mydoom | d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2024, 01:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe
Size

29KB
MD5

fd64ed4d2a402069c8ab844a5bc95b18
SHA1

eb5f8571878388ef0617a8fa69200574631af345
SHA256

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8
SHA512

b051fd7501e759cd9bb945653309528d1cce0fd5bbc1181a064a8dfe9b2b948cc17b0f673f756b4eead2b36adf9193e6c0eed03945a3c0b341e2456b11910bb3
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/EL:AEwVs+0jNDY1qi/qcL

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 5 IoCs

resource	yara_rule
behavioral2/memory/4004-13-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral2/memory/4004-56-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral2/memory/4004-92-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral2/memory/4004-198-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral2/memory/4004-202-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 1 IoCs

pid	Process
1292	services.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4004-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/files/0x000b000000023b92-4.dat	upx
behavioral2/memory/1292-5-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/4004-13-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/1292-15-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-16-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-28-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-33-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-38-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-40-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-45-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-50-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1292-52-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/4004-56-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/1292-57-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/files/0x0005000000000707-70.dat	upx
behavioral2/memory/4004-92-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/1292-139-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/4004-198-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/1292-199-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/4004-202-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/1292-203-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe
File opened for modification	C:\Windows\java.exe	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe
File created	C:\Windows\java.exe	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 1292	4004	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe	83
PID 4004 wrote to memory of 1292	4004	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe	83
PID 4004 wrote to memory of 1292	4004	d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe	83

C:\Users\Admin\AppData\Local\Temp\d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe
"C:\Users\Admin\AppData\Local\Temp\d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:1292

Network

DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

210.179.15.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.179.15.23.in-addr.arpa

IN PTR

Response

210.179.15.23.in-addr.arpa

IN PTR

a23-15-179-210deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

m-ou.se

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

m-ou.se

IN MX

Response

m-ou.se

IN MX

aspmxlgooglecom

m-ou.se

IN MX

alt2�'

m-ou.se

IN MX

aspmx4 googlemail�6

m-ou.se

IN MX

alt1�'

m-ou.se

IN MX

aspmx2�e

m-ou.se

IN MX

aspmx3�e

m-ou.se

IN MX

aspmx5�e
DNS

aspmx.l.google.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

aspmx.l.google.com

IN A

Response

aspmx.l.google.com

IN A

142.250.27.26
DNS

acm.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

acm.org

IN MX

Response

acm.org

IN MX

mail mailroutenet
DNS

mail.mailroute.net

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

mail.mailroute.net

IN A

Response

mail.mailroute.net

IN A

199.89.3.120

mail.mailroute.net

IN A

199.89.1.120
DNS

cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

cs.stanford.edu

IN MX

Response

cs.stanford.edu

IN MX

smtp2�

cs.stanford.edu

IN MX

�

cs.stanford.edu

IN MX

smtp1�
DNS

smtp2.cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

smtp2.cs.stanford.edu

IN A

Response

smtp2.cs.stanford.edu

IN A

171.64.64.26
DNS

burtleburtle.net

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

burtleburtle.net

IN MX

Response

burtleburtle.net

IN MX

mx�
DNS

mx.burtleburtle.net

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

mx.burtleburtle.net

IN A

Response

mx.burtleburtle.net

IN A

65.254.254.51

mx.burtleburtle.net

IN A

65.254.254.52

mx.burtleburtle.net

IN A

65.254.254.50
DNS

alumni.caltech.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

alumni.caltech.edu

IN MX

Response

alumni.caltech.edu

IN MX

alumni-caltech-edumail protectionoutlookcom
DNS

alumni-caltech-edu.mail.protection.outlook.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

alumni-caltech-edu.mail.protection.outlook.com

IN A

Response

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.10.6

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.40.6

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.194.13

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.9.21
DNS

gzip.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

gzip.org

IN MX

Response

gzip.org

IN MX

�
DNS

gzip.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

gzip.org

IN A

Response

gzip.org

IN A

85.187.148.2
DNS

www.altavista.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

www.altavista.com

IN A

Response

www.altavista.com

IN CNAME

us.yhs4.search.yahoo.com

us.yhs4.search.yahoo.com

IN CNAME

ds-global3.l7.search.ystg1.b.yahoo.com

ds-global3.l7.search.ystg1.b.yahoo.com

IN A

212.82.100.137
DNS

search.yahoo.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

search.yahoo.com

IN A

Response

search.yahoo.com

IN CNAME

ds-global3.l7.search.ystg1.b.yahoo.com

ds-global3.l7.search.ystg1.b.yahoo.com

IN A

212.82.100.137
GET

http://www.altavista.com/web/results?q=mailto+burtleburtle.net&kgs=0&kls=0&nbq=20

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=mailto+burtleburtle.net&kgs=0&kls=0&nbq=20 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Tue, 24 Dec 2024 01:51:51 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://search.yahoo.com/?fr=altavista
cache-control: private
content-type: text/html
x-envoy-upstream-service-time: 1
server: ATS
Content-Encoding: gzip
Content-Length: 1519
Age: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.altavista.com/web/results?q=burtleburtle.net+e-mail&kgs=0&kls=0&nbq=50

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=burtleburtle.net+e-mail&kgs=0&kls=0&nbq=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Tue, 24 Dec 2024 01:51:51 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://search.yahoo.com/?fr=altavista
cache-control: private
content-type: text/html
x-envoy-upstream-service-time: 1
server: ATS
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.altavista.com/web/results?q=mailto+cs.stanford.edu&kgs=0&kls=0&nbq=20

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=mailto+cs.stanford.edu&kgs=0&kls=0&nbq=20 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Tue, 24 Dec 2024 01:51:51 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://search.yahoo.com/?fr=altavista
cache-control: private
content-type: text/html
x-envoy-upstream-service-time: 1
server: ATS
Content-Encoding: gzip
Age: 2
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.altavista.com/web/results?q=mail+m-ou.se&kgs=0&kls=0&nbq=50

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=mail+m-ou.se&kgs=0&kls=0&nbq=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Tue, 24 Dec 2024 01:51:52 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://search.yahoo.com/?fr=altavista
cache-control: private
content-type: text/html
x-envoy-upstream-service-time: 2
server: ATS
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.altavista.com/web/results?q=reply+burtleburtle.net&kgs=0&kls=0&nbq=50

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=reply+burtleburtle.net&kgs=0&kls=0&nbq=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

date: Tue, 24 Dec 2024 01:51:53 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://search.yahoo.com/?fr=altavista
cache-control: private
content-type: text/html
x-envoy-upstream-service-time: 1
server: ATS
Content-Encoding: gzip
Content-Length: 1519
Age: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://search.yahoo.com/search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 24 Dec 2024 01:51:51 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100
Content-Length: 25
Content-Type: text/html
DNS

www.google.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.164
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+cs.stanford.edu&num=50

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+cs.stanford.edu&num=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjC2Xz7QZb2VqeUfQdPNpsKsOxxIGHbR5RoLDcZt-_8pvyzxKxDwUo81meFyFaWWyB0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIt6eouwYQn6HmywMSBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Z9uhQ4e3WdqMPJnrbtvS0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:51 GMT
Server: gws
Content-Length: 490
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-VSHafl0DE_JdZ0j53KfCK85Bup_6FqbwElLDWyRkKtASRENuVv3uk; expires=Sun, 22-Jun-2025 01:51:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Demail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjARsqXAhKPAAk7sNsdq-Vvd5iORpP32sfOVbfRsC9-L65ZpLa7ekRoX3EileRa1BL8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Demail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjARsqXAhKPAAk7sNsdq-Vvd5iORpP32sfOVbfRsC9-L65ZpLa7ekRoX3EileRa1BL8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:52 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3306
X-XSS-Protection: 0
GET

https://search.yahoo.com/search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 200 OK

expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
secure_search_bypass: true
content-security-policy: frame-ancestors 'none'; base-uri 'self'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-skURkxAKbcbsPmJliGUveQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com https://*.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://interactives.ap.org; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; media-src * blob:; object-src 'self' https://*.yimg.com; connect-src * blob:; font-src * data:; child-src blob:;
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 24 Dec 2024 01:51:51 GMT
x-envoy-upstream-service-time: 11
server: ATS
x-envoy-decorator-operation: sfe-k8s--syc-production-bf1.search--web-syc-k8s.svc.yahoo.local:4080/*
Age: 2
Transfer-Encoding: chunked
Connection: keep-alive
GET

https://search.yahoo.com/search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com
Cookie: PROMO=ono_sc=2&ono_fts=1735005111&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005111&ltv_sts=1735005112&ltv_c=2

Response

HTTP/1.1 200 OK

expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
secure_search_bypass: true
content-security-policy: frame-ancestors 'none'; base-uri 'self'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-huqam/hx8//23ZR8++KHuw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com https://*.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://interactives.ap.org; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; media-src * blob:; object-src 'self' https://*.yimg.com; connect-src * blob:; font-src * data:; child-src blob:;
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 24 Dec 2024 01:51:52 GMT
x-envoy-upstream-service-time: 35
server: ATS
x-envoy-decorator-operation: sfe-k8s--syc-production-bf1.search--web-syc-k8s.svc.yahoo.local:4080/*
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=email+cs.stanford.edu&num=50

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=email+cs.stanford.edu&num=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Demail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjARsqXAhKPAAk7sNsdq-Vvd5iORpP32sfOVbfRsC9-L65ZpLa7ekRoX3EileRa1BL8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIt6eouwYQjeK3_AISBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-aTv__p2SEX4AsZe34GfspQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:51 GMT
Server: gws
Content-Length: 489
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-Wsh1l_-aYk9P8ZjS62qH-z0HE8wDS1HZUaYdIfOKvm2m1qhXDS1Iw; expires=Sun, 22-Jun-2025 01:51:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=alumni.caltech.edu+mailto&num=100

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=alumni.caltech.edu+mailto&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dalumni.caltech.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGLenqLsGIjAOc9n7i6OgFgKcBdexbFHnFZM-8jNGf6fFFI2yWXCx0MpP0iLpT-kcpgjywArqTb4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsIuKeouwYQsuCsfxIEtdewUw
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-NQSpa6FIdjAAi_gn9-SjMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:52 GMT
Server: gws
Content-Length: 494
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-U_XnZXeNGD3lugX7xF9kPqIQl2xwdOAzHGdXu_JJLMtLaNkd-FWJI; expires=Sun, 22-Jun-2025 01:51:52 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=contact+email+burtleburtle.net&num=100

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=contact+email+burtleburtle.net&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcontact%2Bemail%2Bburtleburtle.net%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjB0tHIrr1n3MUZ6QzcHNlaoxPCCgambZW6so2GtBhwRFnybwV6YfvGlQY8dywmd_NIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIuKeouwYQmMva9wISBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-fxoN46nvYb3o9jw32Kjzfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:52 GMT
Server: gws
Content-Length: 501
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-U5yPtC7n06cd9OjK2rg88f7p1KPmlYCgVbuX3ZEG1IccfH1Yclljg; expires=Sun, 22-Jun-2025 01:51:52 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=m-ou.se+reply&num=100

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=m-ou.se+reply&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Breply%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCY9WboLuCyM099KX-4Zg3_OCbsUaNRaboafwUjdnWEg6VKxaoXJ-axMFwK0Mzgg6kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsIuaeouwYQr5nyNhIEtdewUw
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-MMRq_ZgbbzIbP2YAsMM8NA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: gws
Content-Length: 482
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-Ws0oGwiQH8ozcesz8RJHBR-1k-uermxl-Q-7WWb8ic2d2ir87M9A; expires=Sun, 22-Jun-2025 01:51:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcontact%2Bemail%2Bburtleburtle.net%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjB0tHIrr1n3MUZ6QzcHNlaoxPCCgambZW6so2GtBhwRFnybwV6YfvGlQY8dywmd_NIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcontact%2Bemail%2Bburtleburtle.net%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjB0tHIrr1n3MUZ6QzcHNlaoxPCCgambZW6so2GtBhwRFnybwV6YfvGlQY8dywmd_NIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:53 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3336
X-XSS-Protection: 0
GET

https://search.yahoo.com/?fr=altavista

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:443

Request

GET /?fr=altavista HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 200 OK

date: Tue, 24 Dec 2024 01:51:51 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
set-cookie: PROMO=ono_sc=1&ono_fts=1735005111&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005111&ltv_sts=1735005111&ltv_c=1; expires=Wed, 24-Dec-2025 01:51:51 GMT; Max-Age=31536000; path=/; domain=.search.yahoo.com
secure_search_bypass: true
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-LRW+l210jRojaAncsO7udw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:;
vary: Accept-Encoding
content-encoding: gzip
cache-control: private
content-length: 43714
content-type: text/html; charset=UTF-8
x-envoy-upstream-service-time: 71
server: ATS
Age: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

https://search.yahoo.com/?fr=altavista

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:443

Request

GET /?fr=altavista HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 200 OK

date: Tue, 24 Dec 2024 01:51:52 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
set-cookie: PROMO=ono_sc=1&ono_fts=1735005112&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005112&ltv_sts=1735005112&ltv_c=1; expires=Wed, 24-Dec-2025 01:51:52 GMT; Max-Age=31536000; path=/; domain=.search.yahoo.com
secure_search_bypass: true
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-G9Tf/iBM7rVLQXG35RmpMg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:;
vary: Accept-Encoding
content-encoding: gzip
cache-control: private
content-length: 43724
content-type: text/html; charset=UTF-8
x-envoy-upstream-service-time: 38
server: ATS
Age: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

https://search.yahoo.com/?fr=altavista

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:443

Request

GET /?fr=altavista HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com
Cookie: PROMO=ono_sc=1&ono_fts=1735005111&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005111&ltv_sts=1735005111&ltv_c=1

Response

HTTP/1.1 200 OK

date: Tue, 24 Dec 2024 01:51:52 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
set-cookie: PROMO=ono_sc=2&ono_fts=1735005111&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005111&ltv_sts=1735005112&ltv_c=2; expires=Wed, 24-Dec-2025 01:51:52 GMT; Max-Age=31536000; path=/; domain=.search.yahoo.com
secure_search_bypass: true
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-uSuKIdH5LR66Nl4V92wfFQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com https://bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:;
vary: Accept-Encoding
content-encoding: gzip
cache-control: private
content-length: 43715
content-type: text/html; charset=UTF-8
x-envoy-upstream-service-time: 34
server: ATS
Age: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
DNS

search.lycos.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

search.lycos.com

IN A

Response

search.lycos.com

IN CNAME

search-core2.bo3.lycos.com

search-core2.bo3.lycos.com

IN A

209.202.254.10
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 24 Dec 2024 01:51:52 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu
Content-Length: 315
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 24 Dec 2024 01:51:52 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu
Content-Length: 311
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjC2Xz7QZb2VqeUfQdPNpsKsOxxIGHbR5RoLDcZt-_8pvyzxKxDwUo81meFyFaWWyB0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjC2Xz7QZb2VqeUfQdPNpsKsOxxIGHbR5RoLDcZt-_8pvyzxKxDwUo81meFyFaWWyB0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:52 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3309
X-XSS-Protection: 0
GET

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 302 Found

Date: Tue, 24 Dec 2024 01:51:52 GMT
Server: Apache
X-Powered-By: PHP/7.2.17
Location: https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+mail&num=20

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+mail&num=20 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmail%26num%3D20&hl=en&q=EgS117BTGLinqLsGIjAEQPK-IO3Du382xQQJY5bJwE9E4gw6crzKkGaBp2ttaZcLUl4jSA9-_5TKnqg0CngyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIuKeouwYQutf77AESBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-rzD1aydc1dfQy89freQ5Zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:52 GMT
Server: gws
Content-Length: 488
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-Xu9L30bFjFIog4EzLcV50CGnfRmrO3b4Tovqxua3VvG4Eu1ookFg; expires=Sun, 22-Jun-2025 01:51:52 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dalumni.caltech.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGLenqLsGIjAOc9n7i6OgFgKcBdexbFHnFZM-8jNGf6fFFI2yWXCx0MpP0iLpT-kcpgjywArqTb4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dalumni.caltech.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGLenqLsGIjAOc9n7i6OgFgKcBdexbFHnFZM-8jNGf6fFFI2yWXCx0MpP0iLpT-kcpgjywArqTb4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:52 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3321
X-XSS-Protection: 0
DNS

164.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.20.217.172.in-addr.arpa

IN PTR

Response

164.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f41e100net

164.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f4�H

164.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f164�H
DNS

137.100.82.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.100.82.212.in-addr.arpa

IN PTR

Response

137.100.82.212.in-addr.arpa

IN PTR

ats1l7searchvipir2yahoocom
DNS

10.254.202.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.254.202.209.in-addr.arpa

IN PTR

Response

10.254.202.209.in-addr.arpa

IN PTR

search-core2bo3lycoscom
GET

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 302 Found

Date: Tue, 24 Dec 2024 01:51:52 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Location: https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 404 Not Found

Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
DNS

r11.o.lencr.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

r11.o.lencr.org

IN A

Response

r11.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

23.1.254.163

a1887.dscq.akamai.net

IN A

23.1.254.176
GET

http://search.yahoo.com/search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive
Cookie: PROMO=ono_sc=1&ono_fts=1735005112&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005112&ltv_sts=1735005112&ltv_c=1

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 24 Dec 2024 01:51:52 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=
Content-Length: 25
Content-Type: text/html
GET

http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

23.1.254.163:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r11.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D032ABAC347D004A17C15FD66E7C421D4E42CD1EFCB6519171313B8A714793EB"
Last-Modified: Sun, 22 Dec 2024 13:48:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17883
Expires: Tue, 24 Dec 2024 06:49:55 GMT
Date: Tue, 24 Dec 2024 01:51:52 GMT
Connection: keep-alive
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmail%26num%3D20&hl=en&q=EgS117BTGLinqLsGIjAEQPK-IO3Du382xQQJY5bJwE9E4gw6crzKkGaBp2ttaZcLUl4jSA9-_5TKnqg0CngyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmail%26num%3D20&hl=en&q=EgS117BTGLinqLsGIjAEQPK-IO3Du382xQQJY5bJwE9E4gw6crzKkGaBp2ttaZcLUl4jSA9-_5TKnqg0CngyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:52 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3303
X-XSS-Protection: 0
GET

http://search.yahoo.com/search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive
Cookie: PROMO=ono_sc=2&ono_fts=1735005111&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005111&ltv_sts=1735005112&ltv_c=2

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 24 Dec 2024 01:51:52 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=
Content-Length: 25
Content-Type: text/html
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mailto+cs.stanford.edu&num=100

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=mailto+cs.stanford.edu&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCdW81YR__K_dgXlOtlSpjKdcF6F8yqnpKSU6vFueWq9md8MQtzctuM6SDue3ZP9yMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsIuaeouwYQvvPrVxIEtdewUw
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-5unJnQxEjc29N82dfaF-3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: gws
Content-Length: 491
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-UxEM6UEtmviXs8NUj74LXw5Rskgxy9da27pvPGvpOeC977_lppE5I; expires=Sun, 22-Jun-2025 01:51:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=acm.org+e-mail&num=100

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=acm.org+e-mail&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dacm.org%2Be-mail%26num%3D100&hl=en&q=EgS117BTGLmnqLsGIjCx9txECyB4th55x9wxAjZF94S4i9Qtnp8B1W8NmodzMrimrPlzczGC_5egcWlWCrgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIuaeouwYQ3JXC6QESBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-p_MqgaEYoIh2NM6sTr72HA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: gws
Content-Length: 483
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-V_m3cfYf4mAb6oHgaLNrDbJGxWNTAUERMwm-Tunv0GY4YKsSAYBw; expires=Sun, 22-Jun-2025 01:51:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Breply%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCY9WboLuCyM099KX-4Zg3_OCbsUaNRaboafwUjdnWEg6VKxaoXJ-axMFwK0Mzgg6kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Breply%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCY9WboLuCyM099KX-4Zg3_OCbsUaNRaboafwUjdnWEg6VKxaoXJ-axMFwK0Mzgg6kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:53 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3285
X-XSS-Protection: 0
GET

https://search.yahoo.com/search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com
Cookie: PROMO=ono_sc=2&ono_fts=1735005111&ltv_pid=altavista&ltv_new=1&ltv_ts=1735005111&ltv_sts=1735005112&ltv_c=2

Response

HTTP/1.1 200 OK

expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
secure_search_bypass: true
content-security-policy: frame-ancestors 'none'; base-uri 'self'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-mdNUztxhvsVU+dC/r7xY/Q==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com https://*.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://interactives.ap.org; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; media-src * blob:; object-src 'self' https://*.yimg.com; connect-src * blob:; font-src * data:; child-src blob:;
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 24 Dec 2024 01:51:53 GMT
x-envoy-upstream-service-time: 9
server: ATS
x-envoy-decorator-operation: sfe-k8s--syc-production-bf1.search--web-syc-k8s.svc.yahoo.local:4080/*
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail
Content-Length: 318
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp/?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 404 Not Found

Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: Apache
X-Powered-By: PHP/7.2.14
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mailto+cs.stanford.edu&num=20

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=mailto+cs.stanford.edu&num=20 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D20&hl=en&q=EgS117BTGLmnqLsGIjABAicHoab70MM-7psj96EHFND__82a7qMNe0MMr8rvlW99PZbDfgW8KWkvC9-EBkAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIuaeouwYQo5LX4wISBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-VCuL5WEIly9woUp9I4-giA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: gws
Content-Length: 490
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-Uyr1tCv4-LuP-IizR7pyDDFlTeLFyu8PPHBkVg0ZXerdANMR2FUQ; expires=Sun, 22-Jun-2025 01:51:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D20&hl=en&q=EgS117BTGLmnqLsGIjABAicHoab70MM-7psj96EHFND__82a7qMNe0MMr8rvlW99PZbDfgW8KWkvC9-EBkAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D20&hl=en&q=EgS117BTGLmnqLsGIjABAicHoab70MM-7psj96EHFND__82a7qMNe0MMr8rvlW99PZbDfgW8KWkvC9-EBkAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:53 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3309
X-XSS-Protection: 0
GET

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 302 Found

Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Location: https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp/?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 404 Not Found

Date: Tue, 24 Dec 2024 01:51:53 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
DNS

96.33.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

96.33.115.104.in-addr.arpa

IN PTR

Response

96.33.115.104.in-addr.arpa

IN PTR

a104-115-33-96deploystaticakamaitechnologiescom
DNS

163.254.1.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.254.1.23.in-addr.arpa

IN PTR

Response

163.254.1.23.in-addr.arpa

IN PTR

a23-1-254-163deploystaticakamaitechnologiescom
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCdW81YR__K_dgXlOtlSpjKdcF6F8yqnpKSU6vFueWq9md8MQtzctuM6SDue3ZP9yMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCdW81YR__K_dgXlOtlSpjKdcF6F8yqnpKSU6vFueWq9md8MQtzctuM6SDue3ZP9yMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:53 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3312
X-XSS-Protection: 0
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dacm.org%2Be-mail%26num%3D100&hl=en&q=EgS117BTGLmnqLsGIjCx9txECyB4th55x9wxAjZF94S4i9Qtnp8B1W8NmodzMrimrPlzczGC_5egcWlWCrgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dacm.org%2Be-mail%26num%3D100&hl=en&q=EgS117BTGLmnqLsGIjCx9txECyB4th55x9wxAjZF94S4i9Qtnp8B1W8NmodzMrimrPlzczGC_5egcWlWCrgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 24 Dec 2024 01:51:53 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3288
X-XSS-Protection: 0
DNS

alt2.aspmx.l.google.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

alt2.aspmx.l.google.com

IN A

Response

alt2.aspmx.l.google.com

IN A

142.250.150.26
DNS

acm.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

acm.org

IN A

Response

acm.org

IN A

104.17.78.30

acm.org

IN A

104.17.79.30
DNS

cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

cs.stanford.edu

IN A

Response

cs.stanford.edu

IN A

171.64.64.64
DNS

burtleburtle.net

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

burtleburtle.net

IN A

Response

burtleburtle.net

IN A

65.254.227.224
DNS

alumni.caltech.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

alumni.caltech.edu

IN A

Response

alumni.caltech.edu

IN A

204.13.239.180
DNS

alumni.caltech.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

Remote address:

8.8.8.8:53

Request

alumni.caltech.edu

IN A

Response

alumni.caltech.edu

IN A

204.13.239.180

10.0.77.20:1034

services.exe

260 B
5
10.135.150.237:1034

services.exe

260 B
5
192.168.2.108:1034

services.exe

260 B
5
172.16.1.4:1034

services.exe

260 B
5
192.168.56.182:1034

services.exe

260 B
5
172.16.1.5:1034

services.exe

260 B
5
142.250.27.26:25

aspmx.l.google.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
199.89.3.120:25

mail.mailroute.net

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
171.64.64.26:25

smtp2.cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
65.254.254.51:25

mx.burtleburtle.net

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
171.64.64.26:25

smtp2.cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
52.101.10.6:25

alumni-caltech-edu.mail.protection.outlook.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
85.187.148.2:25

gzip.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
212.82.100.137:80

http://www.altavista.com/web/results?q=reply+burtleburtle.net&kgs=0&kls=0&nbq=50

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

2.5kB
12.1kB
18
17

HTTP Request

GET http://www.altavista.com/web/results?q=mailto+burtleburtle.net&kgs=0&kls=0&nbq=20

HTTP Response

301

HTTP Request

GET http://www.altavista.com/web/results?q=burtleburtle.net+e-mail&kgs=0&kls=0&nbq=50

HTTP Response

301

HTTP Request

GET http://www.altavista.com/web/results?q=mailto+cs.stanford.edu&kgs=0&kls=0&nbq=20

HTTP Response

301

HTTP Request

GET http://www.altavista.com/web/results?q=mail+m-ou.se&kgs=0&kls=0&nbq=50

HTTP Response

301

HTTP Request

GET http://www.altavista.com/web/results?q=reply+burtleburtle.net&kgs=0&kls=0&nbq=50

HTTP Response

301
212.82.100.137:80

http://search.yahoo.com/search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

579 B
654 B
5
5

HTTP Request

GET http://search.yahoo.com/search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

HTTP Response

301
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Demail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjARsqXAhKPAAk7sNsdq-Vvd5iORpP32sfOVbfRsC9-L65ZpLa7ekRoX3EileRa1BL8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

1.4kB
5.3kB
11
8

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+cs.stanford.edu&num=50

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Demail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjARsqXAhKPAAk7sNsdq-Vvd5iORpP32sfOVbfRsC9-L65ZpLa7ekRoX3EileRa1BL8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
212.82.100.137:443

https://search.yahoo.com/search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

tls, http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

4.6kB
83.5kB
75
73

HTTP Request

GET https://search.yahoo.com/search?p=burtleburtle.net+mail&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

HTTP Response

200

HTTP Request

GET https://search.yahoo.com/search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

HTTP Response

200
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcontact%2Bemail%2Bburtleburtle.net%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjB0tHIrr1n3MUZ6QzcHNlaoxPCCgambZW6so2GtBhwRFnybwV6YfvGlQY8dywmd_NIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

2.8kB
10.0kB
20
17

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=email+cs.stanford.edu&num=50

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=alumni.caltech.edu+mailto&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=contact+email+burtleburtle.net&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=m-ou.se+reply&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcontact%2Bemail%2Bburtleburtle.net%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjB0tHIrr1n3MUZ6QzcHNlaoxPCCgambZW6so2GtBhwRFnybwV6YfvGlQY8dywmd_NIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
212.82.100.137:443

https://search.yahoo.com/?fr=altavista

tls, http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

7.1kB
148.5kB
125
122

HTTP Request

GET https://search.yahoo.com/?fr=altavista

HTTP Response

200

HTTP Request

GET https://search.yahoo.com/?fr=altavista

HTTP Response

200

HTTP Request

GET https://search.yahoo.com/?fr=altavista

HTTP Response

200
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

1.0kB
1.5kB
8
5

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

HTTP Response

301

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

HTTP Response

301
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjC2Xz7QZb2VqeUfQdPNpsKsOxxIGHbR5RoLDcZt-_8pvyzxKxDwUo81meFyFaWWyB0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

904 B
3.8kB
8
5

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D50&hl=en&q=EgS117BTGLenqLsGIjC2Xz7QZb2VqeUfQdPNpsKsOxxIGHbR5RoLDcZt-_8pvyzxKxDwUo81meFyFaWWyB0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
209.202.254.10:443

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

tls, http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

1.2kB
3.9kB
12
8

HTTP Request

GET https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

HTTP Response

302
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dalumni.caltech.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGLenqLsGIjAOc9n7i6OgFgKcBdexbFHnFZM-8jNGf6fFFI2yWXCx0MpP0iLpT-kcpgjywArqTb4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

1.4kB
5.4kB
12
9

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+mail&num=20

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dalumni.caltech.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGLenqLsGIjAOc9n7i6OgFgKcBdexbFHnFZM-8jNGf6fFFI2yWXCx0MpP0iLpT-kcpgjywArqTb4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
209.202.254.10:443

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

tls, http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

2.2kB
17.3kB
25
19

HTTP Request

GET https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

HTTP Response

302

HTTP Request

GET https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

HTTP Response

404
212.82.100.137:80

http://search.yahoo.com/search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

735 B
648 B
6
5

HTTP Request

GET http://search.yahoo.com/search?p=email+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

HTTP Response

301
23.1.254.163:80

http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

428 B
1.0kB
4
3

HTTP Request

GET http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D

HTTP Response

200
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmail%26num%3D20&hl=en&q=EgS117BTGLinqLsGIjAEQPK-IO3Du382xQQJY5bJwE9E4gw6crzKkGaBp2ttaZcLUl4jSA9-_5TKnqg0CngyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

948 B
3.8kB
9
6

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmail%26num%3D20&hl=en&q=EgS117BTGLinqLsGIjAEQPK-IO3Du382xQQJY5bJwE9E4gw6crzKkGaBp2ttaZcLUl4jSA9-_5TKnqg0CngyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
212.82.100.137:80

http://search.yahoo.com/search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

736 B
649 B
6
5

HTTP Request

GET http://search.yahoo.com/search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

HTTP Response

301
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Breply%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCY9WboLuCyM099KX-4Zg3_OCbsUaNRaboafwUjdnWEg6VKxaoXJ-axMFwK0Mzgg6kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

1.9kB
6.9kB
15
12

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mailto+cs.stanford.edu&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=acm.org+e-mail&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Breply%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCY9WboLuCyM099KX-4Zg3_OCbsUaNRaboafwUjdnWEg6VKxaoXJ-axMFwK0Mzgg6kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
212.82.100.137:443

https://search.yahoo.com/search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

tls, http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

3.3kB
52.4kB
50
48

HTTP Request

GET https://search.yahoo.com/search?p=contact+email+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

HTTP Response

200
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

624 B
802 B
6
4

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

HTTP Response

301
209.202.254.10:443

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

tls, http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

1.7kB
16.8kB
22
17

HTTP Request

GET https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=email+cs.stanford.edu

HTTP Response

404
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D20&hl=en&q=EgS117BTGLmnqLsGIjABAicHoab70MM-7psj96EHFND__82a7qMNe0MMr8rvlW99PZbDfgW8KWkvC9-EBkAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

1.4kB
5.3kB
11
8

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mailto+cs.stanford.edu&num=20

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D20&hl=en&q=EgS117BTGLmnqLsGIjABAicHoab70MM-7psj96EHFND__82a7qMNe0MMr8rvlW99PZbDfgW8KWkvC9-EBkAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
209.202.254.10:443

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

tls, http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

2.2kB
17.2kB
24
18

HTTP Request

GET https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

HTTP Response

302

HTTP Request

GET https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+mail

HTTP Response

404
171.64.64.26:25

smtp2.cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

260 B
5
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCdW81YR__K_dgXlOtlSpjKdcF6F8yqnpKSU6vFueWq9md8MQtzctuM6SDue3ZP9yMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

951 B
3.8kB
9
6

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmailto%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGLinqLsGIjCdW81YR__K_dgXlOtlSpjKdcF6F8yqnpKSU6vFueWq9md8MQtzctuM6SDue3ZP9yMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dacm.org%2Be-mail%26num%3D100&hl=en&q=EgS117BTGLmnqLsGIjCx9txECyB4th55x9wxAjZF94S4i9Qtnp8B1W8NmodzMrimrPlzczGC_5egcWlWCrgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

943 B
3.8kB
9
6

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dacm.org%2Be-mail%26num%3D100&hl=en&q=EgS117BTGLmnqLsGIjCx9txECyB4th55x9wxAjZF94S4i9Qtnp8B1W8NmodzMrimrPlzczGC_5egcWlWCrgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
192.168.2.105:1034

services.exe

260 B
5
142.250.150.26:25

alt2.aspmx.l.google.com

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

208 B
4
104.17.78.30:25

acm.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

208 B
4
171.64.64.64:25

cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

208 B
4
171.64.64.64:25

cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

208 B
4
65.254.227.224:25

burtleburtle.net

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

208 B
4
85.187.148.2:25

gzip.org

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

208 B
4
204.13.239.180:25

alumni.caltech.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

208 B
4
171.64.64.64:25

cs.stanford.edu

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

156 B
3
192.168.2.2:1034

services.exe

104 B
2
192.229.221.95:80

8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

210.179.15.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

210.179.15.23.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

m-ou.se

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

53 B
232 B
1
1

DNS Request

m-ou.se
8.8.8.8:53

aspmx.l.google.com

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

64 B
80 B
1
1

DNS Request

aspmx.l.google.com

DNS Response

142.250.27.26
8.8.8.8:53

acm.org

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

53 B
87 B
1
1

DNS Request

acm.org
8.8.8.8:53

mail.mailroute.net

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

64 B
96 B
1
1

DNS Request

mail.mailroute.net

DNS Response

199.89.3.120

199.89.1.120
8.8.8.8:53

cs.stanford.edu

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

61 B
121 B
1
1

DNS Request

cs.stanford.edu
8.8.8.8:53

smtp2.cs.stanford.edu

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

67 B
83 B
1
1

DNS Request

smtp2.cs.stanford.edu

DNS Response

171.64.64.26
8.8.8.8:53

burtleburtle.net

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

62 B
81 B
1
1

DNS Request

burtleburtle.net
8.8.8.8:53

mx.burtleburtle.net

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

65 B
113 B
1
1

DNS Request

mx.burtleburtle.net

DNS Response

65.254.254.51

65.254.254.52

65.254.254.50
8.8.8.8:53

alumni.caltech.edu

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

64 B
126 B
1
1

DNS Request

alumni.caltech.edu
8.8.8.8:53

alumni-caltech-edu.mail.protection.outlook.com

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

92 B
156 B
1
1

DNS Request

alumni-caltech-edu.mail.protection.outlook.com

DNS Response

52.101.10.6

52.101.40.6

52.101.194.13

52.101.9.21
8.8.8.8:53

gzip.org

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

54 B
70 B
1
1

DNS Request

gzip.org
8.8.8.8:53

gzip.org

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

54 B
70 B
1
1

DNS Request

gzip.org

DNS Response

85.187.148.2
8.8.8.8:53

www.altavista.com

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

63 B
157 B
1
1

DNS Request

www.altavista.com

DNS Response

212.82.100.137
8.8.8.8:53

search.yahoo.com

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

62 B
121 B
1
1

DNS Request

search.yahoo.com

DNS Response

212.82.100.137
8.8.8.8:53

www.google.com

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.20.164
8.8.8.8:53

search.lycos.com

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

62 B
109 B
1
1

DNS Request

search.lycos.com

DNS Response

209.202.254.10
8.8.8.8:53

164.20.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

164.20.217.172.in-addr.arpa
8.8.8.8:53

137.100.82.212.in-addr.arpa

dns

73 B
119 B
1
1

DNS Request

137.100.82.212.in-addr.arpa
8.8.8.8:53

10.254.202.209.in-addr.arpa

dns

73 B
113 B
1
1

DNS Request

10.254.202.209.in-addr.arpa
8.8.8.8:53

r11.o.lencr.org

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

61 B
160 B
1
1

DNS Request

r11.o.lencr.org

DNS Response

23.1.254.163

23.1.254.176
8.8.8.8:53

96.33.115.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

96.33.115.104.in-addr.arpa
8.8.8.8:53

163.254.1.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

163.254.1.23.in-addr.arpa
8.8.8.8:53

alt2.aspmx.l.google.com

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

69 B
85 B
1
1

DNS Request

alt2.aspmx.l.google.com

DNS Response

142.250.150.26
8.8.8.8:53

acm.org

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

53 B
85 B
1
1

DNS Request

acm.org

DNS Response

104.17.78.30

104.17.79.30
8.8.8.8:53

cs.stanford.edu

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

61 B
77 B
1
1

DNS Request

cs.stanford.edu

DNS Response

171.64.64.64
8.8.8.8:53

burtleburtle.net

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

62 B
78 B
1
1

DNS Request

burtleburtle.net

DNS Response

65.254.227.224
8.8.8.8:53

alumni.caltech.edu

dns

d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8.exe

128 B
160 B
2
2

DNS Request

alumni.caltech.edu

DNS Request

alumni.caltech.edu

DNS Response

204.13.239.180

DNS Response

204.13.239.180

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\P3VLBWV0.htm

Filesize
162KB

MD5
415dd97c41279e4e976191061cc8d191

SHA1
8c54120a3384cb150bee93c96667b94ef7ab0832

SHA256
9d84b9989ca5388cc8e6c911d419bae3aa90c6c83728150b0a6c9ec3eebf580c

SHA512
ed025481df10da0d5a33997097e691ab787cc4f3b8a38504e80ce8c173da3f9b94d4c4ddf281311da2530bb24dc12b92c4e158fcf92c14b53918cd6a660d2898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G94T3PNL\QYB773JH.htm

Filesize
162KB

MD5
b6f82cd533d0c30c546052715fad6c9e

SHA1
8bbbfdf3908ddd506c1a684e49663b2f25bb4641

SHA256
c0c3bb53ec0870678176edabbcf8b8522862b642069bd912f506e5ac36177486

SHA512
38e490af19e68a2343a1117f204ae9b8b926dd37ee303e3c95b53a3010bc5b18437dad40ca7bba64a3d2b030c8ab6b77ec95c8e94d65dc90fe99036372d48939

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp65F7.tmp

Filesize
29KB

MD5
fd64ed4d2a402069c8ab844a5bc95b18

SHA1
eb5f8571878388ef0617a8fa69200574631af345

SHA256
d2aaeafed75f8368584d8bcba40ddf169092b95151652fc169bda29994fd15b8

SHA512
b051fd7501e759cd9bb945653309528d1cce0fd5bbc1181a064a8dfe9b2b948cc17b0f673f756b4eead2b36adf9193e6c0eed03945a3c0b341e2456b11910bb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
352B

MD5
eb315a33d2bd2ac6d66cf7cb7718afc5

SHA1
63ffdb2933a4e458d0088244dce4129de86310e5

SHA256
39958f230e44bf7d6d63b8943325f3031fe7ab50c2f9c650b6499deae477d7fd

SHA512
c4c0d99c6cac288c8daad392dd1f52dfee0c49b941feed51f85d7ae9881faee67167232c809d44f06fe135ba393ef96a7a9e68fc5d496a790aff70fbcab35183

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
352B

MD5
cb8a8a5bef44d653a74329c476347067

SHA1
21ff7d063dd38fca723660d0d199f8e878339da6

SHA256
7be806c317431e810d5ead819d64d26daa5db45dc14c5757760ba5b4504b892f

SHA512
7d45f2e790c145a2ab390107d5282cf13721d56677069225f0b1c2bc90c98803bd7e10d522cb74861abcd8e1fdc9b2d2623363af2af7f1afbef95cd7f55ecedc

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/1292-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-50-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-28-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-33-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-38-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-40-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-45-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-5-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-52-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-203-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-57-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-16-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-199-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-15-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1292-139-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4004-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/4004-13-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/4004-198-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/4004-92-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/4004-202-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/4004-56-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request