Network Analysis

GET /ad.php?key=7FFBE5C751C376AB&id=2&gid=173CE49DE95A75A348EF3A7484-BFB70DF153636BA7F3FE4B16D2-C2BDA5B610A27C331E6B HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) UA-CPU: AMD64 Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: noisy-moon-e1cc.ruzon.workers.dev

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 00:57:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221; expires=Wed, 05-May-21 00:57:01 GMT; path=/; domain=.ruzon.workers.dev; HttpOnly; SameSite=Lax CF-Ray: 63aed1e86ca99881-LAX CF-Cache-Status: DYNAMIC cf-request-id: 094121853d00009881679fb000000001 X-Powered-By: PHP/5.4.45 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FTh3RoqtoMIhkJ%2FJhCTs%2Bz8E2sdF0JhfrKHePubSmmIv2%2Ftt8gC0ROUHcl2w%2BzvzsQhnV1cm7vciqCOitqrGdjpa%2BGdy3fROQ%2Fi2XDVU2Ju9QuFVc0fSatK5ERTX%2F%2FpatsM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare Content-Encoding: gzip alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

HEAD /snow.swf HTTP/1.1 Accept: */* User-Agent: contype UA-CPU: AMD64 Accept-Encoding: gzip, deflate Host: noisy-moon-e1cc.ruzon.workers.dev Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221

HTTP/1.1 500 Internal Server Error Date: Mon, 05 Apr 2021 00:57:02 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT CF-RAY: 63aed1f13bd4051f-LAX Server: cloudflare

GET /favicon.ico HTTP/1.1 Accept: */* UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Host: noisy-moon-e1cc.ruzon.workers.dev Connection: Keep-Alive Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221

HTTP/1.1 404 Not Found Date: Mon, 05 Apr 2021 00:57:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive CF-Ray: 63aed1f2ca4f9881-LAX Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED cf-request-id: 0941218bc300009881982e9000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GN8p%2F3aHPfn%2BBy8Rj%2BlFHxqNo5YjAVtfXQcsCjfoSRhH0R8nt9qZHYKLivROiRXK4nsyOWXpD3DbQxhcUHZuZynpOEEW93j3V8lS0Vg8cPpiBHZRa4dnAGRElpFp2GROB80%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare Content-Encoding: gzip alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /snow.swf HTTP/1.1 Accept: */* Accept-Language: en-US Referer: https://noisy-moon-e1cc.ruzon.workers.dev/ad.php?key=7FFBE5C751C376AB&id=2&gid=173CE49DE95A75A348EF3A7484-BFB70DF153636BA7F3FE4B16D2-C2BDA5B x-flash-version: 13,0,0,269 UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Host: noisy-moon-e1cc.ruzon.workers.dev Connection: Keep-Alive Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 00:57:04 GMT Content-Type: application/x-shockwave-flash Content-Length: 7473 Connection: keep-alive CF-Ray: 63aed1fa4aad051f-LAX Accept-Ranges: bytes Age: 6332 Cache-Control: max-age=14400 ETag: "61312b1f9dbd71:0" Last-Modified: Thu, 25 Feb 2021 17:39:09 GMT CF-Cache-Status: HIT cf-request-id: 09412190680000051ff907e000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ThTnPRJE7HaMbFdNK%2BJsvTKpYhMjWo61qd4OQ5Q5MdINGpFZR0yBNN%2F0VG7XLlu4KStKZ9vNr3Xbm1H8WufDm9sOIH0TkaebJvo0sX71TsegGaez7VU6yVCVTWY10SLIDaA%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /3.jpg HTTP/1.1 Accept: */* Accept-Language: en-US Referer: https://noisy-moon-e1cc.ruzon.workers.dev/snow.swf x-flash-version: 13,0,0,269 UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Host: noisy-moon-e1cc.ruzon.workers.dev Connection: Keep-Alive Cookie: __cfduid=d3d1ba4b606c0556953e4933af40c3a751617584221

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 00:57:04 GMT Content-Type: image/jpeg Content-Length: 16029 Connection: keep-alive CF-Ray: 63aed1fc887e051f-LAX Accept-Ranges: bytes Cache-Control: max-age=14400 ETag: "9833d2d79cbd71:0" Last-Modified: Thu, 25 Feb 2021 17:37:09 GMT CF-Cache-Status: REVALIDATED cf-request-id: 09412191d00000051f0dbda000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fEr6TFVRuuPdKgcLUD6feWlRh3pfpyJX8Yf%2FVOd9ktUPZeGN%2BQV9rTsIBX9w5KhpHHbTnMOEqjB%2BXHA1E56Oj8g5H3DcQDhvPDgGQdorUXEqD39cjO3EATLLUGQEcLa8J3I%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) UA-CPU: AMD64 Accept-Encoding: gzip, deflate Host: ehektoe.lncnawgcidtia.xyz Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily Date: Mon, 05 Apr 2021 00:57:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=da2b184ac37cb5653b82412f19bb8783d1617584220; expires=Wed, 05-May-21 00:57:00 GMT; path=/; domain=.lncnawgcidtia.xyz; HttpOnly; SameSite=Lax Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Thu, 19 Nov 1981 08:52:00 GMT Location: https://noisy-moon-e1cc.ruzon.workers.dev/ad.php?key=7FFBE5C751C376AB&id=2&gid=173CE49DE95A75A348EF3A7484-BFB70DF153636BA7F3FE4B16D2-C2BDA5B610A27C331E6B X-Powered-By: PHP/5.4.45 Set-Cookie: PHPSESSID=eoscddliplpirt6hbbo5k06h91; path=/ CF-Cache-Status: DYNAMIC cf-request-id: 09412182b5000054e771a97000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P6bYHdP9YPek3Y1OUtNIuC%2B0%2FXQE%2FYxGnal49LsFyGVglgSMxXDRW%2BX8qqa7e7dGV7pcSGQbDrus0fEjKAc9SaYbkoTX1reSV%2BVdWkMhvKJcpEIqJjkgI8Uf"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63aed1e459de54e7-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /IE9CompatViewList.xml HTTP/1.1 Accept: */* UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Host: ie9cvlist.ie.microsoft.com If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT If-None-Match: 0x8D871FC7BDF491D Connection: Keep-Alive

HTTP/1.1 304 Not Modified Age: 9703 Cache-Control: max-age=21600 Date: Mon, 05 Apr 2021 00:58:00 GMT Etag: 0x8D871FC7BDF491D Last-Modified: Fri, 16 Oct 2020 17:54:09 GMT Server: ECAcc (tka/897A) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 9d88950f-601e-00b2-7da0-291678000000 x-ms-version: 2009-09-19