Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15/06/2024, 23:46 UTC

General

  • Target

    b0bd5c22a43c095358eea47dfc79da84_JaffaCakes118.html

  • Size

    27KB

  • MD5

    b0bd5c22a43c095358eea47dfc79da84

  • SHA1

    7fc486bb07acb223036541aebb858b8069271344

  • SHA256

    74e2b2c2a852660086e0b1aa7a370d128bcecbcea8588d55918cd0ecc50d21d2

  • SHA512

    069cfef0899bbc7d8cdf10a56e447dddfbab0280fcbea864691cf7747392e6dd27123d53632eb3c46c604bae35f7f106648cbdc81c779c6fc4385fbf96090205

  • SSDEEP

    768:SxVdsFqvfkRlAVV1C5m1CCCcmzm3C/CnCQGUMXVz2:S7dsFqvfkc1C5m1CCCcmzm3C/CnCQqz2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b0bd5c22a43c095358eea47dfc79da84_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2104

Network

  • flag-us
    DNS
    vmg1.info
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    vmg1.info
    IN A
    Response
    vmg1.info
    IN A
    3.33.130.190
    vmg1.info
    IN A
    15.197.148.33
  • flag-us
    DNS
    ajax.googleapis.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ajax.googleapis.com
    IN A
    Response
    ajax.googleapis.com
    IN A
    142.250.200.10
  • flag-us
    DNS
    www.capitalfm.co.ke
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.capitalfm.co.ke
    IN A
    Response
    www.capitalfm.co.ke
    IN CNAME
    wp.wpenginepowered.com
    wp.wpenginepowered.com
    IN A
    141.193.213.11
    wp.wpenginepowered.com
    IN A
    141.193.213.10
  • flag-us
    DNS
    ghanasuperstar.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ghanasuperstar.com
    IN A
    Response
  • flag-us
    DNS
    3.bp.blogspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    3.bp.blogspot.com
    IN A
    Response
    3.bp.blogspot.com
    IN CNAME
    photos-ugc.l.googleusercontent.com
    photos-ugc.l.googleusercontent.com
    IN A
    142.250.180.1
  • flag-us
    DNS
    www.ghanatoghana.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.ghanatoghana.com
    IN A
    Response
    www.ghanatoghana.com
    IN CNAME
    ghanatoghana.com
    ghanatoghana.com
    IN A
    192.64.80.67
  • flag-us
    DNS
    img.modernghana.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    img.modernghana.com
    IN A
    Response
    img.modernghana.com
    IN A
    104.20.45.9
    img.modernghana.com
    IN A
    104.20.44.9
  • flag-us
    DNS
    omgghana.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    omgghana.com
    IN A
    Response
    omgghana.com
    IN CNAME
    traff-2.hugedomains.com
    traff-2.hugedomains.com
    IN CNAME
    hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com
    hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com
    IN A
    3.130.253.23
    hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com
    IN A
    3.130.204.160
  • flag-us
    DNS
    kitnes.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    kitnes.net
    IN A
    Response
  • flag-us
    DNS
    www.africasoccernet.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.africasoccernet.com
    IN A
    Response
  • flag-us
    DNS
    i.ytimg.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i.ytimg.com
    IN A
    Response
    i.ytimg.com
    IN A
    142.250.178.22
    i.ytimg.com
    IN A
    142.250.187.246
    i.ytimg.com
    IN A
    216.58.201.118
    i.ytimg.com
    IN A
    142.250.180.22
    i.ytimg.com
    IN A
    142.250.200.54
    i.ytimg.com
    IN A
    142.250.179.246
    i.ytimg.com
    IN A
    172.217.16.246
    i.ytimg.com
    IN A
    142.250.187.214
    i.ytimg.com
    IN A
    172.217.169.54
    i.ytimg.com
    IN A
    142.250.200.22
    i.ytimg.com
    IN A
    216.58.212.246
    i.ytimg.com
    IN A
    216.58.204.86
  • flag-gb
    GET
    http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=6867
    IEXPLORE.EXE
    Remote address:
    142.250.200.10:80
    Request
    GET /ajax/libs/jquery/1/jquery.min.js?ver=6867 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ajax.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript; charset=UTF-8
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
    Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
    Timing-Allow-Origin: *
    Content-Length: 33434
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Expires: Sun, 15 Jun 2025 23:46:39 GMT
    Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
    Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
  • flag-us
    GET
    http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/themes/allskins.min.css?ver=1.0
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/plugins/pe_estro_slider/resources/pe.kenburns/themes/allskins.min.css?ver=1.0 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:40 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:41 GMT
    Content-Type: text/html
    Content-Length: 177
    Connection: keep-alive
  • flag-gb
    GET
    http://3.bp.blogspot.com/-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.180.1:80
    Request
    GET /-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 3.bp.blogspot.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: image/jpeg
    Vary: Origin
    Access-Control-Allow-Origin: *
    Timing-Allow-Origin: *
    Access-Control-Expose-Headers: Content-Length
    ETag: "va66"
    Expires: Sun, 16 Jun 2024 23:46:39 GMT
    Cache-Control: public, max-age=86400, no-transform
    Content-Disposition: inline;filename="Ghana.jpg"
    X-Content-Type-Options: nosniff
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Server: fife
    Content-Length: 37877
    X-XSS-Protection: 0
  • flag-gb
    GET
    http://i.ytimg.com/vi/7Uv4gomFNYw/0.jpg
    IEXPLORE.EXE
    Remote address:
    142.250.178.22:80
    Request
    GET /vi/7Uv4gomFNYw/0.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: i.ytimg.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Vary: Origin
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Content-Type: image/jpeg
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Expires: Sat, 15 Jun 2024 23:47:09 GMT
    Cache-Control: public, max-age=30
    X-Content-Type-Options: nosniff
    Server: sffe
    Content-Length: 1097
    X-XSS-Protection: 0
  • flag-us
    GET
    http://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    IEXPLORE.EXE
    Remote address:
    104.20.45.9:80
    Request
    GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.modernghana.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sun, 16 Jun 2024 00:46:39 GMT
    Location: https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 894670d499f360e3-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/css/reset.css
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/css/reset.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/css/dropdown.css
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/css/dropdown.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/js/custom.js?ver=1.0
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/js/custom.js?ver=1.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/js/prettyPhoto.js
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/js/prettyPhoto.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/uploads/2011/08/LinkedIn.png
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/uploads/2011/08/LinkedIn.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:40 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/js/superfish.js?ver=1.0
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/js/superfish.js?ver=1.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/plugins/mappress-google-maps-for-wordpress/css/mappress.css?ver=2.39.2
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/plugins/mappress-google-maps-for-wordpress/css/mappress.css?ver=2.39.2 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 125
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/jquery.pixelentity.kenburnsSlider.min.js?ver=1.0
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/plugins/pe_estro_slider/resources/pe.kenburns/jquery.pixelentity.kenburnsSlider.min.js?ver=1.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/plugins/pe_estro_slider/resources/img/blank.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/js/jquery.imgr.min.js?ver=1.1
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/js/jquery.imgr.min.js?ver=1.1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:40 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:41 GMT
    Content-Type: text/html
    Content-Length: 191
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/js/jquery.formalize.js?ver=1.2
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/js/jquery.formalize.js?ver=1.2 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/css/grid.css
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/css/grid.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/css/prettyphoto.css
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/css/prettyphoto.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/js/slides.min.jquery.js
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/js/slides.min.jquery.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/uploads/2011/08/Twitter.png
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/uploads/2011/08/Twitter.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/js/jquery.smooth-scroll.min.js?ver=1.4
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/js/jquery.smooth-scroll.min.js?ver=1.4 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/css/master.css
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/css/master.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/themes/onyx/style5.css
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/themes/onyx/style5.css HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-includes/js/comment-reply.min.js?ver=6867
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-includes/js/comment-reply.min.js?ver=6867 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 123
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/uploads/2011/08/facebook.png
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/uploads/2011/08/facebook.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    GET
    http://www.ghanatoghana.com/wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg
    IEXPLORE.EXE
    Remote address:
    192.64.80.67:80
    Request
    GET /wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.ghanatoghana.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Length: 1505
    Connection: keep-alive
    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
    Cache-Control: no-store, max-age=0
    Server: imunify360-webshield/1.21
  • flag-us
    DNS
    IEXPLORE.EXE
    Remote address:
    3.130.253.23:80
    Response
    HTTP/1.1 408 Request Time-out
    Content-length: 110
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-us
    GET
    http://omgghana.com/wp-content/uploads/2012/02/515158.jpg
    IEXPLORE.EXE
    Remote address:
    3.130.253.23:80
    Request
    GET /wp-content/uploads/2012/02/515158.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: omgghana.com
    Connection: Keep-Alive
    Response
    HTTP/1.0 404 Not Found
    cache-control: no-cache
    content-type: text/html
    x-reason: MediaRequest
  • flag-us
    GET
    https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    IEXPLORE.EXE
    Remote address:
    104.20.45.9:443
    Request
    GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.modernghana.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 15 Jun 2024 23:46:40 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=31536000
    Location: http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Access-Control-Allow-Origin: *
    CF-Cache-Status: MISS
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 894670dbdde36365-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://www.capitalfm.co.ke/news/files/2012/02/TAKORADI-GHANA.jpg
    IEXPLORE.EXE
    Remote address:
    141.193.213.11:80
    Request
    GET /news/files/2012/02/TAKORADI-GHANA.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.capitalfm.co.ke
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Content-Type: image/jpeg
    Content-Length: 24328
    Connection: keep-alive
    Last-Modified: Thu, 25 Mar 2021 07:59:46 GMT
    ETag: "109cc66f55c86834a0b9cae62cd391a7"
    x-amz-server-side-encryption: AES256
    Expires: Mon, 15 Jul 2024 23:46:39 GMT
    Cache-Control: max-age=2592000
    CF-Cache-Status: MISS
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 894670d5efc69478-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    23.63.101.171
    a1952.dscq.akamai.net
    IN A
    23.63.101.153
  • flag-nl
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    23.63.101.171:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Sun, 16 Jun 2024 00:46:39 GMT
    Date: Sat, 15 Jun 2024 23:46:39 GMT
    Connection: keep-alive
  • flag-us
    GET
    http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png
    IEXPLORE.EXE
    Remote address:
    3.33.130.190:80
    Request
    GET /wp-content/plugins/pe_estro_slider/resources/img/blank.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: vmg1.info
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: openresty
    Date: Sat, 15 Jun 2024 23:46:47 GMT
    Content-Type: text/html
    Content-Length: 114
    Connection: keep-alive
  • flag-us
    DNS
    cdn.modernghana.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cdn.modernghana.com
    IN A
    Response
    cdn.modernghana.com
    IN A
    104.20.44.9
    cdn.modernghana.com
    IN A
    104.20.45.9
  • flag-us
    GET
    http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    IEXPLORE.EXE
    Remote address:
    104.20.44.9:80
    Request
    GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdn.modernghana.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 15 Jun 2024 23:46:40 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Sun, 16 Jun 2024 00:46:40 GMT
    Location: https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 894670dcbb8063cf-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    IEXPLORE.EXE
    Remote address:
    104.20.44.9:443
    Request
    GET /images/content3/240x_mg_d82dlp1jam_50055069.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdn.modernghana.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 15 Jun 2024 23:46:41 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=31536000
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Access-Control-Allow-Origin: *
    CF-Cache-Status: MISS
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 894670de9bd977ab-LHR
    Content-Encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    kitnes.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    kitnes.net
    IN A
    Response
  • 142.250.200.10:80
    http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=6867
    http
    IEXPLORE.EXE
    1.2kB
    35.5kB
    19
    29

    HTTP Request

    GET http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=6867

    HTTP Response

    200
  • 3.33.130.190:80
    http://vmg1.info/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35
    http
    IEXPLORE.EXE
    973 B
    1.2kB
    7
    8

    HTTP Request

    GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/themes/allskins.min.css?ver=1.0

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=A34DCDC237A4C3F2637ADD03B5B1CB35

    HTTP Response

    200
  • 142.250.180.1:80
    http://3.bp.blogspot.com/-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg
    http
    IEXPLORE.EXE
    1.3kB
    40.0kB
    22
    33

    HTTP Request

    GET http://3.bp.blogspot.com/-PRigyjnz6z8/UEUW71mnNnI/AAAAAAAABYM/rrZqFvVpTD4/s1600/Ghana.jpg

    HTTP Response

    200
  • 142.250.178.22:80
    http://i.ytimg.com/vi/7Uv4gomFNYw/0.jpg
    http
    IEXPLORE.EXE
    555 B
    1.6kB
    6
    5

    HTTP Request

    GET http://i.ytimg.com/vi/7Uv4gomFNYw/0.jpg

    HTTP Response

    404
  • 142.250.180.1:80
    3.bp.blogspot.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 142.250.178.22:80
    i.ytimg.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 104.20.45.9:80
    img.modernghana.com
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 104.20.45.9:80
    http://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    http
    IEXPLORE.EXE
    590 B
    739 B
    6
    4

    HTTP Request

    GET http://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

    HTTP Response

    301
  • 142.250.200.10:80
    ajax.googleapis.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 3.33.130.190:80
    http://vmg1.info/wp-content/uploads/2011/08/LinkedIn.png
    http
    IEXPLORE.EXE
    1.9kB
    2.1kB
    11
    14

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/css/reset.css

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/css/dropdown.css

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/js/custom.js?ver=1.0

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/js/prettyPhoto.js

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/uploads/2011/08/LinkedIn.png

    HTTP Response

    200
  • 3.33.130.190:80
    http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png
    http
    IEXPLORE.EXE
    1.6kB
    1.2kB
    8
    10

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/js/superfish.js?ver=1.0

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/plugins/mappress-google-maps-for-wordpress/css/mappress.css?ver=2.39.2

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/pe.kenburns/jquery.pixelentity.kenburnsSlider.min.js?ver=1.0

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png
  • 3.33.130.190:80
    http://vmg1.info/wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0
    http
    IEXPLORE.EXE
    1.1kB
    1.6kB
    9
    9

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/js/jquery.imgr.min.js?ver=1.1

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/thumb.php?src=http://vmg1.info/wp-content/uploads/2011/09/fakelogo.png&w=490&h=65&zc=0

    HTTP Response

    200
  • 3.33.130.190:80
    http://vmg1.info/wp-content/uploads/2011/08/Twitter.png
    http
    IEXPLORE.EXE
    1.9kB
    2.1kB
    11
    14

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/js/jquery.formalize.js?ver=1.2

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/css/grid.css

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/css/prettyphoto.css

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/js/slides.min.jquery.js

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/uploads/2011/08/Twitter.png

    HTTP Response

    200
  • 3.33.130.190:80
    http://vmg1.info/wp-content/uploads/2011/08/facebook.png
    http
    IEXPLORE.EXE
    1.9kB
    2.1kB
    11
    14

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/js/jquery.smooth-scroll.min.js?ver=1.4

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/css/master.css

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/themes/onyx/style5.css

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-includes/js/comment-reply.min.js?ver=6867

    HTTP Response

    200

    HTTP Request

    GET http://vmg1.info/wp-content/uploads/2011/08/facebook.png

    HTTP Response

    200
  • 192.64.80.67:80
    http://www.ghanatoghana.com/wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg
    http
    IEXPLORE.EXE
    591 B
    2.0kB
    6
    6

    HTTP Request

    GET http://www.ghanatoghana.com/wp-content/uploads/2012/06/Accra-Mall-Ghana.jpg

    HTTP Response

    200
  • 192.64.80.67:80
    www.ghanatoghana.com
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 3.130.253.23:80
    omgghana.com
    http
    IEXPLORE.EXE
    236 B
    365 B
    5
    3

    HTTP Response

    408
  • 3.130.253.23:80
    http://omgghana.com/wp-content/uploads/2012/02/515158.jpg
    http
    IEXPLORE.EXE
    527 B
    349 B
    5
    4

    HTTP Request

    GET http://omgghana.com/wp-content/uploads/2012/02/515158.jpg

    HTTP Response

    404
  • 104.20.45.9:443
    https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    tls, http
    IEXPLORE.EXE
    1.1kB
    5.3kB
    10
    9

    HTTP Request

    GET https://img.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

    HTTP Response

    301
  • 141.193.213.11:80
    http://www.capitalfm.co.ke/news/files/2012/02/TAKORADI-GHANA.jpg
    http
    IEXPLORE.EXE
    994 B
    25.7kB
    15
    22

    HTTP Request

    GET http://www.capitalfm.co.ke/news/files/2012/02/TAKORADI-GHANA.jpg

    HTTP Response

    200
  • 141.193.213.11:80
    www.capitalfm.co.ke
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 23.63.101.171:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    369 B
    1.6kB
    5
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 3.33.130.190:80
    http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png
    http
    IEXPLORE.EXE
    643 B
    770 B
    7
    6

    HTTP Request

    GET http://vmg1.info/wp-content/plugins/pe_estro_slider/resources/img/blank.png

    HTTP Response

    200
  • 104.20.44.9:80
    http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    http
    IEXPLORE.EXE
    550 B
    1.3kB
    5
    5

    HTTP Request

    GET http://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

    HTTP Response

    301
  • 104.20.44.9:80
    cdn.modernghana.com
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 104.20.44.9:443
    https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg
    tls, http
    IEXPLORE.EXE
    1.0kB
    5.7kB
    9
    10

    HTTP Request

    GET https://cdn.modernghana.com/images/content3/240x_mg_d82dlp1jam_50055069.jpg

    HTTP Response

    404
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
    7.7kB
    9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
    7.7kB
    9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    785 B
    7.7kB
    9
    13
  • 8.8.8.8:53
    vmg1.info
    dns
    IEXPLORE.EXE
    55 B
    87 B
    1
    1

    DNS Request

    vmg1.info

    DNS Response

    3.33.130.190
    15.197.148.33

  • 8.8.8.8:53
    ajax.googleapis.com
    dns
    IEXPLORE.EXE
    65 B
    81 B
    1
    1

    DNS Request

    ajax.googleapis.com

    DNS Response

    142.250.200.10

  • 8.8.8.8:53
    www.capitalfm.co.ke
    dns
    IEXPLORE.EXE
    65 B
    133 B
    1
    1

    DNS Request

    www.capitalfm.co.ke

    DNS Response

    141.193.213.11
    141.193.213.10

  • 8.8.8.8:53
    ghanasuperstar.com
    dns
    IEXPLORE.EXE
    64 B
    137 B
    1
    1

    DNS Request

    ghanasuperstar.com

  • 8.8.8.8:53
    3.bp.blogspot.com
    dns
    IEXPLORE.EXE
    63 B
    124 B
    1
    1

    DNS Request

    3.bp.blogspot.com

    DNS Response

    142.250.180.1

  • 8.8.8.8:53
    www.ghanatoghana.com
    dns
    IEXPLORE.EXE
    66 B
    96 B
    1
    1

    DNS Request

    www.ghanatoghana.com

    DNS Response

    192.64.80.67

  • 8.8.8.8:53
    img.modernghana.com
    dns
    IEXPLORE.EXE
    65 B
    97 B
    1
    1

    DNS Request

    img.modernghana.com

    DNS Response

    104.20.45.9
    104.20.44.9

  • 8.8.8.8:53
    omgghana.com
    dns
    IEXPLORE.EXE
    58 B
    188 B
    1
    1

    DNS Request

    omgghana.com

    DNS Response

    3.130.253.23
    3.130.204.160

  • 8.8.8.8:53
    kitnes.net
    dns
    IEXPLORE.EXE
    56 B
    56 B
    1
    1

    DNS Request

    kitnes.net

  • 8.8.8.8:53
    www.africasoccernet.com
    dns
    IEXPLORE.EXE
    69 B
    159 B
    1
    1

    DNS Request

    www.africasoccernet.com

  • 8.8.8.8:53
    i.ytimg.com
    dns
    IEXPLORE.EXE
    57 B
    249 B
    1
    1

    DNS Request

    i.ytimg.com

    DNS Response

    142.250.178.22
    142.250.187.246
    216.58.201.118
    142.250.180.22
    142.250.200.54
    142.250.179.246
    172.217.16.246
    142.250.187.214
    172.217.169.54
    142.250.200.22
    216.58.212.246
    216.58.204.86

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
    165 B
    1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    23.63.101.171
    23.63.101.153

  • 8.8.8.8:53
    cdn.modernghana.com
    dns
    IEXPLORE.EXE
    65 B
    97 B
    1
    1

    DNS Request

    cdn.modernghana.com

    DNS Response

    104.20.44.9
    104.20.45.9

  • 8.8.8.8:53
    kitnes.net
    dns
    IEXPLORE.EXE
    56 B
    56 B
    1
    1

    DNS Request

    kitnes.net

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    09852f7adf7d9f27a344c099c2838fef

    SHA1

    d5c59176a6fafb627bde0feed69548199e6317fd

    SHA256

    c7e1b73961cbf7f1f8b414139825c11f400425fdbd927f1fb551107ee80c048b

    SHA512

    10769a74e7e7047dee311fd20ca61480b2054b9bfc18dfcd1e9a5ffd8125d5680047d231dca8a70e51ebbda5a7c1269eb341d4c96440132c6b4f7dab0e7ef91d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9f302b4df2472ff106aff48bdcfdc80e

    SHA1

    94fc59855276bd61d6403f522e47d9f2c3bb3129

    SHA256

    0676c1a9d3bcd21a554bf90e40171ae1594fb615a48f9de9356fe1764a0efa25

    SHA512

    c6ed73fbac17ebe9941243d5497a382b28e8fef2d174061be36d5184d507bb20fe0eafc81ec0e1cf577bc03cfc95a8f91ead5dfc7ebd05ae6479535b8f6ecd13

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2b7b4328f7cd29de54135dbccf3ac9e

    SHA1

    adf47f9b18f032a27420d58ba703a135c8be09ee

    SHA256

    67ff113c3a72b7989ef53ed964ff64d1e041acc30a6c5f9b2f1227ec3617c1c8

    SHA512

    a7f2a8230b438074b16d8aba5a4d27309febaeebe84391dfe6596255a308b4525a11edadfb75a9993209596270f8a446985e660d9ed4b14b09b0827827e90848

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    85c375e7df2b39260cc28a28940fdab3

    SHA1

    be31127c00e2d437bb5b47aeffcfb044cc6d6e27

    SHA256

    b2c5489995c60477cea7f93f0e016cedab1035af78da4ff198f15c356b6e8954

    SHA512

    70b0f091be05e0afe04fb48dcf9a0484c7b3cbd7051096114dff960ca8c069b069d735c1412af2aefd8d22c4e9949103fdbc0d806c4c726d5ee3e23926b3414c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c3349e982809f2836e4376c4892f2998

    SHA1

    4611a8ee19014bb4c4657a9c05589c6dc0dbb0ae

    SHA256

    3b1df4e04a3b586ed4cc63767ba2efc1c9ba6f20adcfc66829f67608e2393a9d

    SHA512

    d79d5c883c9e4dfe3c9abd739e0780ccf07848ee15dfc78ec7408e14ed998cd79826254001b94cb35be6a87b471b78e7475d3df98d5199edf16125067a4637db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    efa0a38b62350b85e6deb9ad1c40b391

    SHA1

    84abb0d8c20b7d2f28443c407004b1a48c0edd5d

    SHA256

    1ecbb2529506b6643096fc42c311b42a21506ca950f87c5415d03323d4f436a2

    SHA512

    fc05ec04ff80647ea7da92e7aa24da1b4e4c963a1b900316466101cfd833a458882338f8d7aed81b97778693d4896ad844c2e9feccc654ca3c82b15427acd8bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ef1db1eaf4ce5d88666097fc7d1e496c

    SHA1

    b5481ec0a9de0e9783b39e76204fdc34ab42796e

    SHA256

    5959077eb7d8c144d9a94d26a5ba3341da9d049763bd54b40c4647dce1d18a78

    SHA512

    3b428a96e7a8c4fc23c2b73eef2d89a80ee83aa0c295e591fa82d2c8405f176cdd49a9ad2e8e6156e0d81edcb71402946865154a54c0bd3b209e4872c9499d95

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d1ec5c14579fbfefcc207c87f3e71b19

    SHA1

    1825afe49d82c052cc182a3652ccdb658b40a67d

    SHA256

    5c986b41d1336bb6bc525cf90ebee38d028e637d72c08707d6a595affc5af839

    SHA512

    eb80e437ab45b7b179087e3048ce760a85be5ea44ee58832d50cb1b13b5727ff1f98556e0c8df59608b2bb812a174a722f94d761c6b8d5522cf80eeb237450e8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe3d5a7a70a4e7e5da9a82bc5427d67c

    SHA1

    a0c6e5ba5e41b91f35b0861b855760de3b42554a

    SHA256

    864064035e4c13d974d00431aab3dbbe1947697992cd282879cd3451caaa5e2f

    SHA512

    0b137b20212ee9865802af6415437358e044dbbf2099b8dcbe5290f418d47d00109413a52e98a7c419712e7c8f64f77cdc9c425fdc9a8dedc969c03058e67d7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fba98999bb6e30461ff2a34ff4990d12

    SHA1

    7166a88065398ecb517a36b00c24667fb6cc0aed

    SHA256

    4b1f59e150f850f02ebaaa8e1f4efe3687c0094846d11f517db7dd96665ad8ed

    SHA512

    e2699b85013cf7b94a045401b390a58ca6047471333dfeb1273e19f289960091658cc4e1c716dcbaecdbe17c6d29f9e96c6de704f452c7b9de6e02a4a58743d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    216a4b24f4ebef231dd817e89dbf5402

    SHA1

    3224c725b08e49cf1bd2ff23607f836eb0609c3f

    SHA256

    6a40fd44f7158e4c87aeb64b7d272099a6ff15f23e64b1657e452bd3eb23ad32

    SHA512

    7ed32d03e563f05a0b2326f026bb085808d8438c06b6764a6723580bcbd32e3cf1ccbebc160f13f45321844d336dac4ed191b29015e6326104eb9111041e02f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee36aeedf6dc970a8ac804a6b21aad8f

    SHA1

    24f551951e97b6ce0c48fa0273fea509d5a2b7ca

    SHA256

    60f64b3ebf2bb19828f130903cce56725dab745b7af39426b735d778b328f15a

    SHA512

    9d19966aa1de33a63f8bc056c5d824bb738e51ba3626980af1fd0f498c3e05ef6c5a781b34e0343e8be8a1444684b1363364785a52cf37428f19beef5049e41e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2da5d644938ac784c7a538016227c2a0

    SHA1

    51965a23b1ff56e305bdbcc06d6b0852480ea1db

    SHA256

    282638a94404009ef1595123b4242bd1e31fa9c05ccabd098cf853b705135ae6

    SHA512

    485a6e83fe792cfb187dfd19db4be671c6e49154e09836f1eb5ae1a6662b28c382c2bfbb02aec691fabe4cbe6099dabf14cad174c5ec2b354f0f995e80803e48

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1845c96586006e035df0ae5386d1c8b0

    SHA1

    0bef50a2e5363958db696c6b66fca8995ab1feb8

    SHA256

    977a296d0e26625c617aff572c404d4610366d549e449e1e54bf112ce9e20bae

    SHA512

    731e46a5720e639098c034582d1d83bc632a0d4211fc65ee4d34f355289d9f1fd3c9ea66299687c171444a01f09f9dfc9fc2f155e554beeb27f40c602b70a5ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e81d62f45746a30ece2ba97ef49fd3d4

    SHA1

    c29a141a38a229b09e599566db7ff9ca6b49e7af

    SHA256

    78397d6823e4a8cd5c360e459d0457f32969586f600b9a8bdf9df0b02c746e58

    SHA512

    adf0505cb434dd2ccf2fabbc2732d0dfa048229b05444b7164b13a6542b9e4c538411bbb10c7672a7788372e2eae440104f2e05ef6946b66f4acbc919db14e66

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ee019ec2a5d1d7210751708f12cdb0c

    SHA1

    36854a194480123c4a3072c70568b67e045e98ab

    SHA256

    60656c3b4f38beacad8d99007053173a6824f9179350742b8c4bf9b5b2870029

    SHA512

    58a6f0ca5a54d651903f9404fcb17c6956a194ea70b49beea779de6430f7765c00cfc312b43248d34ac3088daf0eabbb3fbc9c7068a1074c60e3984622c065bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    874568f8dd5315d99bf2b4305a8f3e0f

    SHA1

    44c5e9496b555bbe35ed194ab8717af1ee233ce1

    SHA256

    d58abcab3939ec4f40b4206e0f916b7bab40f05c3aea11fa816bfbe1156a50ef

    SHA512

    cb3bba238d1a524c8f211ab3a62c6c71f24b0cb031c0d46910251982a19f5afcfe942e6e94f5102327a41dd4e2a53896f3a6bf8fa9c88407522f5e1313e1457e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf56ed6f5bead74e76ab07d5268faa4a

    SHA1

    417a36f442c34943af4f6ffe1bc9ca29510e55ee

    SHA256

    2854ec0500ba18525a9d531049867372b55aa9146e2e8e1d300fb97b8ff32c63

    SHA512

    56a8fedef87763c97e73525e160b181276bd5be4d19e4731dafa1e53df5c075ca61e83bf6f1e5e942ba5917c83ba51c32e0e679389b059df3a3e704d0351ca98

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    badcff8c5f1d082af2132e910991967e

    SHA1

    97073f63da0b4f89778c3b438d63b024a458e59a

    SHA256

    d63a5c29ce9090425ef966140444d2bcef737e2e2a815e6ed1e5cf514fd0c288

    SHA512

    766503f214632fc8309755cf2c29b4d8b7279c0b4d00483a3661a7bb3711d5c891e78263518dc1b900314850644da2f33ebded6ec0155e46e8156e282181087c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\allskins.min[1].htm

    Filesize

    122B

    MD5

    00d64a82ba2d055e5facd3a30efac924

    SHA1

    308e275068e3bec5effca608fe9df2008c979650

    SHA256

    aaa3feed097fda6687c7c27860c24980f3ff105b6f326d10c98854145e9afa6b

    SHA512

    1151e227086964ec19c11eb388ace411a56a6e1da96409b2bfdb5313fb5df75223add437a653decf3afdfbd2be2cde421c512f9de423ad74f2ebbaf81119d8fc

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\master[1].htm

    Filesize

    114B

    MD5

    e89f75f918dbdcee28604d4e09dd71d7

    SHA1

    f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

    SHA256

    6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

    SHA512

    8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

  • C:\Users\Admin\AppData\Local\Temp\Cab5A81.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar5B3F.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.