Network Analysis

GET /r/oSlYJ HTTP/1.1 Host: paste.ee Connection: Keep-Alive

HTTP/1.1 200 OK Date: Thu, 22 Apr 2021 08:19:59 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d9e936a80cc8b667e68f508406a3bc6ee1619079599; expires=Sat, 22-May-21 08:19:59 GMT; path=/; domain=.paste.ee; HttpOnly; SameSite=Lax Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=63072000 X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: HIT Age: 30982 cf-request-id: 099a432f580000d32eef1ce000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iriLzb5KWfU0SS7VvmE50z9UGSQTQTmaf5bU7aXwcu%2Fgz1jYrMUlw3s2VyNvGKjt%2Fjq2UytPgoM6iqWyV3Q5ZI46dYqFWmbk0Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 643d6e2bcabdd32e-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /r/p7EHC HTTP/1.1 Host: paste.ee

HTTP/1.1 200 OK Date: Thu, 22 Apr 2021 08:20:01 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=df4394dfaee39508e62c75dd8ef97c8e61619079601; expires=Sat, 22-May-21 08:20:01 GMT; path=/; domain=.paste.ee; HttpOnly; SameSite=Lax Cache-Control: max-age=2592000 Strict-Transport-Security: max-age=63072000 X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: HIT Age: 30982 cf-request-id: 099a43352a0000d32ebb16d000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Vd7rU30mbpfky36y%2FplwoUJCRcZ1Uoh7yXqRN3EVBicr7hQnZR6h9w9K83Txwxwat3GfkRc0jkt514C5PeljvMSNKXX6mncX3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 643d6e351914d32e-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.32&applang=&machine=1&version=1.3.36.32&userid=&osversion=6.1&servicepack=Service%20Pack%201 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Google Update/1.3.36.32;winhttp X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: clients2.google.com

HTTP/1.1 204 No Content Date: Thu, 22 Apr 2021 08:21:23 GMT Server: GSE Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST /service/update2?cup2key=10:2713802909&cup2hreq=8cab5512950206d82ca4581cc9d1ccfba8c54dfd64bf2baf0aa7e90da4734256 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Google Update/1.3.36.32;winhttp;cup-ecdsa X-Old-UID: cnt=0 X-Goog-Update-AppId: {430FD4D0-B729-4F61-AA34-91526481799D},{8A69D345-D564-463C-AFF1-A69D9E530F96} X-Goog-Update-Updater: Omaha-1.3.36.32 X-Goog-Update-Interactivity: bg X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Content-Length: 1202 Host: update.googleapis.com

HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-hXFMSqi/jmcKiTjUoyKd4A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 22 Apr 2021 08:21:27 GMT X-Cup-Server-Proof: 3045022100d3d6d7461ac242465a07b3e0cf676b526c087876e72f2e9ecb1c48171fadcf24022068cd5c618ae14d7f634e45db7dc74e88cc79695228aeb89c414c7b8c8ff7a5e1:8cab5512950206d82ca4581cc9d1ccfba8c54dfd64bf2baf0aa7e90da4734256 Content-Type: text/xml; charset=UTF-8 X-Daynum: 5225 X-Daystart: 4887 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 200 OK accept-ranges: bytes content-disposition: attachment content-length: 1310832 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "9f6104" last-modified: Tue, 13 Apr 2021 03:03:58 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Thu, 22 Apr 2021 08:17:31 GMT age: 239 cache-control: public,max-age=3600

GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=0-4915 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 4916 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "9f6104" last-modified: Tue, 13 Apr 2021 03:03:58 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Thu, 22 Apr 2021 08:17:31 GMT age: 258 content-range: bytes 0-4915/1310832 cache-control: public,max-age=3600

GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=4916-13188 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: edgedl.gvt1.com

HTTP/1.1 206 Partial Content accept-ranges: bytes content-disposition: attachment content-length: 8273 content-security-policy: default-src 'none' content-type: application/octet-stream etag: "9f6104" last-modified: Tue, 13 Apr 2021 03:03:58 GMT server: Google-Edge-Cache x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 0 date: Thu, 22 Apr 2021 08:21:20 GMT age: 34 content-range: bytes 4916-13188/1310832 cache-control: public,max-age=3600