69a0445b2bc8b15268c4b95e29365666f7a0a3e0ebdd2022f841c4e13a3ded84

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 17:07 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ece001be30ff0f2ae61b3ee80532b86_JaffaCakes118.html
Size

36KB
MD5

8ece001be30ff0f2ae61b3ee80532b86
SHA1

7a9730525fecc89ad79d3b502f6f637c1dc37497
SHA256

69a0445b2bc8b15268c4b95e29365666f7a0a3e0ebdd2022f841c4e13a3ded84
SHA512

5d10d62764291096d87404acd45e1a5be9a1ac84b2d669dad0fec260b74775c6146c7bd8e020a18e4ffc696f4fdea35e612719c91c9ce2b8fd9e947c0422e7b9
SSDEEP

768:zwx/MDTH8G88hARBZPXkE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOV6f9U56lLRS:Q//bJxNVaufSW/P8NK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423509895"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000079386a5d9ca6504ba2bc196a1bbec033000000000200000000001066000000010000200000000dc1c55ad6a36a3884597e5e63a5adb31ee560b4faae92eeea2bd979dd661b9e000000000e800000000200002000000016cb7fe24c4f5d3d6d63401492bad6415e4997a61e600165e57be58f5ada55b190000000f2ed20b3a10fcdad8e8dd6ca49660d6cf76d3aae82c04ec2562771715ef81919f6babb080db4d9d1966af5238fc00d687c18e834a0de6c1ad33ee7b109929c815110e546f2694424ec2992f2d1bf80a4e43c459bef568f9bdd7b725bea3c789dad1c349f92a1d00c7d860bd55bb5cdbc716982d042004a247934d3a52171d90a00cf076ecbb0d4174a3e9cd1ebbf60ee40000000d97427ea5d7b9fedacf3b6a2e06afd3eb9c8cf2ccf892295351f1033d73109750690ccda4bf3af7148e45c73d1c4f92ea54e5a4cc3abb5f24ed27f5b7314a4e7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c6d9610fb5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AC7FC61-2102-11EF-B7A6-525094B41941} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000079386a5d9ca6504ba2bc196a1bbec03300000000020000000000106600000001000020000000cdd370fb52dfb8265a000a470e3f49e3934d0e657e386966ac00bb069bf97594000000000e8000000002000020000000e29e23ece189dbfd545d95d370d9fbbf200b7c7ddbac84ed2551901a9b53f9ef2000000025cd39a4f090a9ab16d2fec538d8a5a1724af93e4e044c127c0004d0fc9dc84b40000000ea372f90b1fc60c52ea00233077a69236fd09794b06c4bb1679999ebc930a9d996db2a9acc6d3b620c0f567e16e3854356952049f7d130ed70fe8c36a80f1212	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1304	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1304	iexplore.exe
1304	iexplore.exe
1820	IEXPLORE.EXE
1820	IEXPLORE.EXE
1820	IEXPLORE.EXE
1820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 1820	1304	iexplore.exe	28
PID 1304 wrote to memory of 1820	1304	iexplore.exe	28
PID 1304 wrote to memory of 1820	1304	iexplore.exe	28
PID 1304 wrote to memory of 1820	1304	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ece001be30ff0f2ae61b3ee80532b86_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1304 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1820

Network

DNS

saltworld.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

saltworld.net

IN A

Response

saltworld.net

IN A

172.67.166.97

saltworld.net

IN A

104.21.11.155
DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A

Response

coinhive.com

IN A

172.67.165.117

coinhive.com

IN A

104.21.57.186
DNS

www.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gravatar.com

IN A

Response

www.gravatar.com

IN A

192.0.73.2
GET

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sun, 02 Jun 2024 17:07:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sun, 02 Jun 2024 17:07:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sun, 02 Jun 2024 17:07:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

https://coinhive.com/lib/coinhive.min.js

IEXPLORE.EXE

Remote address:

172.67.165.117:443

Request

GET /lib/coinhive.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: coinhive.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: application/x-javascript
Content-Length: 1115
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ETag: "806233d282cfd71:0"
Last-Modified: Tue, 02 Nov 2021 00:44:41 GMT
Set-Cookie: ARRAffinity=595d0d64c5b703f097f577fa657d6a5a0263318b47a5c069bb9c69120beb3a9f;Path=/;HttpOnly;Secure;Domain=coinhive.com
Set-Cookie: ARRAffinitySameSite=595d0d64c5b703f097f577fa657d6a5a0263318b47a5c069bb9c69120beb3a9f;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
Vary: Accept-Encoding
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ww71H2BDfN6QGY6eRv31V20UAuehjeu%2FKRjTn6B9p6y5%2FBut5ircgehGzIy%2F6Q6RhzQYtAK8LPa7jAZ202snZs8r7I7B0z0o8VrEVy2RTvfovPRQ%2FOxgBtbFDBdT3lM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909c5cae4413c-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xyUktwESBzgNh6hhhTSnf453hdkvPn09m7x33shQ%2FerJwfqh%2F18ODjqU9hxn5o1G%2BRlSN2HFUV678a3%2BG1nEvj7rOqUwvGyOWDRQ%2BCnPAqSYEsbwh%2FA%2BsJhUwycRD%2BOB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c36f2f79bf-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WT8bqsippv3UGiCegWuIOWh8v268yzLsv5v2o99P%2BM2PXzbimJgiladjESHnFT%2BpVvZ0yQCBbRolSiYlGnEhJmaRS8bsdjoBxPmnj%2BPhOoDm3dnk7gPKOGy81KCY8NMh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909c36c9771fa-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rs0FGG444r3YK9kWgdfwHi9mItI48VOPH2R1ApwdfrvuIzEEN4w7j3%2Bb1tszrQFF2sPNM35nIRJ3gXhZvv82zSDYcSe4TLHZB4YjaPhcEFm61uM80KLrOU7k4CX1OjFK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c3ed3971fa-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fEBzarnEfsz64p459FpZKTzZ23D6ovLc3b5klEKTk8xwDWTINSQsi2FO1j4hOf5NNRUl66Qoa%2BRiotWT%2BNQiNjd6%2FbYFw67f5Nlqjck4RPMA22Y6iVDUCWoI%2Bc5uoLVh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c36d77777a-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N4Gz353QmDwEvsMwsDBjPjmOoKxLKzLPGF%2F4BIibbvNWf6BZe7WUrADGO2RSFPBH5DDxAuYwnveH6BTTp6a7y4vZJ5v%2FwRKEAiia5822%2FQtQvwPSbG2UvUIwFPsn9BD7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c40e20777a-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S0MbQ%2BwmMQEfg1MjK7bZwl8YM8nz6UIOL88HTWguIFW1zE495Osn5H4KZ9EcYc5Pv9bKCECWW0ltt4r2nLNUj1EG2Ma0KCUCnncqyPTW%2B7lFqevGXa472aSEWxfNYliX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c36b647792-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXbzmYZb5BXn%2B%2FLJmdfVYWTAOOas5Ksmce81FtVu8epo1DA3CGlQ%2BbAPSv785wnEcbNEiFAeoocHYD9YgEGJ4EN816kkCwC0kmdQGrr1FDMqBJ5zv6HujhOqR7Zm3QRQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c36f50547b-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1o7H6dm7xXZ8T3Ed5vc5qxxtCx3HGuyMHrxv1cgqGxXFp0N0uNLpnHRc4bxUm5mlOZx69NJ9UfidzBCfPE3o5BpG4ch4F%2FmNPcmJuGFr1F2taVwSYHV8wutfQ8Utym5T"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909c36edf93fc-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/uploads/profile/photo-44563.gif?_r=1448768805 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F4Yi45HbWT99%2FDaHcf1QdlKEAx2jQEnZYBbLcB7RPr0vo0hT3jdGXQocLk2HtqqyDpCC2PvWY%2FDJQb05K9a7CTil36xOXOrO6gFbtl8x1%2F49BuHTluCm7NE2Fsv1rqrf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c3ef5893fc-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

IEXPLORE.EXE

Remote address:

172.67.166.97:80

Request

GET /forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:11 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pRlRE%2BhvKahIOAuWGGN0PVPEWXhB5rF2m69jgGgLwyYLT8FKIMio5f3pMyLA3uWM3SkmqfrfrgHe3ZDiOPQQeTbiheSyy9S3wVVOT%2FLfHlVKfo0H4iuCxhQxpAXnk2n%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909c46ff693fc-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: image/png
Content-Length: 22655
Connection: keep-alive
Last-Modified: Tue, 22 Sep 2020 02:57:25 GMT
Link: <https://gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
Content-Disposition: inline; filename="6ab9cf9740f754d0565ec0f4b1250e8e.png"
Access-Control-Allow-Origin: *
Expires: Sun, 02 Jun 2024 17:12:10 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 1
Alt-Svc: h3=":443"; ma=86400
Accept-Ranges: bytes
GET

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Sun, 02 Jun 2024 17:12:10 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 4
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Sun, 02 Jun 2024 17:12:10 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 1
Alt-Svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=45JgklALCjR4Q4Sv6Z46faVFnih%2BLvLmhu74MbPenAHAU2FT%2BTOKTEaJpv7vxLOLyhob3Zm6y5poeacUuzGRRd5PuD%2BZ%2FxjcG4qRYl3e%2FY2Y6Nad8KQTofQnqv1JJ5I5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909c5cf09dd43-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVqtvFZZaJGPMLmtC2Bf5b4C161siHosJANelXK9S%2F0svXJyR%2BA1MS%2BsZI2FbZlWCnm3zV9iR%2F9UesJhMDAAxd3SpLtTh%2BnM4%2BCw58gATJKlsB2bLE5s7oZqNXq8G6l7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909cb7dd1dd43-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CFIW%2F%2FeY38dwIqoQ9FdVV8hwFutRG8JxAPgsPPoOqgG5SQzVphH2pl9JI8kVUcb48fLiM4ImZWHyGPw5YIhuIjcRCXgb8VMZbPBJHlPopEfauwJxA%2F72LCl7khsKvRSh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c5cc1bdc41-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sL3l%2BwvfDKiG394OBQdBVwAYeTpbYCqQJ7yU4bccO1sywGqCaNb7KBI5gm2lMfgnGRtPzQ0wWs%2F2gruP5qb4wE660D0JSqjhbePPcMcFWsQj6j2qFsycIkm8OCzlcjMx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c64c88dc41-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/uploads/profile/photo-44563.gif?_r=1448768805 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-44563.gif?_r=1448768805
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fbo21psnAZJg1mP7aVPEz0dIaceSUcW5WanSFbWFDJDUXkpdGlGDacr9xjo2vsZN%2FGM2KNnmdh522TibI8PEOqUDbqLj%2FHa%2BqhJzPJ83zlM8eWsvSh4oEkyL4IiKqDKa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c6bd03dc41-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dPWbWSnflM3FQ3aQ2Vmz95o92o0XOXlWJGJPR9zIJtKwMA9EfsYVbNd44hln8Kl58nOHN3Q%2ByqiDFojh9FH3Wo3KrY3X2OBobuJRpWIcQ5EvTwx%2Bx5Wp8XAMVuDVJs0l"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c5de165328-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irMDrxARop2hWZ3E9XSZyBpFOx%2FNbh1Ktukix18A6Kc0X%2FNoNP0y2hNCFUvPkJOjNcZ77xUoTHcOqip%2Fqib6DFYa1uSV%2FI3pX6SJ9a1uKiLaVU6Kmh3pPUQBA5jnn670"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c65e8c5328-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jDzwtZCIsXMfIFP1nS%2Bv%2B0QgutmeHSpJyuJlXiiVHEbWJeZynRdyBtjiKSqBFGLDOY5MKb%2F1atXxvXWmTi2532Q%2B0Tw5fkHDtN%2FO32GOfL2CXVMU%2FcTQa%2F641fn%2B%2BMhS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c6cedd5328-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FrFluZmhYPDHS7nLXAt20Efw2EIdY33AwhB4emEKwEsqcsQX24fVJJOlY%2BTfIEabVRaduPhDb8TmX%2B5T8GcdLMMEx%2F9TFEIe%2BIZMhTEMjouaOU7orCPhVl1dwlBvzOtu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909c62c7663de-LHR
alt-svc: h3=":443"; ma=86400
DNS

gamingw.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

gamingw.net

IN A

Response

gamingw.net

IN A

172.67.160.162

gamingw.net

IN A

104.21.65.85
GET

https://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.166.97:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBp398wDYBgEHHiSJGEIlFE%2FEIPk0GDzdmnwFylsmlJdcOn%2FTHaNq1SHvf9Knbn8I2YWW%2Fy5ob%2F9u3tiH3uFIgRYmC6McDi8PaWmaIsTmRT%2FtxEOdaTWo2S8gwGbjAWw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c72c457750-LHR
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:11 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqW%2FyHMxTml%2BpJzn2p4nwbTIY9O8RaSTzjcKPiaa15asswmG0oJdrAXOXLkOFnId9orVfKrapcEmmcQdQxB0dtt2OOglfXUovTo%2FYMd41gluKyBJj4d9FxhkMXkV2g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c76d5552b2-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ka%2BHfPOcTyb8JWyd6oAU2k5VjEis%2Fh0RcN9Vsnv2M1nNBL3Bd5MnpwmC9BFftLaSVAxC79Lw1KqanZbvvrBboZNIQshFlsmvTD1VgyZiIOvu1zyaQS5V4l1Mn6XvTw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c799c588a7-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QtRrqR5ePIOMhB2fw%2FRHxu%2FaeVS6OCn1OElYHiJkQPrKpsykBq0upFWAOTR8OnoRfCHMJgY60sZzD540j2wfrxDKmQ0jLNqUD%2BCJhSmoEymcfR2fPybTinMRxaigRA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c79ce079bb-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aoFr9gf3KGGnhTNXKjXXpk%2BpyDiFaaR58WVKQyHar5G5H9GLcS%2FAUIMoozUVnfo1kAqvhxg8rJaXb%2F1OMh6i7X2w554v7m8eFP98gHM3qTQrTBeBuT0PuuXHT4iI%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c79cf491f1-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-44563.gif?_r=1448768805 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5KB9Q5jnFsfoIZLcKkMMFBYEclRb2XU%2FpTv79pAAROqsrsdUlzHCU4H12CSiXa4Bf2WRsMyNerPKSzZGtWWxWQlr1yLVgKMqsGo3WLWEtEdveSUdOn2FPXWwh8L3g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c7cd17532c-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:12 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3hgP5PnW%2BQeG84%2F8UmuQaFXa1WOE2COWOsjF%2FzUicHSUHCT5kS%2BG4tnqcML0HJDOW9YjQQQNMw7Jog1xdHi%2FWW%2FaV3PmHm3ClNziSfUMdV7T07xtdls2FLiIZupO0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909c81b6d639a-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

i1.wp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i1.wp.com

IN A

Response

i1.wp.com

IN A

192.0.77.2
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Sun, 02 Jun 2024 17:07:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Sun, 02 Jun 2024 17:07:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: EXPIRED lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:11 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 151
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2BZT%2FZDwefeR5s3qwCC75SaNxrhy1EHQ%2B9C5rjrKlo5W%2BaFG8LO11D3ftd6tDUcYQM9EP%2BSXpfNI%2FQ2Xy%2FiAhmLyYlxm8Y2QE%2FwOD4LY7%2BVYjP42ppoMcFSNA07o7w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88d909cbf8f594cd-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=92TKvw9YAx9yYGa4VbpL8Id%2FXSTW9v6IJlKoi2YWTnzF0384EU6G%2BtvYUgh7HUGwq3okVu9vqaRTihvK6hKeM2qzqIcMOyUJjdMJ4X9lNPrldp2%2Beg%2BIvZtxh9d6Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909cc596a94cd-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 02 Jun 2024 17:07:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Pragma: no-cache
Cache-Control: private
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=r00tt9n1qgfifiif1ejetfuuts; path=/
Last-Modified: Sun, 02 Jun 2024 17:07:13 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2BhGu4xdcLvprRunX%2BcFiUMNk2apEYoV3qXOCAWNipYlsxG7GnTJCYrnQ9azwQiwDtEcPE137Tn3gCXtDCPDgzxfZK5%2Fn7GsdQLJGnrF5RqjqZCo6h35LKlgYNTyyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909d05ab4940c-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sun, 02 Jun 2024 17:07:13 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VoArgIeFSGAKR1so7Jz6kfFAL09gcpKF6AQFuBRY3Yrpe3U%2FLF2OaQtvmAW8LCnRT%2FmH%2F02DW1IL7FX2MJLZyvzQEZhuCJGDvwBZD3VaYcX20EI%2F2jsu5XRZQkvk9w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88d909d0bd2d63ea-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Sun, 02 Jun 2024 15:25:54 GMT
Expires: Sun, 02 Jun 2024 17:25:54 GMT
Cache-Control: public, max-age=7200
Age: 6079
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194

192.0.73.2:80

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

738 B
1.3kB
7
6

HTTP Request

GET http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

692 B
1.3kB
6
6

HTTP Request

GET http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

738 B
1.3kB
7
6

HTTP Request

GET http://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
172.67.165.117:443

coinhive.com

tls

IEXPLORE.EXE

819 B
5.8kB
11
10
172.67.165.117:443

https://coinhive.com/lib/coinhive.min.js

tls, http

IEXPLORE.EXE

1.2kB
8.1kB
13
13

HTTP Request

GET https://coinhive.com/lib/coinhive.min.js

HTTP Response

200
172.67.166.97:80

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

http

IEXPLORE.EXE

724 B
1.6kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/top.png

http

IEXPLORE.EXE

978 B
2.4kB
8
8

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/feed.png

http

IEXPLORE.EXE

1.1kB
2.8kB
8
9

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

http

IEXPLORE.EXE

589 B
1.2kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

http

IEXPLORE.EXE

586 B
1.2kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302
172.67.166.97:80

http://saltworld.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

http

IEXPLORE.EXE

1.4kB
3.6kB
10
11

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.7kB
28.8kB
21
29

HTTP Request

GET https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

200
192.0.73.2:443

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
4.9kB
12
10

HTTP Request

GET https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
4.9kB
12
10

HTTP Request

GET https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

tls, http

IEXPLORE.EXE

1.6kB
7.4kB
12
14

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

tls, http

IEXPLORE.EXE

2.1kB
8.4kB
14
14

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/public/style_images/master/top.png

tls, http

IEXPLORE.EXE

2.1kB
8.3kB
14
14

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.2kB
6.5kB
10
11

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
172.67.166.97:443

https://saltworld.net/forums/public/style_images/master/feed.png

tls, http

IEXPLORE.EXE

1.2kB
6.4kB
10
10

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.3kB
7.3kB
11
12

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

tls, http

IEXPLORE.EXE

1.3kB
7.3kB
11
12

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

tls, http

IEXPLORE.EXE

982 B
1.5kB
8
7

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/top.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/top.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

606 B
515 B
6
5

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

612 B
856 B
6
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.6kB
8.3kB
12
13

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/feed.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

tls, http

IEXPLORE.EXE

1.2kB
11.4kB
13
16

HTTP Request

GET https://gamingw.net/forums/index.php?s=7bfc1163483de0b8b4da9cdb9ccd914c&app=core&module=task

HTTP Response

200
172.67.160.162:443

https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.2kB
7.3kB
11
13

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

404
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

812 B
18.3kB
12
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.213.14:80

www.google-analytics.com

IEXPLORE.EXE

190 B
132 B
4
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
11
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12

8.8.8.8:53

saltworld.net

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

saltworld.net

DNS Response

172.67.166.97

104.21.11.155
8.8.8.8:53

coinhive.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

coinhive.com

DNS Response

172.67.165.117

104.21.57.186
8.8.8.8:53

www.gravatar.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

www.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

gamingw.net

dns

IEXPLORE.EXE

57 B
89 B
1
1

DNS Request

gamingw.net

DNS Response

172.67.160.162

104.21.65.85
8.8.8.8:53

i1.wp.com

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

i1.wp.com

DNS Response

192.0.77.2
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
a2302c3b16124e8211ed629a5e35728b

SHA1
bccf44bfea669fc7ad1d97a7cb32ac8152917f61

SHA256
f108902accacd3de7d1e3ab0e9dff6997ab3c2e6aa0b3c63faf4ecb5fcf36b37

SHA512
1b551561dcb85b9b7e40cd0ea7537c602efc6bd3cd4eb3b86bee44177869c0bb11565aac5ee33cdb5dae90bf6fa32cee8b2edcfec878a76fe7734ef9930df9fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
46bc09558429dcabf4616e677c102cd2

SHA1
bcf89077b4afe52614fb86c95d0d505173ae2b29

SHA256
91b19a868f62ef141acd07c178e9fbc4be1ad501704ed35c8df1d6de1cae283e

SHA512
925da8bd38e938c4ba7e680848d3d9b3f33c6be5f977f6ef66cdc1e7872ae8360279c103031e8d4f90fbbef36edccaf1bdcd9f699ad61db796561e892c5c3aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8fa5bd39bcd49a88712b91ddac28f776

SHA1
10e52906d383e6a20c7835158d7cbce1b01e6f82

SHA256
e1d6cc38f9ae397142aacd36a204d628d14edd2ea29240adaf30a5f1f7f8ce0f

SHA512
ba51040f1a87773c1c240189c4158dc154254906605f9154e5f722cc07f8a59fa88a58b8214aabf9e615cac6ada0602796cec37066a547f72b4997d7b7bf1b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15238ee5cf6853d6a58bca68c5b62f9b

SHA1
fef5548c62c0ab24c426a07630ab231c28eefcfd

SHA256
209c9d31c1139111bd19a58aa17b7172c1e3562cc283455614f03ba7c8f9aa04

SHA512
b5782a974037304fd9e2b726d1756c3b9d1c27f6045ff9bc1b53c486054bb8a44c0e79ab9d834da008b490ced8a444407e57d20100ff0c0fce12347c4c0ab0e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d7ab60523736c7d55f057996c08cd9b

SHA1
8c0537e9d02983c3ef383ba95887b0a45b97192d

SHA256
97e601c8f4af31fd6441c4605ff4f25d540c522dec4b72ccd0e86dda75496d23

SHA512
23cd2b6ccef0bad87cfee3691d848ccedf5d325b2a961782f7adf09e8ef37ac580d0acf07de8e432b7ccf65487822e1d52ff18387699bc568079d01f1b1e96d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71e3818e57cc4e562c602740fee60614

SHA1
58da2b9101df67b7f3252b4a1d636e19e178b330

SHA256
0860217e14bcf92d7f84e870208b1b95edbe186736bb405c7027027392c9f3fc

SHA512
4a1cab88fd5cd153aba12e6d12670aa473258bd1e1eb9af26dcdead04c78659a7568267cc1717541d471780ba193a26fb5e746e2692163195d833c16191b44bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33ac064e88e234f4876d119df030b68f

SHA1
f3ef7582b99db0b89f22c88400ef10e6b996f8bb

SHA256
fe9e85247c1176cda3feddbe8ff9fed5fb20c81d5832122a5e7e6b83d72a559c

SHA512
f72fcbc8afcadc2867184ac512f00ab96106f7d4ad576722d8d35ca0bb2708a00432dbf4814668553a8884f7c4399d5788087abc62d138d2c987690d7aabb73d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad2007b6bb137036df2b26c91f73b067

SHA1
ff6359cce98f712fb1b7d6ffef34c2efa37389be

SHA256
8a2e0a1981b1be72aa8c7e6d3273fe461546038f9d106d7db5bd1e4a9ab78910

SHA512
9ceccbfcda7a31c61b9312f22b74fc0bef0fd365988372a24d3d844e1c7d0a86c09e9ad4aae6cd4a2236bbdfd103cff08d49bfccbf28fd4ebccb641355e69cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31c1bbc2bb70fc3105e5d58b45409345

SHA1
9c651272b72ed0ac9f9673873b23c1867df2f79c

SHA256
018e4529c8169fa0a059d032d0d9822e8b52d4067a096ba0d119d4498f78451a

SHA512
fa31199f5bf6423053a61756007b0768583ef3c2dc9e129146dd0dae27274b6d52ca9b86c559907f3abb02f6676e6c6632f47b740f3ccab56acf8b0271e0e76a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87c781b40330da2adce5c980f5ed5846

SHA1
7c837385b43d69e9b4a8c137d8688c1f2b077efc

SHA256
36e4c31fe9593f84dce3b392f529e550178574f209791e6578a13d8a3c5c98c5

SHA512
ada9bfb3499fe597dc7f3c331a09ed44428673a12e1ec2d43c7edf7c5f3d6566f37e69a753c561d9740f07e4d7b840c2960e5cd969f4d86d200bb7b2cc2e6af0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38a31aa0d25fde13787e8d587a4b1b1c

SHA1
3f0b7d7fc97b4475f8401cf6f2ac2b3687c606a1

SHA256
2c2e698423f6cc4c45b71abc8884737fd523de173c4bcba79f690001085cd9f9

SHA512
80d27fc214f366fc9ce82cdcbd1a78d6cbbe8b766641f14346069593fef09963751f16b991588a32a2e58de755f34b4c703e9f3b106f72c47bb248e353299093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a622d74c9e1247dade2a9624b585205

SHA1
9739d9884241eaa02b80abd6045eb1f59f39afd6

SHA256
8afbd5c89331bd85ed7426441fd370ebcaf509e2a1cedf4650a4bbcb4cb30303

SHA512
31974e4149403d7dcdd64d21eb1f995349c6b26e3db9f4da11055e6260b987979fd7daa81997fb428765086328f87394a5cc5cb2a1310bb103df7d9ce991d8d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02c5093813179cc182c7cd2a84d6aab8

SHA1
7e677fb025f8da343133d8364538d274a7ea4df4

SHA256
0e72c7e55b1c85c1fcf6e0042dcc4714c1f227eb260bc8566ca04574aa182171

SHA512
0dfaad7e2ead07a56529208f8c063ea567a8a4b6ed45490258d72ec4dcb81a931a7d5d9ab58ab1aa42172a145768d809728904b0d0347c697cda8868dab25c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bd2d09a1ad48c477a081b8ededa0d0f

SHA1
671d3b5b2f86a61735063715aa0c2eac1aefcc55

SHA256
01f1a13b117389bcdf5cb0b689784cc75c0e6d1c139c00856411595bccf069d1

SHA512
b681c7efc15348a5e1a8f18f7344c12dbb1854a34968e8f41895a7eba94e23f19a725ae43e05b2109a932fc092ce20a7464d4296d3e42cdf28da15e8e6a5c96c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82ae7c459a9284f4a361c8313ec48561

SHA1
94792109856388feaa9b04e991a7cc1259fa44ff

SHA256
5cf7afec4df5cc30ce7b975477c6ac54105e8b9eca6778e96ce612d817ef0b5d

SHA512
3259ea87464d7c282958c32d27dcace0ad4d56db45bc58d2c54840e1fe4caa05c16a5f8ce0e4f768908298c6672cc35a790d85066fba9a40a1bef926cc3660a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
305c3d003ffda31bfd8e72deade26199

SHA1
2ed031e65607bb897425be1f5814469fb46e20fd

SHA256
ddadf2eeaea28ba236181f6694d4e2f38a6e73dcfc949c6e172acc34622c4eb2

SHA512
2ec230da63cebcc80785e144d3f0cadd9175419ee293ad12a37408de211241515a1f2f0bffdebb6599fdd3a3c0cf820e618741b3442fd4c82625182511f9ad9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7d4f71359ab9ef5617fbc257d605429

SHA1
048076bbda596e12dd2f19f52051477acd86a653

SHA256
17c2cbfdccce4c14cfbc02bef73833d75c1db93f2e35b9e958102271a074f65c

SHA512
d2bf6b914ad1c04e3ef45226b1985c0708e55601b39515a5c88fc8148b152dc94f18af7abc1ef320bead660e63de558ad7e7e4a031f6ce6d3fc9ad1cfc1b9de3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94440a7299d701a7f67b6d738953e824

SHA1
d3a635ea6e94370b9d3d6f6074225acf926e380c

SHA256
73d2c7253bcaa2f9a76a06301dfba0ea9b255f4aef3c805f67595478e581aa56

SHA512
29000e63c89e7ef4dc23deca5415d3d52b11f386086580943d9f70a5f0461b7c116c6ceff668a016a7164390c7fa9775ecc3f488e5f0f2c7847c4539c39deb76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3075a267dc2bb5ac7dfd87827cbc7a0

SHA1
433fb92fa5d3e94160c2d16c19514c9f87d961e7

SHA256
10bcdb43b510a2f5240ce97a40e6eda90bedf8ea93d97ad01d51b379aa77f455

SHA512
415ec5ee9c389f315eabf648ecf5a03eeb646a2b32ee80d0fbeef96d3f0c7adc5e3bd808d7ae9b4a35172bdcc832bcdb2211b6a0af9a1a2e0f2f494a4308f08c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a982aea23a910a32bf8de62c3aaca398

SHA1
0a9fecf1eff4373765cdc86d5dba60c2bec38a0f

SHA256
92ed3b717cd2c90b1bb2fe277599e8e5fa2590563dc4e8477062001ce87045dc

SHA512
b8a895c527f2cb63c5900b499588ab9dc89c7ad78ad18faf0546038cb036e60cf71bbf171baf26c0e85a0b275b7d61bc74e286abcb83fff3a90e728199b3fed8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74ee423dd426b4cacb6b91160ee7d691

SHA1
9a766be2b99d1d4aa2b8b0ad59315a335835856a

SHA256
2cff46c8e1098a808761193b5472d8868280947a66093ae59ceaeaa68edbaecb

SHA512
b216f1f878e1acf29776afa9160037d2c7471cc778f418fec4f4fe2c28c65c35408ee7dd28bb7b1ee2775a5c9c1ba86d71d6660b8b6e89505c1988424cc03909

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
528fb0245255942d0a77d5eb7aa68ad9

SHA1
9253a2cf3cb2ac0b25fe0ea708f46727c7c5dd50

SHA256
b07e8615cf6b7946e0401e473e84838c9dd408706a1d584551f171cb3ef4f8f4

SHA512
63d205ae244eb1278ecbfb0ff0c5e7d4f2cb7c483fa9cd5a9917ec8a2711918f8e165b046cc040b53b18bdd6248745d4d37b6b6797faef3eb160e8f068914915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79e0389b179f9370ce9d2026f16858e0

SHA1
7915b1af6b7fc438e5fc4082aed113dfbfc48c30

SHA256
a7488813ab858d99f16c144b4a6d84912146f995c92fde5abe2679822f3aa932

SHA512
aa5bcc37796b650bdb30da172d88fdea36f2df8c9aaf6a752ed1ff0b29a1477db181a2674d947c11ef9c51368d7d9b5e77a26b94d99b35640e777c0780bbba79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22992c3d95528f2f6bec746e622d94e1

SHA1
1f543efdda19cc7255a45a32136f298c6e689f98

SHA256
00e75806dd7568773259bbd539baac5b1ede6b87974cfde2ecac9de5b4dc0c19

SHA512
ac9f2706e1599c74751c51ae37d916403ba5c2d59200e4d85a208c4091e8dd626ec86490af8e736475e16fd000ff23514bcee7945bc40fec111ce0580f254a82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
7973329d1f2fe71cad7a1fa056ca62bf

SHA1
8d19f9672760aff653f0400c2dc937f9272367c0

SHA256
efa7aef46b65589971dafb13ab899a08c21df572a148a9ab95b6610c9f9d0ec1

SHA512
3979668cc5fb165e8eec288c03aaa962523ae2a9b922a31de8f74f67a9cd6764e9225895c84bbe19873e792158e0439c7fcf0e93e873b27b13bab49ee06ad07e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
f0078c6827ff890b3fda6b36bc40737b

SHA1
0fe8b7b0a6bfdbaca985488f1c2306951c921eea

SHA256
435b692dcd7b8ff03de1662f7686abb951385330c79071f107f906004aa6e5db

SHA512
d3f277e6bdf1f61d37147638a8f8825031b99c849737a54a537b05d348d1a74e052b81890a9880fec8de8712c9ae5588322c59e730ebfbfa7982fc3f4fb1e00d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
99197bd88e452b922a0ff685f5734fe4

SHA1
05dd7b627003113e586bb129ad545a11e65a5bd9

SHA256
e8502f2aff9ab1ac5df4b84247458adc25f1d7da16f6e6d1dd1289c3e545eda5

SHA512
e694aea2c17cb3a614a33c24b880321888fe72ffefc02c5004c1db28af948e1da9ba4192092379751a530377a072df545960a68cd18ad5ffb2c1b14098019b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab141D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1431.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1523.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request