

    SHA1

    e541c650a86d79993d00dd03a37881c5eee462a0

    SHA256

    66bb52b28649886488dfea98fb0e210708ba6f8bd072e31240cd61d7c6817a24

    SHA512

    4faa16803aa9b868b0a33c1ec3bf6996f47bdf1b8c45e188c257fd1109f05d152dddebdd4ea80ba341268d701f7dd8a9db0f95cef32b583404b8e8f1f2ff0c83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    42c467f44ddc7171a309ede89d6274c5

    SHA1

    221326d1e2841e48fbc9b7a68c2542a725ca6e7d

    SHA256

    62634a48c8916506d3248f1f73645bd0f2aae17f9dfc8b540e8b34071076a612

    SHA512

    e4fa63c56ad8a945181c204277d44bf016dd5df1f4c044fa4f8199767fd7f922d78163392ae40894fd4715068b9183ca68295dc8cc277b97c9ac3a3030fd9daa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5d52ae52f5883435830aa66329fb1e6b

    SHA1

    62388c51455ba6bbb23615dc4c97271e4abfa14e

    SHA256

    0b9ba1ebf22aa925f376a0cc72f27a8f019e03952b3bf612828111ec4da25425

    SHA512

    81e0d10499a2712ca6db658c6609fabe9d8e20088175e6f3a4dd1302a4b5a88b486fdc9f2199f4751552ace02bbccfd0fc1ef5a0322d313dd586209952e04f82

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    48168c51b0f058a8d3fdb2a0271f3f7c

    SHA1

    e141357260d048d29c59c68ca7472d597da7b33d

    SHA256

    5780768a989ea254007a20d30317dd47aa722cd8061e56f54a9b2a7e89ca426e

    SHA512

    02b7cdb8f90aa51a77641b0d2f1c3ee21bd307aa2934c575148fc61ebed01e688de6b894cf723d67807809dc13cf72d597b12ca5b9337f5a6a9862e96d11aef7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    589650c2e0db013b840ae9401c891d8c

    SHA1

    48126c8bb6df6dcbe61b1f881aea22485ef6267e

    SHA256

    fd81ae3d36a06fd0825513a549a9613918d71290ffc339ae5cb1b89786a6fbf1

    SHA512

    f04714ab69e2b02fdd97415881d7c003b66fd93b9f52c76f982d3d73214e5cee15cecb0e668e62cbdfa5855d57e87546fbd81fb4fc6eebcebd3960d25c967cfa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ce93bfd6e28b831246d3b20cd82cf98

    SHA1

    38cb441af63f4d0caeda6d8b639c7074182945f1

    SHA256

    4e0835b5bbfeb8f96e9368a4d20bc7ed058da7e20764749bad7d0c5e83ed25ee

    SHA512

    62f1fca580e4c6e9944cdb742d723332939be111fe3a4078f04a271a8a6bfd293de7d7cfe0da1197626870abfcf0b4835708b6a6d660983e89d03384d51bbe26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    815bdfa692ef7012c27c6ea23b61de85

    SHA1

    5855065c74e5ec239f97de0f3c315df9145a3750

    SHA256

    fab3d27f7da07e4f4b9f1156cb5e5232d9c2b691e74ada7149c15b44838eb6d9

    SHA512

    a207f05f727e2e22bf495c00237dc8349f33f2280386aa92786585b76a46560f529fe8e9c5c0c9bf6c9a900217161e211c314cc8f4b847c16b31101cdca4c5d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3b9b3cf0431f7962ab8fca9825307a8c

    SHA1

    af542c9885e93c7faddac9934690d92bb960d929

    SHA256

    2841349090d4f0aeaf695b5b2b2cfec1d3ff52af00d2e2cb1974b642ccbe5c74

    SHA512

    9126a618fa47393b2ee9e162a354df33ddf81f9ef4722e616201c8edc2282bee9f2f546794b14e94fb9719b9b48aa181d3ea707789fe712de14957e2dfd8efe6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a6c11cc52b4a870b094788e86847959

    SHA1

    519b879adfd721e5ea64933652d8a8a15784d4c0

    SHA256

    03d05b3245ed0bcc7ec02dbe11f869854162a9834da72da5faff42b46937487f

    SHA512

    05144c139ab74f9a2ac50226b5c2432844a3bb25cd3851447e17f3aceab90ba71dc86af1a8940d80a684c0b0badfb2d966b4339c8a0cd957ba4fb526a5d740c9

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\1282[1].htm

    Filesize

    134B

    MD5

    4aa7a432bb447f094408f1bd6229c605

    SHA1

    1965c4952cc8c082a6307ed67061a57aab6632fa

    SHA256

    34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

    SHA512

    497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

  • C:\Users\Admin\AppData\Local\Temp\Cab25AC.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar25BE.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.