4a6b9ce46937f2a1480b9bb9de122cbbd5a42d675c508e780c6f526d67247f99

Analysis

max time kernel
143s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 16:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b96096c063229cca1e95e3993bfcca2_JaffaCakes118.html
Size

19KB
MD5

6b96096c063229cca1e95e3993bfcca2
SHA1

fd50f116c8f27e21c19f0e333e311b1819fb42a4
SHA256

4a6b9ce46937f2a1480b9bb9de122cbbd5a42d675c508e780c6f526d67247f99
SHA512

a615977b113e1b8003607451b6f723dd81c2cf411496be8048c8790217aa2979193092c7926c6f02bd65681c8b1a44296f9c5fd93fa46e7cc45d708ee37583ab
SSDEEP

192:9K/ypUhT8iqEWwLTgE9d3lOhx4MfljQB2ghJxOMlUx9V6cxjb79DX+OunNiFliSg:4/yoT8iTLXfFEQBdMp55OOunNiXin

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 002a69fe2fadda01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0e93a1130adda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D251F21-1923-11EF-931A-4205ACB4EED4} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000005659ca5cb4760f4354a84cbf29c7a0fee73efb779fc63dc3206c9c72873888de000000000e8000000002000020000000555da6236db0bb05754968e181e754e031177e29923bd7ab93f1853d63a724ba20000000782e6e51aed53ac320df397ab8d51dc5f37b636019c9074554577b10c47c6fe44000000060eaf646d70c903c0a20d33089da83564134617c2cb8486e0425476da7d4c9db9e32f6c6a98520ac7f50fbf5819ed82129635035175ecba0faa8733607afa0f4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000000839dae9f47aca815d522014d1ec94c12a77a852713b33484252165e625bba60000000000e80000000020000200000000a2f9e77ff1ed75a59eb58f3c3ba67ae4233c24e06cf9eba01535c8f5f5fccbb900000003aafaa1b8f82d0375dac5c4535bffa507a13aed088b5c6507d96df1f0bf3c13aee08252600c183c6e767be33c4afa5ec3f72987088d110c0259233d00797c6dffc53bfe39b8ace31727a419d99e3db93b37dc2e667728c8ac6cca8ac5810a35f7d52f6dee7ec1a5bcc2f7e95992ca149c5f4cf533adfa7852ff985ada5e475cde13e253125149f2c81c9b4bfa8fd83b74000000045375842f72401ea903813ab916af17b3f3f0d5ac08966c35e154009ac417c2874fa81e1f059be0ee96188d77bcfe40fe85971a54b4fef0438597cb7e309d331	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422644301"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1600	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
1908	IEXPLORE.EXE
1908	IEXPLORE.EXE
1908	IEXPLORE.EXE
1908	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1908	1600	iexplore.exe	28
PID 1600 wrote to memory of 1908	1600	iexplore.exe	28
PID 1600 wrote to memory of 1908	1600	iexplore.exe	28
PID 1600 wrote to memory of 1908	1600	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b96096c063229cca1e95e3993bfcca2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1908

Network

DNS

static.mackeeper.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.mackeeper.com

IN A

Response

static.mackeeper.com

IN CNAME

d211q1i6v7lwo2.cloudfront.net

d211q1i6v7lwo2.cloudfront.net

IN A

13.225.10.120

d211q1i6v7lwo2.cloudfront.net

IN A

13.225.10.3

d211q1i6v7lwo2.cloudfront.net

IN A

13.225.10.80

d211q1i6v7lwo2.cloudfront.net

IN A

13.225.10.38
DNS

static.mackeeper.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.mackeeper.com

IN A
DNS

loadus.exelator.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

loadus.exelator.com

IN A

Response

loadus.exelator.com

IN CNAME

loadus.tm.ssl.exelator.com

loadus.tm.ssl.exelator.com

IN CNAME

eu-west.load.exelator.com

eu-west.load.exelator.com

IN CNAME

load-euw1.exelator.com

load-euw1.exelator.com

IN A

34.254.143.3
DNS

loadus.exelator.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

loadus.exelator.com

IN A
GET

http://static.mackeeper.com/landings/libs/js/cookie.js?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/js/cookie.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/js/cookie.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: metSsAmCYnpCimOMvRVoIXSMdGYW9txI23EXAJwU3a2iRnh32nKGyA==
GET

http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/sprite-ready-icon.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/sprite-ready-icon.png
X-Cache: Miss from cloudfront
Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: uAw5DGyySdbDfHdlDTnLI-tqnyV5PJb9x_s9MJJDJzk38p23EZULYA==
GET

http://static.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/css/style.min.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/css/style.min.css?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 2c10dcf9c9dce806048d7878d8a850dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: 5k7mFHYZ5_WD--jxyiDuCNwkyQrJHa_fGYqEQWDKNmucWROzEKYhUQ==
GET

http://static.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/Pixels/js/1604.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:38 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/1604.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 2c10dcf9c9dce806048d7878d8a850dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: WMtdmKTR6pePktEBnUvKSM2pmX9Hoevk58XIRwcJZeXMqD9waNof-A==
GET

http://static.mackeeper.com/landings/123.1/img/main-img.jpg

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/main-img.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/main-img.jpg
X-Cache: Miss from cloudfront
Via: 1.1 2c10dcf9c9dce806048d7878d8a850dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: Mr4y1KSHblqEtmT8-smskPcXEh-QmwfBWgRNLswi_LVgphYnpeL3fw==
GET

http://static.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/jquery/jquery.min.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/jquery/jquery.min.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: HfYwu50n-TSAKeYMVQdW3fJ6GF3XFjldqzEF9WjqJqz7C5Xjbi4xkQ==
GET

http://static.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/arrow_animation2.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow_animation2.gif?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: e1wFfcE-Xa-H6TAjZLGkWhV5kDOgisJGw6jzxoBosYJnTiLkghqLFQ==
GET

http://static.mackeeper.com/landings/123.1/img/pin.png

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/pin.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/pin.png
X-Cache: Miss from cloudfront
Via: 1.1 014ab67808a44ee3c7c29c81742ee5fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: IE2KGoWL1YvdIv1EJ2t0XYTq8YtwzbTubPEe3AGJ6O7DesVPULcx5A==
GET

http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0

IEXPLORE.EXE

Remote address:

34.254.143.3:80

Request

GET /load/?p=1050&g=2&cat=[popunder]&j=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: loadus.exelator.com
Connection: Keep-Alive

Response

HTTP/1.1 301

server: nginx
date: Thu, 23 May 2024 16:40:37 GMT
content-type: text/html
content-length: 162
location: https://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0
access-control-allow-credentials: true
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
DNS

IEXPLORE.EXE

Remote address:

34.254.143.3:80

Response

HTTP/1.1 408 Request Time-out

content-length: 110
cache-control: no-cache
content-type: text/html
connection: close
GET

http://static.mackeeper.com/landings/libs/js/loclist.js?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/js/loclist.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/js/loclist.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 52bc27d24f50f7935e430abc56300f7c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: OEbKoGwrekKtDB5azoj4gi3QCUeDesaRPQ-Pxw1hqpO-msNjunQvZA==
GET

http://static.mackeeper.com/landings/123.1/?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:38 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 52bc27d24f50f7935e430abc56300f7c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: IFaE3gvCE1HLg7U6LqbEe3XPFUZ_BWSPaXRUrkMhb9ZMAKnKlpwd_g==
GET

http://static.mackeeper.com/landings/libs/discounts/img/back.png

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/discounts/img/back.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/discounts/img/back.png
X-Cache: Miss from cloudfront
Via: 1.1 52bc27d24f50f7935e430abc56300f7c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: _XPF4B-sWBWeT_nUOot-cPYaNiiv--SOojO-HLBYpVUBfI2uoRpm5Q==
GET

http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/alert/alerts.js?mkv=4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/alert/alerts.js?mkv=4
X-Cache: Miss from cloudfront
Via: 1.1 65fac79c4b1023a8d83e5e5bfb978ce0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: 28kQ4Ck5WSDF7lU3leLE4ekIDBApZCMir41EQYN0WBYHU-VgkgfVwg==
GET

http://static.mackeeper.com/landings/libs/reset.css?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/reset.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/reset.css?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 8c82def71be6f7f1f6c2d1f6c8b83b0e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: XvLHFeUbxdgz5cRnWbsdOKarfoPEWLhGRYWnLk9N5aDjdz38Cyac4A==
GET

http://static.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/overlay/overlay.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/overlay/overlay.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 590ad044183138a492a9344ba0b0a7ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: jjBCZkrUPFGelRGL3cGk8_zqg1xAmM8FsElkYDb5Q-F8YZ4yKdZjww==
GET

http://static.mackeeper.com/landings/123.1/img/stars.png

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/stars.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/stars.png
X-Cache: Miss from cloudfront
Via: 1.1 590ad044183138a492a9344ba0b0a7ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: mMV3Oiz0iSVLEjc3_4Mg-XkbJ3TNxi2S9rVtM1jiV2mYnvXljKKlDQ==
GET

http://static.mackeeper.com/landings/123.1/img/sprite-icons.png

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/sprite-icons.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/sprite-icons.png
X-Cache: Miss from cloudfront
Via: 1.1 590ad044183138a492a9344ba0b0a7ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: 7521I0qimrX4uEWjOgPr0ZGKb_08IwvbjfSN_mOMkEnl8DgjsW6jjA==
GET

http://static.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/discounts/css/styles.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/discounts/css/styles.css?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: y6D001BFJGu1ljIH0jwIs6v0dj_HpU4apf8bQ9cLv1sZ4O6I7Y3NzA==
GET

http://static.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/arrow_animation.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:38 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow_animation.gif?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: krnMT-BdG_B_GDQler1Obp0KfDWKr-sjDMr8eUSNehP4DMgJh-OcoA==
GET

http://static.mackeeper.com/landings/123.1/img/arrow.png

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/arrow.png
X-Cache: Miss from cloudfront
Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: wY3rBuniOsPax1KyE7IxycA_uClKDNiP8g0ZiRX9Y0PZgkKfUNrs2w==
GET

http://static.mackeeper.com/landings/123.1/img/steps-arrow.png

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/123.1/img/steps-arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:41:00 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/123.1/img/steps-arrow.png
X-Cache: Miss from cloudfront
Via: 1.1 cb4f40303e252a22c4df5918669814ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: Obs14bxZXqFUcpxNywDSKIUcBoWzPTPuN25jcMZl5mJntl25gtXWnw==
GET

http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/Pixels/js/859.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/859.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 89695f3a4a3f2f2d6df76a407130856e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: mxe2pmhshPRctsJ7bw4HtNKb00F1fJIZ5J98GUG910wYGA_8IhreJQ==
GET

http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

IEXPLORE.EXE

Remote address:

13.225.10.120:80

Request

GET /landings/libs/Pixels/js/1282.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Server: awselb/2.0
Date: Thu, 23 May 2024 16:40:37 GMT
Location: https://mackeeperapp.mackeeper.com:443/landings/libs/Pixels/js/1282.js?mkv=1
X-Cache: Miss from cloudfront
Via: 1.1 d9ebcca3f9f33c28ea30019abcbd7da8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: 6VSxC1pTBYbHR3YEQOYEspsmKu_8_lsHhe0nyj21SnJl_Q0r0sQijQ==
DNS

IEXPLORE.EXE

Remote address:

34.254.143.3:443

Response

HTTP/1.1 400 Bad request

content-length: 90
cache-control: no-cache
content-type: text/html
connection: close
DNS

mackeeperapp.mackeeper.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

mackeeperapp.mackeeper.com

IN A

Response

mackeeperapp.mackeeper.com

IN A

54.237.18.11

mackeeperapp.mackeeper.com

IN A

3.225.22.167
GET

https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/discounts/img/back.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:00 GMT
Content-Type: image/png
Content-Length: 150912
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
ETag: "5ae70052-24d80"
Expires: Sat, 22 Jun 2024 16:41:00 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/img/main-img.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:00 GMT
Content-Type: image/jpeg
Content-Length: 38349
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-95cd"
Expires: Sat, 22 Jun 2024 16:41:00 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Security-Policy: default-src 'self' *.hotjar.com *.mackeeper.co *.mackeeper.com; frame-ancestors 'none'; frame-src 'self' 'unsafe-inline' *.a.disquscdn.com https://widget.trustpilot.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com *.lporirxe.com *.surveygizmo.com *.liadm.com *.typeform.com mc.yandex.ru *.js.ad-score.com/ *.cdn.onesignal.com/ *.onesignal.com/ *.criteo.com https://www.zenaps.com/; child-src 'self' 'unsafe-inline' *.a.disquscdn.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com *.lporirxe.com *.lporirxe.com blob: *.cdn.onesignal.com/ *.onesignal.com/ *.liadm.com; form-action 'self' *.mackeeper.com *.facebook.com; img-src 'self' 'unsafe-inline' *.a.disquscdn.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com *.s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com data: *.2mdn.net *.pagead2.googlesyndication.com *.glotgrx.com *.lporirxe.com *.exelator.com *.owox.com *.liadm.com *.outbrain.com *.visualwebsiteoptimizer.com *.yahoo.co.jp *.apimzb-adserver.cloudmccloud.com *.3lift.com *.surveygizmo.com *.surveygizmolibrary.s3.amazonaws.com http://mc.yandex.ru https://mc.yandex.ru cx.atdmt.com *.baidu.com/ *.gstatstrk.com *.assets.kromtech.net *.cdn.onesignal.com/ *.onesignal.com/ *.rtmark.net/ *.taboola.com *.zoomsupport.com *.cloudmccloud.com *.linkconnector.com *.linkedin.com *.linkconnector.com linkconnector.com https://www.zenaps.com https://www.awin1.com *.clarity.ms *.lfeeder.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.a.disquscdn.com widget.trustpilot.com *.adsage.com *.adsitrx.com *.analytics.yahoo.com *.b2c.com *.bing.com disqus.com *.disqus.com *.doubleclick.net *.facebook.com *.facebook.net *.flowplayer.org *.fqtag.com *.google.com *.google.com.ua *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.i.ytimg.com *.images.dmca.com *.intljs.rmtag.com *.kromtech.com *.kromtech.net *.linksynergy.com *.mackeeper.co *.mackeeper.com *.mackeeperblog.disqus.com *.mpnrs.com *.msn.com *.optimizely.com *.yabidos.com s.yimg.com *.secure.ace-tag.advertising.com *.secure.leadback.advertising.com *.shopperapproved.com *.tagmanager.google.com *.tribalfusion.com *.twimg.com *.twitter.com ws://*.hotjar.com wss://*.hotjar.com *.www1.mpnrs.com *.youtube.com l2.io *.inspectlet.com *.googlesyndication.com *.sagetrc.com *.glotgrx.com *.lporirxe.com b-code.liadm.com *.outbrain.com *.visualwebsiteoptimizer.com *.cloudfront.net/metrika/watch_ua.js *.yimg.jp http://addtocalendar.com https://addtocalendar.com *.yahoo.co.jp blob: *.surveygizmo.com *.surveygizmolibrary.s3.amazonaws.com *.s.ytimg.com *.typeform.com *.calendly.com *.linkconnector.com *.linkconnector.com mc.yandex.ru *.js.ad-score.com/ *.baidu.com/ *.cdn.onesignal.com/ *.onesignal.com/ *.rtmark.net/ *.taboola.com/ *.engine.4dsply.com *.engine.spotscenered.info *.engine.3dspk.com *.we3red.com *.engine.asadap.com *.engine.nictelroalps.com *.engine.liondigitalserving.com *.engine.addroplet.com *.beritapria.com/pixel/pixel_keeper.js cdnjs.cloudflare.com *.clickcease.com *.criteo.net *.criteo.com https://snap.licdn.com *.linkconnector.com linkconnector.com *.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.clarity.ms *.adcell.com *.lfeeder.com; style-src 'self' 'unsafe-inline' *.doubleclick.net *.flowplayer.org *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com *.a.disquscdn.com *.disqus.com *.googleapis.com *.fonts.gstatic.com *.mackeeperblog.disqus.com *.referrer.disqus.com *.google.com *.google.com.ua http://addtocalendar.com https://addtocalendar.com *.surveygizmo.com *.cdn.onesignal.com *.onesignal.com/ *.addtocalendar.com *.googletagmanager.com *.liadm.com; font-src 'self' data: *.doubleclick.net *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com fonts.googleapis.com fonts.gstatic.com *.surveygizmo.com *.static.mackeeper.com; object-src *.doubleclick.net *.flowplayer.org *.mackeeper.co *.mackeeper.com *.twimg.com *.twitter.com *.pagead2.googlesyndication.com *.pagead2.googlesyndication.com *.liadm.com; connect-src 'self' *.mackeeper.co *.mackeeper.com https://mackeeper.com http://mackeeper.com https://rp.liadm.com http://rp.liadm.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com *.g.doubleclick.net http://lcidc.liadm.com https://lcidc.liadm.com *.assets.kromtech.net *.assets.kromtech.net *.google-analytics.com *.api.ipify.org *.mc.yandex.ru mc.yandex.ru *.data.ad-score.com *.baidu.com/ *.pushdata.onesignal.com:* *.onesignal.com/ *.onesignal.com/ *.taboola.com/ *.hotjar.io *.clickcease.com s.yimg.com *.facebook.com *.google.com bat.bing.com https://idtg.account.mackeeper.com https://the.sciencebehindecommerce.com *.liadm.com *.liadm.com *.adcell.com *.clarity.ms *.lfeeder.com;
Set-Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; expires=Fri, 24-May-2024 16:40:44 GMT; Max-Age=86400; path=/; samesite=lax; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6; path=/
Request-ID: 114ff7e3ab3e7e4f1cb44a4cbb040c83
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/alert/alerts.js?mkv=4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 04 Oct 2018 13:30:26 GMT
Vary: Accept-Encoding
ETag: W/"5bb615f2-dbe8"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/discounts/css/styles.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:44 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 24 May 2016 12:45:39 GMT
Vary: Accept-Encoding
ETag: W/"57444cf3-425"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/overlay/overlay.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
Vary: Accept-Encoding
ETag: W/"57164f85-569"
Expires: Sat, 22 Jun 2024 16:40:51 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/img/sprite-ready-icon.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:00 GMT
Content-Type: image/png
Content-Length: 2412
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-96c"
Expires: Sat, 22 Jun 2024 16:41:00 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/img/steps-arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:01 GMT
Content-Type: image/png
Content-Length: 434
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1b2"
Expires: Sat, 22 Jun 2024 16:41:00 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/js/cookie.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
Vary: Accept-Encoding
ETag: W/"5ae70052-270"
Expires: Sat, 22 Jun 2024 16:40:45 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/Pixels/js/1604.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
Vary: Accept-Encoding
ETag: W/"57164f85-189"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/css/style.min.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:43 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 24 Nov 2020 10:39:52 GMT
Vary: Accept-Encoding
ETag: W/"5fbce2f8-4362"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/Pixels/js/1282.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Fri, 01 Jul 2016 11:50:23 GMT
Vary: Accept-Encoding
ETag: W/"577658ff-15c"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/Pixels/js/859.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 24 May 2016 10:01:52 GMT
Vary: Accept-Encoding
ETag: W/"57442690-1d2"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/img/arrow_animation.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:44 GMT
Content-Type: image/gif
Content-Length: 7944
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1f08"
Expires: Sat, 22 Jun 2024 16:40:44 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/img/arrow_animation2.gif?mkv=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:43 GMT
Content-Type: image/gif
Content-Length: 7948
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1f0c"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/libs/jquery/jquery.min.js?mkv=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:40:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 19 Apr 2016 15:32:21 GMT
Vary: Accept-Encoding
ETag: W/"57164f85-1762a"
Expires: Sat, 22 Jun 2024 16:40:43 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/pin.png

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/img/pin.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:00 GMT
Content-Type: image/png
Content-Length: 749
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-2ed"
Expires: Sat, 22 Jun 2024 16:41:00 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png

IEXPLORE.EXE

Remote address:

54.237.18.11:443

Request

GET /landings/123.1/img/sprite-icons.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:01 GMT
Content-Type: image/png
Content-Length: 6724
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-1a44"
Expires: Sat, 22 Jun 2024 16:41:01 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

13.225.9.161
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A
DNS

IEXPLORE.EXE

Remote address:

34.254.143.3:443

Response

HTTP/1.1 400 Bad request

content-length: 90
cache-control: no-cache
content-type: text/html
connection: close
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

13.225.9.161
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A
DNS

ocsp.r2m03.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m03.amazontrust.com

IN A

Response

ocsp.r2m03.amazontrust.com

IN A

13.225.9.161
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

13.225.9.161:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 23 May 2024 15:12:30 GMT
Last-Modified: Thu, 23 May 2024 15:12:30 GMT
Server: ECAcc (lhd/3585)
X-Cache: Hit from cloudfront
Via: 1.1 89695f3a4a3f2f2d6df76a407130856e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: SKhk0BHlJu13N9-Psnd56lqq87Rq50DprvLoz5fX4hhKeddkb0cBCQ==
Age: 5293
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

13.225.9.161:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 23 May 2024 15:12:30 GMT
Last-Modified: Thu, 23 May 2024 15:12:30 GMT
Server: ECAcc (lhd/3585)
X-Cache: Hit from cloudfront
Via: 1.1 84e82c8a6f436c18da1182c07f463906.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: fFQjGJMLa8mQfjTPnw19upSSnf56xxVwbemXpoya6YJRep6RwSvl3g==
Age: 5293
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

13.225.9.161:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 23 May 2024 15:12:30 GMT
Last-Modified: Thu, 23 May 2024 15:12:30 GMT
Server: ECAcc (lhd/3585)
X-Cache: Hit from cloudfront
Via: 1.1 da1f6d03da0e6ca0243f47b48ec7ed16.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: 752EAeRZdspgmfYO0ZgBdV_O5xB0s7a8JTs-74NmKbzcMyu1fJS2EA==
Age: 5293
GET

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

IEXPLORE.EXE

Remote address:

13.225.9.161:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.r2m03.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 23 May 2024 15:12:30 GMT
Last-Modified: Thu, 23 May 2024 15:12:30 GMT
Server: ECAcc (lhd/3585)
X-Cache: Hit from cloudfront
Via: 1.1 7980824cba87aa390d64c8693d060524.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LIS50-C1
X-Amz-Cf-Id: nCuy1Onbp0SLBAnrg4OMzdS6Mptf5JU2vhMjECO1lY12TbDDveufUA==
Age: 5294
DNS

assets.kromtech.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

assets.kromtech.net

IN A

Response
GET

https://mackeeperapp.mackeeper.com/landings/libs/reset.css?mkv=1

IEXPLORE.EXE

Remote address:

3.225.22.167:443

Request

GET /landings/libs/reset.css?mkv=1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:00 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 30 Apr 2018 11:38:58 GMT
Vary: Accept-Encoding
ETag: W/"5ae70052-33d"
Expires: Sat, 22 Jun 2024 16:41:00 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Content-Encoding: gzip
GET

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png

IEXPLORE.EXE

Remote address:

3.225.22.167:443

Request

GET /landings/123.1/img/arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mackeeperapp.mackeeper.com
Connection: Keep-Alive
Cookie: get_params_landings=%7B%22mkv%22%3A%221%22%7D; PHPSESSID=edqnpi9nlupcs48bhqqhpabeq6

Response

HTTP/1.1 200 OK

Date: Thu, 23 May 2024 16:41:00 GMT
Content-Type: image/png
Content-Length: 926
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 12 Sep 2019 08:55:00 GMT
ETag: "5d7a07e4-39e"
Expires: Sat, 22 Jun 2024 16:41:00 GMT
Cache-Control: max-age=2592000
Cache-Control: must-revalidate
Vary: Origin
Accept-Ranges: bytes
GET

http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Open+Sans:300,600&subset=latin,latin-ext HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 23 May 2024 16:41:00 GMT
Date: Thu, 23 May 2024 16:41:00 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 23 May 2024 16:41:00 GMT
Date: Thu, 23 May 2024 16:41:00 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.googleapis.com/css?family=Roboto:400,600,700

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Roboto:400,600,700 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 23 May 2024 16:41:00 GMT
Date: Thu, 23 May 2024 16:41:00 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

event.mackeeper.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

event.mackeeper.com

IN A

Response

event.mackeeper.com

IN A

18.172.89.116

event.mackeeper.com

IN A

18.172.89.90

event.mackeeper.com

IN A

18.172.89.107

event.mackeeper.com

IN A

18.172.89.113
GET

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff

IEXPLORE.EXE

Remote address:

216.58.201.99:80

Request

GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 31144
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:01:15 GMT
Expires: Sun, 18 May 2025 12:01:15 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 14 Dec 2023 02:01:28 GMT
Content-Type: font/woff
Age: 448785
GET

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff

IEXPLORE.EXE

Remote address:

216.58.201.99:80

Request

GET /s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 31332
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:31:12 GMT
Expires: Sun, 18 May 2025 12:31:12 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 14 Dec 2023 02:01:29 GMT
Content-Type: font/woff
Age: 446988
GET

http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff

IEXPLORE.EXE

Remote address:

216.58.201.99:80

Request

GET /s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 36788
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 19 May 2024 00:40:25 GMT
Expires: Mon, 19 May 2025 00:40:25 GMT
Cache-Control: public, max-age=31536000
Age: 403235
Last-Modified: Thu, 01 Jun 2023 22:52:58 GMT
Content-Type: font/woff
GET

http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff

IEXPLORE.EXE

Remote address:

216.58.201.99:80

Request

GET /s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: file:
Accept-Encoding: gzip, deflate
Host: fonts.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 36956
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 18 May 2024 12:13:08 GMT
Expires: Sun, 18 May 2025 12:13:08 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 01 Jun 2023 22:52:59 GMT
Content-Type: font/woff
Age: 448072
GET

https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=Hit&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json

IEXPLORE.EXE

Remote address:

18.172.89.116:443

Request

GET /event.php?step=Landing_Loaded&substep=Hit&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: event.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8
Content-Length: 62
Connection: keep-alive
Date: Thu, 23 May 2024 16:41:00 GMT
X-Cache: Miss from cloudfront
Via: 1.1 802b22fb82cbd19ab6347f222b45a3fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MAN51-P1
X-Amz-Cf-Id: 3Lqs7sEsgtl_FKfuXy3pSNJmJ7IQzrlMUlTJYUfLNBmbiR5s_IqchQ==
GET

https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json

IEXPLORE.EXE

Remote address:

18.172.89.116:443

Request

GET /event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: event.mackeeper.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8
Content-Length: 62
Connection: keep-alive
Date: Thu, 23 May 2024 16:41:02 GMT
X-Cache: Miss from cloudfront
Via: 1.1 802b22fb82cbd19ab6347f222b45a3fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MAN51-P1
X-Amz-Cf-Id: c7f8sQp7TY7Y4-gKuKi1EgNj9lR1r2S1Tv8-kKLWCb_Uj549W-ZWZg==

13.225.10.120:80

http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

http

IEXPLORE.EXE

953 B
1.4kB
8
6

HTTP Request

GET http://static.mackeeper.com/landings/libs/js/cookie.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/123.1/img/main-img.jpg

http

IEXPLORE.EXE

1.7kB
3.3kB
12
10

HTTP Request

GET http://static.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/main-img.jpg

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/123.1/img/pin.png

http

IEXPLORE.EXE

1.7kB
2.7kB
11
9

HTTP Request

GET http://static.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/pin.png

HTTP Response

301
34.254.143.3:80

http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0

http

IEXPLORE.EXE

906 B
1.2kB
13
4

HTTP Request

GET http://loadus.exelator.com/load/?p=1050&g=2&cat=[popunder]&j=0

HTTP Response

301
34.254.143.3:80

loadus.exelator.com

http

IEXPLORE.EXE

236 B
365 B
5
3

HTTP Response

408
13.225.10.120:80

http://static.mackeeper.com/landings/libs/discounts/img/back.png

http

IEXPLORE.EXE

1.7kB
2.7kB
11
9

HTTP Request

GET http://static.mackeeper.com/landings/libs/js/loclist.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/libs/discounts/img/back.png

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

http

IEXPLORE.EXE

614 B
1.4kB
7
5

HTTP Request

GET http://static.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/libs/reset.css?mkv=1

http

IEXPLORE.EXE

582 B
836 B
7
6

HTTP Request

GET http://static.mackeeper.com/landings/libs/reset.css?mkv=1

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/123.1/img/sprite-icons.png

http

IEXPLORE.EXE

1.3kB
2.1kB
9
8

HTTP Request

GET http://static.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/stars.png

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/sprite-icons.png

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/123.1/img/steps-arrow.png

http

IEXPLORE.EXE

2.1kB
4.6kB
14
13

HTTP Request

GET http://static.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/arrow.png

HTTP Response

301

HTTP Request

GET http://static.mackeeper.com/landings/123.1/img/steps-arrow.png

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

http

IEXPLORE.EXE

517 B
751 B
5
4

HTTP Request

GET http://static.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

HTTP Response

301
13.225.10.120:80

http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

http

IEXPLORE.EXE

518 B
752 B
5
4

HTTP Request

GET http://static.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

HTTP Response

301
34.254.143.3:443

loadus.exelator.com

tls, http

IEXPLORE.EXE

836 B
4.2kB
11
8

HTTP Response

400
54.237.18.11:443

mackeeperapp.mackeeper.com

tls

IEXPLORE.EXE

2.2kB
4.2kB
14
11
54.237.18.11:443

mackeeperapp.mackeeper.com

tls

IEXPLORE.EXE

849 B
6.0kB
11
10
54.237.18.11:443

mackeeperapp.mackeeper.com

tls

IEXPLORE.EXE

797 B
5.9kB
10
9
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png

tls, http

IEXPLORE.EXE

4.2kB
157.4kB
72
120

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/discounts/img/back.png

HTTP Response

200
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg

tls, http

IEXPLORE.EXE

2.1kB
46.2kB
28
40

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/main-img.jpg

HTTP Response

200
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1

tls, http

IEXPLORE.EXE

1.6kB
29.6kB
20
29

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/?mkv=1

HTTP Response

200
54.237.18.11:443

mackeeperapp.mackeeper.com

IEXPLORE.EXE

152 B
3
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

tls, http

IEXPLORE.EXE

2.2kB
16.2kB
18
19

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/alert/alerts.js?mkv=4

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/discounts/css/styles.css?mkv=1

HTTP Response

200
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png

tls, http

IEXPLORE.EXE

3.1kB
5.7kB
18
15

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/overlay/overlay.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-ready-icon.png

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/steps-arrow.png

HTTP Response

200
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1

tls, http

IEXPLORE.EXE

2.4kB
1.7kB
14
10

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/js/cookie.js?mkv=1

HTTP Response

200
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

tls, http

IEXPLORE.EXE

3.2kB
16.4kB
20
24

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1604.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/css/style.min.css?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/1282.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/Pixels/js/859.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation.gif?mkv=1

HTTP Response

200
54.237.18.11:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png

tls, http

IEXPLORE.EXE

3.9kB
53.1kB
37
47

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow_animation2.gif?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/jquery/jquery.min.js?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/pin.png

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/sprite-icons.png

HTTP Response

200
34.254.143.3:443

loadus.exelator.com

tls, http

IEXPLORE.EXE

897 B
751 B
9
6

HTTP Response

400
13.225.9.161:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
13.225.9.161:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
13.225.9.161:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
13.225.9.161:80

http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

http

IEXPLORE.EXE

476 B
1.1kB
5
4

HTTP Request

GET http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAz6hC7AMlmqFEXsYDF%2BXWQ%3D

HTTP Response

200
3.225.22.167:443

https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png

tls, http

IEXPLORE.EXE

1.7kB
9.7kB
13
13

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/libs/reset.css?mkv=1

HTTP Response

200

HTTP Request

GET https://mackeeperapp.mackeeper.com/landings/123.1/img/arrow.png

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext

http

IEXPLORE.EXE

558 B
938 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin,latin-ext

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext

http

IEXPLORE.EXE

564 B
916 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600&subset=latin,latin-ext

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/css?family=Roboto:400,600,700

http

IEXPLORE.EXE

536 B
897 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Roboto:400,600,700

HTTP Response

200
216.58.201.99:80

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff

http

IEXPLORE.EXE

1.1kB
33.0kB
18
27

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVQ.woff

HTTP Response

200
216.58.201.99:80

http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff

http

IEXPLORE.EXE

1.1kB
33.2kB
18
27

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4uaVQ.woff

HTTP Response

200
216.58.201.99:80

http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff

http

IEXPLORE.EXE

1.2kB
38.8kB
20
31

HTTP Request

GET http://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff

HTTP Response

200
216.58.201.99:80

http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff

http

IEXPLORE.EXE

1.7kB
39.0kB
28
31

HTTP Request

GET http://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff

HTTP Response

200
18.172.89.116:443

https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json

tls, http

IEXPLORE.EXE

1.7kB
8.0kB
11
14

HTTP Request

GET https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=Hit&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json

HTTP Response

200

HTTP Request

GET https://event.mackeeper.com/event.php?step=Landing_Loaded&substep=View&affid=mzb_253.10083525.1516523142.28.mzb&bundleid=29_21724511&prodid=29&response=json

HTTP Response

200
18.172.89.116:443

event.mackeeper.com

tls

IEXPLORE.EXE

750 B
6.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12

8.8.8.8:53

static.mackeeper.com

dns

IEXPLORE.EXE

132 B
173 B
2
1

DNS Request

static.mackeeper.com

DNS Request

static.mackeeper.com

DNS Response

13.225.10.120

13.225.10.3

13.225.10.80

13.225.10.38
8.8.8.8:53

loadus.exelator.com

dns

IEXPLORE.EXE

130 B
160 B
2
1

DNS Request

loadus.exelator.com

DNS Request

loadus.exelator.com

DNS Response

34.254.143.3
8.8.8.8:53

mackeeperapp.mackeeper.com

dns

IEXPLORE.EXE

72 B
104 B
1
1

DNS Request

mackeeperapp.mackeeper.com

DNS Response

54.237.18.11

3.225.22.167
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

144 B
88 B
2
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

13.225.9.161
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

144 B
88 B
2
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

13.225.9.161
8.8.8.8:53

ocsp.r2m03.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m03.amazontrust.com

DNS Response

13.225.9.161
8.8.8.8:53

assets.kromtech.net

dns

IEXPLORE.EXE

65 B
146 B
1
1

DNS Request

assets.kromtech.net
8.8.8.8:53

event.mackeeper.com

dns

IEXPLORE.EXE

65 B
129 B
1
1

DNS Request

event.mackeeper.com

DNS Response

18.172.89.116

18.172.89.90

18.172.89.107

18.172.89.113

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
1142a4a2b96b712b2fccb3802b50d01b

SHA1
2283883c128ff11adec068619dae1345bf5fdd50

SHA256
93e98c83f8ac00dd60d71be7278005a4841c7992ce95503f1b56aec89df807f6

SHA512
63d1756c7fdc3e1883e9b0f0d8ca9ca2489d6ad866c0577fcda9fd9b50ab24a3993acd836de524203fbcdb2d09e910e902f6d8b040b7d2951f11d3930451f50b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
b008694037d69cf6085849531add5dbf

SHA1
6e66b82dcd93596e3ba1250d72f08e6853db86ae

SHA256
9150c5665787e0a631753e769c5c57c54b48ba10a9d14441e94fc11ddcb20d78

SHA512
364d235568a0578a9ced7c34f04ff4c1951de123a35d51012384b4341de783e305c86fc8c9e75ebd9fabdcbbe2023d38d7ec9c9a80febc16fd2604acc7cda84e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b27ad62a8d9b9da4f2342b6c152110f

SHA1
f95d009cdea828097fd8d71b04a0c060ab08e7c6

SHA256
9d2b32e571f6c8aa969fbc8037660ad621253ae12c7b4bdfe3ea0151e6853004

SHA512
a082bf3fe526affa324439c59ded5283f783de05cd35735887da65e6389f985ba432a6fbaef1651cb7c3a14077b85243ee4353ceef29bf1d48119fae6cdfaed2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e9a9d2fa9f32a3772f73ea8811d637f

SHA1
0da8f66cc54a97cafe930604714939317b863f84

SHA256
e9944facb0c33f26bb78865927d7efcd8f395a9a4b78798337c7518dd9c13f18

SHA512
d98d807f486937e7d807101725d1020462db33c8c79a6ac49bb9d76902dbea56436f67c7308237f7c322137e6758f34ca2863d414b125991845b6412064da9cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab7f8b14b6e37b693f1dd6559465a40c

SHA1
3e8252135d1f4a30681900d0191a212e6828b8f4

SHA256
363ff9945896d613c741ad3fc06c33f27a2f4ca8a85356567e374625aa2cbac7

SHA512
99b09539e7ff4d606e2e23902da779c080fbc1f8bed6531967aebc9cecebb564c6d2dec98d7afa84e4fabfdad88a96130a99ac017588c35a314a39a69962fc5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
648867fa4cb50d6dce6f139d2783311c

SHA1
21b5f37946ff85d91cc87facbd7d87d106ac96ef

SHA256
a69b7612d6f4a616c80b341a36da4dbc7100e42edcf3d5bb9caa50168a9706a0

SHA512
6946d1d92e69305d5355197c5906b6712e113d59c487f56ea210d337983b3b5aa0e68f3a635a00ca91493cae355678cd963a9c33b9b7267acbb57270cbab0f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b75d5b429327f6bab34eb1be36d5937

SHA1
98f1c0b9dee26fa93b362dd59878c36e56730378

SHA256
4fbbada3c5d8b846b973368d1d988da09aef4333f889e1e81e46cfdf0355ce9c

SHA512
c724b0f628347a830ec437fda0d3e64f87bf969db2ed3d7a40c33f6addfb1314f17d62b2b0c8e4c5c0fc7b70cda4ed02b866c3c8f25077554ce808f2369378a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fcde73ff8b84791d5e6fba4d861f448

SHA1
a3dd28d9897d69b05928eeffaf8a9613724b5a87

SHA256
0493b18fe09c0a774ea7e23cdfdd0b69b8ec792e82ad348041b1c34286bc1942

SHA512
cf6730060b8c4548dfd18d291cdbfea87ced9c0e22db744d6d857f8b7bcc56de8c767b9231fd5e3e32c6b9c21452ae9649f9d43853428527fb9685bb8d61a881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9cf29fb533eb8abffa2efbdd1713ed4

SHA1
63c191e0b6fa08c9458aae19935c75f0d41c9640

SHA256
856c3b3ba5ae0de303665f4751e95ecdf2eb6a71c2a431dbce3c79e0c470550d

SHA512
41d815d7815c656389048508d569b88b74b3b045f3dc79d7f4aabaf03884abbfa59b7c843347480e207bf4a4594c08698e7a890881e787ebaa604b5cacb3bf4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e12b387c55aa00071604333e05e2257

SHA1
214be66db6f3d100439e902305b6c6345b6fb278

SHA256
8a5ee9503b185f4a820dc961e5889ddf35bc53230b27ea9c6449c195115ddead

SHA512
d34a9e4cf8297d0feec79dacace745f4500430aa98c37fbb9a56af146602172ecbf9734bc869bf09020a428a3626aee7d67c0075cf7ff707e071c93d010acb56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2085499067d403906267334225f1720

SHA1
597884af5f1f80d907f006cee9a5944a09997039

SHA256
4d08f877f60c5d7ec5d8350f8db65f355ad6aa7dd43bbbb5388b05644a6af3af

SHA512
84084b4c8de345a7dc19d27773daf3000261c5252fe2d99c4259f55d45a04f9d61d6c33be6240645dc7ffc9cd4fd087dac316cb217cb60932b02b3805b67d24b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5e14661dca808757170880acdb01c7a

SHA1
b43e1343d6c9d1516074849bbaa39ec5e7d593c7

SHA256
f601681491d1ef4c84ba23316f75d8aea5597bc4bae898916366bcc0b3e53037

SHA512
d5a16d193fb91d050a3ee34456d71581d4f467bcaee2ab16239fc1c6a8faf0f7a6832b6ad98fa76827c6d8cf46952a834f5db308553bc12b384711e2c2efb13f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5b86254927e9ce139ba8843f9299bbb

SHA1
36afa3e161f4ed797aaac046eb8a96073e94e169

SHA256
4c47845bb0a5b46275c69c2e7ad0dcadb68de0100d8199858426a17d8b317998

SHA512
f92989b66faaa1db68c3eae0d4023047756c017a047793d8ab965f7c05dee8120b7b186e5f96b0ca179184c437b4e3cc187a0b92b1adf343a9cd57c8821a9bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb3e22e127d19d55d5990fcbb3704467

SHA1
72ef47d1f78d5eb7adcdfd522c199f9223cd6114

SHA256
ca04f93e8dc837f42ef38849480377559fcb606e37b7467d246ac7709ba65dea

SHA512
f5f4863a67703fc0f1e42047ef28597d415ade63226793860ac6eb5496ba4bfadd1be29ff6cf7f13d8e289e46c6f5cdbcd38f6ac644e586647d772531932b997

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8b00df1777ad8a8d7fd307bd05bb79b

SHA1
4f7ff8b0bc7900cc0908b567d5bea4d2241827d1

SHA256
b456abb2bcee008cc9361adb9eaa548d60bfd2a1992f2e65ea5d40e277b7f050

SHA512
8634a79c9262beb1a94dbac298ce7510dd98caef8db33b5db52ac36aaba8980937a184c62cf44ce5e4dce1b716f3f64f2723a71feaf3b48871c32a5472360e2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c8faa2cf3370a3c70b5afe150c03834

SHA1
65817a1ae8fa166a12ea6e9c2796b51cef416894

SHA256
bb29a65b096355ceca7d04139e7f72f05e0b9a3b45e293ee61c13661b48fff16

SHA512
b4531bec0588086bac532ef191d202ede75ff90a639d363a812d289aa411d44bbe6a6e5ff88b04d83a37538d84397b7714d0292afed8a79c20edee475c93f8a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aec30ffec64adcfc79dd11e36e91a512

SHA1
9dec6d26c7abbfc30400a78951e0e57ae453cea3

SHA256
6a1da9b088e644721a4801ab2c72e322ff4c4063cdcdce0fa05a4ed9d4bf96b3

SHA512
883b463075ec5eb0553fa8fa6544cbcf10042273feeed77739e654c71b5fa1d5bbb6abf803aa18f9b61c115b8038c55f15cea69712038f5ba446a92713037392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d697d77e56ed2693b2de137f087bb969

SHA1
a762942501b573728df328bf61bb64a3c46ac10b

SHA256
4edf96a92495e2960d9301c59f09c282a17693dd9d1bcbf3ce3c7f7e23007cd3

SHA512
46543e71d57de88b4c98d2bf713d0451862560b31e0967675882086949b9485087974f3f9af7481e12b22b06d7dad0dff970cf7c5f6167b8271c4ced56bf355c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6efdc65aa5246f512e16dc3c98bebdd

SHA1
398e45ac1b6b9b0883e68f8968b08037a78fedfc

SHA256
b678f0868044821f0ca5fd2c31c41cb21bb08f6970f960d4e468aef44f50d830

SHA512
dfbcfd467205054925cae5333954ba888783bd3ede3d3bdaa4cd713114d31dbde30837523e52df23ef129233aa65862da4b95889f3d5755a2b290eee32f0e82c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa0cb37aef7e803b6735d795b3b3a043

SHA1
e541c650a86d79993d00dd03a37881c5eee462a0

SHA256
66bb52b28649886488dfea98fb0e210708ba6f8bd072e31240cd61d7c6817a24

SHA512
4faa16803aa9b868b0a33c1ec3bf6996f47bdf1b8c45e188c257fd1109f05d152dddebdd4ea80ba341268d701f7dd8a9db0f95cef32b583404b8e8f1f2ff0c83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42c467f44ddc7171a309ede89d6274c5

SHA1
221326d1e2841e48fbc9b7a68c2542a725ca6e7d

SHA256
62634a48c8916506d3248f1f73645bd0f2aae17f9dfc8b540e8b34071076a612

SHA512
e4fa63c56ad8a945181c204277d44bf016dd5df1f4c044fa4f8199767fd7f922d78163392ae40894fd4715068b9183ca68295dc8cc277b97c9ac3a3030fd9daa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d52ae52f5883435830aa66329fb1e6b

SHA1
62388c51455ba6bbb23615dc4c97271e4abfa14e

SHA256
0b9ba1ebf22aa925f376a0cc72f27a8f019e03952b3bf612828111ec4da25425

SHA512
81e0d10499a2712ca6db658c6609fabe9d8e20088175e6f3a4dd1302a4b5a88b486fdc9f2199f4751552ace02bbccfd0fc1ef5a0322d313dd586209952e04f82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48168c51b0f058a8d3fdb2a0271f3f7c

SHA1
e141357260d048d29c59c68ca7472d597da7b33d

SHA256
5780768a989ea254007a20d30317dd47aa722cd8061e56f54a9b2a7e89ca426e

SHA512
02b7cdb8f90aa51a77641b0d2f1c3ee21bd307aa2934c575148fc61ebed01e688de6b894cf723d67807809dc13cf72d597b12ca5b9337f5a6a9862e96d11aef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
589650c2e0db013b840ae9401c891d8c

SHA1
48126c8bb6df6dcbe61b1f881aea22485ef6267e

SHA256
fd81ae3d36a06fd0825513a549a9613918d71290ffc339ae5cb1b89786a6fbf1

SHA512
f04714ab69e2b02fdd97415881d7c003b66fd93b9f52c76f982d3d73214e5cee15cecb0e668e62cbdfa5855d57e87546fbd81fb4fc6eebcebd3960d25c967cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ce93bfd6e28b831246d3b20cd82cf98

SHA1
38cb441af63f4d0caeda6d8b639c7074182945f1

SHA256
4e0835b5bbfeb8f96e9368a4d20bc7ed058da7e20764749bad7d0c5e83ed25ee

SHA512
62f1fca580e4c6e9944cdb742d723332939be111fe3a4078f04a271a8a6bfd293de7d7cfe0da1197626870abfcf0b4835708b6a6d660983e89d03384d51bbe26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
815bdfa692ef7012c27c6ea23b61de85

SHA1
5855065c74e5ec239f97de0f3c315df9145a3750

SHA256
fab3d27f7da07e4f4b9f1156cb5e5232d9c2b691e74ada7149c15b44838eb6d9

SHA512
a207f05f727e2e22bf495c00237dc8349f33f2280386aa92786585b76a46560f529fe8e9c5c0c9bf6c9a900217161e211c314cc8f4b847c16b31101cdca4c5d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b9b3cf0431f7962ab8fca9825307a8c

SHA1
af542c9885e93c7faddac9934690d92bb960d929

SHA256
2841349090d4f0aeaf695b5b2b2cfec1d3ff52af00d2e2cb1974b642ccbe5c74

SHA512
9126a618fa47393b2ee9e162a354df33ddf81f9ef4722e616201c8edc2282bee9f2f546794b14e94fb9719b9b48aa181d3ea707789fe712de14957e2dfd8efe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a6c11cc52b4a870b094788e86847959

SHA1
519b879adfd721e5ea64933652d8a8a15784d4c0

SHA256
03d05b3245ed0bcc7ec02dbe11f869854162a9834da72da5faff42b46937487f

SHA512
05144c139ab74f9a2ac50226b5c2432844a3bb25cd3851447e17f3aceab90ba71dc86af1a8940d80a684c0b0badfb2d966b4339c8a0cd957ba4fb526a5d740c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\1282[1].htm

Filesize
134B

MD5
4aa7a432bb447f094408f1bd6229c605

SHA1
1965c4952cc8c082a6307ed67061a57aab6632fa

SHA256
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

SHA512
497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab25AC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25BE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request