Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Samples 6/...ca.exe
windows7-x64
7Samples 6/...ca.exe
windows10-2004-x64
7Samples 6/...4e.exe
windows7-x64
10Samples 6/...4e.exe
windows10-2004-x64
10Samples 6/...31.exe
windows7-x64
10Samples 6/...31.exe
windows10-2004-x64
10Samples 6/...4b.exe
windows7-x64
7Samples 6/...4b.exe
windows10-2004-x64
7Samples 6/...1a.exe
windows7-x64
10Samples 6/...1a.exe
windows10-2004-x64
10Samples 6/...18.exe
windows7-x64
1Samples 6/...18.exe
windows10-2004-x64
1Samples 7/...22.exe
windows7-x64
3Samples 7/...22.exe
windows10-2004-x64
3Samples 7/...41.exe
windows7-x64
10Samples 7/...41.exe
windows10-2004-x64
10Samples 7/...62.exe
windows7-x64
10Samples 7/...62.exe
windows10-2004-x64
10Samples 7/...c5.exe
windows7-x64
10Samples 7/...c5.exe
windows10-2004-x64
10Samples 7/...a6.exe
windows7-x64
10Samples 7/...a6.exe
windows10-2004-x64
10Samples 7/...64.exe
windows7-x64
10Samples 7/...64.exe
windows10-2004-x64
10Samples 7/...a5.exe
windows7-x64
10Samples 7/...a5.exe
windows10-2004-x64
10Samples 7/...0d.exe
windows7-x64
10Samples 7/...0d.exe
windows10-2004-x64
10Samples 7/...de.exe
windows7-x64
7Samples 7/...de.exe
windows10-2004-x64
7Samples 7/...de.exe
windows7-x64
10Samples 7/...de.exe
windows10-2004-x64
10Resubmissions
07/01/2024, 18:26 UTC
240107-w3ameabffn 10Analysis
-
max time kernel
102s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 18:26 UTC
Static task
static1
Behavioral task
behavioral1
Sample
Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral27
Sample
Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral29
Sample
Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe
Resource
win10v2004-20231215-en
General
-
Target
Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe
-
Size
248KB
-
MD5
14c45fa75b1f8644c5fe37ca234a456b
-
SHA1
056713d15dfa8032597aac2e3f61e6a5794a53e8
-
SHA256
ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a
-
SHA512
b6f212cbb3255c2da4d1935507c5f83833bbeea3b6aca7c0632852db2018dc1a667756b8693a50793cc1ea75296fc13b60eea8c0b645a9e7c901a69a6adbbc21
-
SSDEEP
3072:A9orP+stnvfG4+zxvGz/QUVcRe/1nkJuTby/cT2cARxVC09++zu:SoCshG4qx1UVco/1aYySAR+
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://dpav.cc/tmp/
http://lrproduct.ru/tmp/
http://kggcp.com/tmp/
http://talesofpirates.net/tmp/
http://pirateking.online/tmp/
http://piratia.pw/tmp/
http://go-piratia.ru/tmp/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself 1 IoCs
pid Process 3520 Process not Found -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4216 ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe 4216 ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4216 ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Samples 6\ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe"C:\Users\Admin\AppData\Local\Temp\Samples 6\ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4216
Network
-
Remote address:8.8.8.8:53Request19.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.177.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request59.128.231.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestdpav.ccIN AResponsedpav.ccIN A211.181.24.133dpav.ccIN A123.140.161.243dpav.ccIN A175.120.254.9dpav.ccIN A211.171.233.129dpav.ccIN A180.94.156.61dpav.ccIN A189.232.1.60dpav.ccIN A190.224.203.37dpav.ccIN A175.126.109.15dpav.ccIN A109.175.29.39dpav.ccIN A186.13.17.220
-
Remote address:211.181.24.133:80RequestPOST /tmp/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jwatyipdwmeik.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 226
Host: dpav.cc
-
Remote address:8.8.8.8:53Request11.2.37.23.in-addr.arpaIN PTRResponse11.2.37.23.in-addr.arpaIN PTRa23-37-2-11deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestlrproduct.ruIN AResponse
-
Remote address:8.8.8.8:53Requestlrproduct.ruIN AResponse
-
Remote address:8.8.8.8:53Request133.24.181.211.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestkggcp.comIN AResponse
-
Remote address:8.8.8.8:53Requesttalesofpirates.netIN AResponsetalesofpirates.netIN A104.21.1.180talesofpirates.netIN A172.67.129.176
-
Remote address:104.21.1.180:80RequestPOST /tmp/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://sohxfuborahxc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 137
Host: talesofpirates.net
ResponseHTTP/1.1 301 Moved Permanently
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 07 Jan 2024 19:34:11 GMT
Location: https://talesofpirates.net/tmp/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qikrhStPhb4jdXXmJUSTg9On7He3waaK0Ww6FCsHh%2F%2BU8SDS6WkB0YoYjhrj36Ck7blCYjUBD%2F9cMQkXCMtqd9VptGG3SWVZbAXEH8NeERKglnmqE8WjeS1M08rjoCr4S9UDVg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 841e4b2089b3731b-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.1.180:443RequestGET /tmp/ HTTP/1.1
Connection: Keep-Alive
Accept: */*
Referer: http://sohxfuborahxc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: talesofpirates.net
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ug4q4d6cc8ttmdcaotatusrl8j; path=/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJ2MppETchxq1cYixgnRITA4xBM6vIPw6GqSLh%2BzIlGSeJWXtCcJKhPGk801BlZ5a7pDuoyg%2B7ON9XeM01N1CinIzY7Fq8rIs9rmbDAA%2FZksXs0YmI9oH4YrFWVveAU1NDL1bKw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 841e4b4dc83d63e7-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request180.1.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request180.1.21.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request232.135.221.88.in-addr.arpaIN PTRResponse232.135.221.88.in-addr.arpaIN PTRa88-221-135-232deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request150.1.37.23.in-addr.arpaIN PTRResponse150.1.37.23.in-addr.arpaIN PTRa23-37-1-150deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestpirateking.onlineIN AResponsepirateking.onlineIN A172.67.180.11pirateking.onlineIN A104.21.96.118
-
Remote address:8.8.8.8:53Requestpirateking.onlineIN A
-
Remote address:172.67.180.11:80RequestPOST /tmp/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://pvasducwsnbk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 141
Host: pirateking.online
ResponseHTTP/1.1 301 Moved Permanently
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 07 Jan 2024 19:34:20 GMT
Location: https://pirateking.online/tmp/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXBIHSRHfXFDdBUnrCwYpKkSUBdWL410VWodhKWUHTy95z24nx3azzZNZJq6Ur%2FZs64pR%2BCyFvtCQowLbcKc4xyThau8WvhbtnuiD1OXjMUUpFBWWvbJFdoflm9xD0CCzgt6zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 841e4b567cdb79ba-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.180.11:443RequestGET /tmp/ HTTP/1.1
Connection: Keep-Alive
Accept: */*
Referer: http://pvasducwsnbk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: pirateking.online
ResponseHTTP/1.1 520
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nIIFjTlFsAb3f5M6KQ9Ef48iIvWnQDEn%2FCzNeYwALRXb3v1y2E65qR3qywdfUkbjMAupOZjWs4vWxFWS9hJhWss1oCMWAZIPftluQ6OrFLiegekD7vMDdj4IFaQtiRum1dvUTw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=2592000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 841e4b57cb0c7755-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestpiratia.pwIN AResponsepiratia.pwIN A104.21.79.117piratia.pwIN A172.67.170.133
-
Remote address:104.21.79.117:80RequestPOST /tmp/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://hdyfoqbyrdss.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 237
Host: piratia.pw
-
Remote address:8.8.8.8:53Request11.180.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request117.79.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request117.79.21.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestgo-piratia.ruIN AResponsego-piratia.ruIN A104.21.51.101go-piratia.ruIN A172.67.179.5
-
Remote address:104.21.51.101:80RequestPOST /tmp/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://lswmwcurwnk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 238
Host: go-piratia.ru
ResponseHTTP/1.1 301 Moved Permanently
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 07 Jan 2024 19:34:25 GMT
Location: https://go-piratia.ru/tmp/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OJ7BOmdERqDD26AEu6cTNek58pb9WDsY7gjYj7OjATKdeJ2yBemlP3O%2FfnpJwVEkq34YUKaQTyLTqVgWjNNxtjPNJjrY1ggdKiznI8OOkK9sQ4KlguET3VgXqDvcGHLT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 841e4b74b9b63859-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.51.101:443RequestGET /tmp/ HTTP/1.1
Connection: Keep-Alive
Accept: */*
Referer: http://lswmwcurwnk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: go-piratia.ru
ResponseHTTP/1.1 404 Not Found
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.30
X-IPS-LoggedIn: 0
Vary: Cookie,Accept-Encoding
X-XSS-Protection: 0
X-Frame-Options: sameorigin
Content-Security-Policy: frame-ancestors 'self'
X-Content-Security-Policy: frame-ancestors 'self'
Referrer-Policy: strict-origin-when-cross-origin
Expires: Sun, 07 Jan 2024 18:49:27 GMT
Cache-Control: no-cache="Set-Cookie", max-age=900, public, s-maxage=900, stale-while-revalidate, stale-if-error
Set-Cookie: ips4_IPSSessionFront=7eb3b1231b1937499caf55a2a4be7091; path=/; secure; HttpOnly
Set-Cookie: ips4_chatbox_inRoom=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
Last-Modified: Sun, 07 Jan 2024 18:34:27 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nF2Uclhh08%2FyjydiRTWZmwltm68ePLqI11V7Bi%2Ff0Jo%2BBqrz0xCW8slXrls%2Bmy2FXeRxbVC%2FnrXVXG81ste1bt2JQMWLz%2BMbYm%2B2INDKYDmvOJxXq1Fq1T1W3C%2F3jglC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 841e4b7e48086358-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request101.51.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request186.178.17.96.in-addr.arpaIN PTRResponse186.178.17.96.in-addr.arpaIN PTRa96-17-178-186deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request100.5.17.2.in-addr.arpaIN PTRResponse100.5.17.2.in-addr.arpaIN PTRa2-17-5-100deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request100.5.17.2.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request30.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request187.178.17.96.in-addr.arpaIN PTRResponse187.178.17.96.in-addr.arpaIN PTRa96-17-178-187deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request80.135.221.88.in-addr.arpaIN PTRResponse80.135.221.88.in-addr.arpaIN PTRa88-221-135-80deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request80.135.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTRResponse0.204.248.87.in-addr.arpaIN PTRhttps-87-248-204-0lhrllnwnet
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Responsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTRResponse
-
52 B 1
-
765 B 172 B 6 4
HTTP Request
POST http://dpav.cc/tmp/ -
733 B 861 B 7 5
HTTP Request
POST http://talesofpirates.net/tmp/HTTP Response
301 -
1.7kB 11.6kB 17 17
HTTP Request
GET https://talesofpirates.net/tmp/HTTP Response
200 -
735 B 860 B 7 5
HTTP Request
POST http://pirateking.online/tmp/HTTP Response
301 -
961 B 6.2kB 10 9
HTTP Request
GET https://pirateking.online/tmp/HTTP Response
520 -
1.3kB 144 B 7 3
HTTP Request
POST http://piratia.pw/tmp/ -
931 B 2.2kB 9 7
HTTP Request
POST http://go-piratia.ru/tmp/HTTP Response
301 -
1.7kB 38.1kB 25 35
HTTP Request
GET https://go-piratia.ru/tmp/HTTP Response
404 -
29.1kB 856.6kB 615 619
-
615 B 7.6kB 9 8
-
615 B 7.6kB 9 8
-
615 B 7.6kB 9 8
-
615 B 7.6kB 9 8
-
144 B 158 B 2 1
DNS Request
19.177.190.20.in-addr.arpa
DNS Request
19.177.190.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
146.78.124.51.in-addr.arpa
-
144 B 137 B 2 1
DNS Request
194.178.17.96.in-addr.arpa
DNS Request
194.178.17.96.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
216 B 158 B 3 1
DNS Request
75.159.190.20.in-addr.arpa
DNS Request
75.159.190.20.in-addr.arpa
DNS Request
75.159.190.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
59.128.231.4.in-addr.arpa
-
53 B 213 B 1 1
DNS Request
dpav.cc
DNS Response
211.181.24.133123.140.161.243175.120.254.9211.171.233.129180.94.156.61189.232.1.60190.224.203.37175.126.109.15109.175.29.39186.13.17.220
-
69 B 131 B 1 1
DNS Request
11.2.37.23.in-addr.arpa
-
116 B 116 B 2 2
DNS Request
lrproduct.ru
DNS Request
lrproduct.ru
-
73 B 142 B 1 1
DNS Request
133.24.181.211.in-addr.arpa
-
55 B 55 B 1 1
DNS Request
kggcp.com
-
64 B 96 B 1 1
DNS Request
talesofpirates.net
DNS Response
104.21.1.180172.67.129.176
-
142 B 133 B 2 1
DNS Request
180.1.21.104.in-addr.arpa
DNS Request
180.1.21.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
232.135.221.88.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
150.1.37.23.in-addr.arpa
-
126 B 95 B 2 1
DNS Request
pirateking.online
DNS Request
pirateking.online
DNS Response
172.67.180.11104.21.96.118
-
56 B 88 B 1 1
DNS Request
piratia.pw
DNS Response
104.21.79.117172.67.170.133
-
72 B 134 B 1 1
DNS Request
11.180.67.172.in-addr.arpa
-
144 B 134 B 2 1
DNS Request
117.79.21.104.in-addr.arpa
DNS Request
117.79.21.104.in-addr.arpa
-
59 B 91 B 1 1
DNS Request
go-piratia.ru
DNS Response
104.21.51.101172.67.179.5
-
72 B 134 B 1 1
DNS Request
101.51.21.104.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
186.178.17.96.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
138 B 131 B 2 1
DNS Request
100.5.17.2.in-addr.arpa
DNS Request
100.5.17.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
119.110.54.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
30.243.111.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
187.178.17.96.in-addr.arpa
-
144 B 137 B 2 1
DNS Request
80.135.221.88.in-addr.arpa
DNS Request
80.135.221.88.in-addr.arpa
-
142 B 116 B 2 1
DNS Request
0.204.248.87.in-addr.arpa
DNS Request
0.204.248.87.in-addr.arpa
-
173 B 1
DNS Response
204.79.197.20013.107.21.200
-
72 B 158 B 1 1
DNS Request
79.121.231.20.in-addr.arpa