mydoom | 7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc

Analysis

max time kernel
120s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2024, 16:57 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
Size

29KB
MD5

921834dfef5e09a6dc9de48231310c24
SHA1

169de65f8a8b23a63a805992c7a38c7fad11eee9
SHA256

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc
SHA512

12fc38fd3afedadac9df94ed287f92bee7b1634df8bb4782ea5e24bfda4c82ea8d9bcc6ed0fce2179224653650bb98b5ea4a9523585b8b7cddb8dcb1957e1366
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Thw:AEwVs+0jNDY1qi/q7W

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 2 IoCs

resource	yara_rule
behavioral2/memory/4888-13-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral2/memory/4888-56-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 1 IoCs

pid	Process
3368	services.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4888-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/files/0x0008000000023cb2-4.dat	upx
behavioral2/memory/3368-5-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/4888-13-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/3368-15-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-16-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-28-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-33-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-38-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-40-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-45-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-50-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3368-52-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/4888-56-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/3368-57-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/files/0x00040000000006df-67.dat	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
File opened for modification	C:\Windows\java.exe	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
File created	C:\Windows\java.exe	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 3368	4888	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe	83
PID 4888 wrote to memory of 3368	4888	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe	83
PID 4888 wrote to memory of 3368	4888	7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe	83

C:\Users\Admin\AppData\Local\Temp\7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
"C:\Users\Admin\AppData\Local\Temp\7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:3368

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

180.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.129.81.91.in-addr.arpa

IN PTR

Response
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

181.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.129.81.91.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

m-ou.se

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

m-ou.se

IN MX

Response

m-ou.se

IN MX

aspmx5 googlemailcom

m-ou.se

IN MX

aspmxlgoogle�9

m-ou.se

IN MX

aspmx2�.

m-ou.se

IN MX

alt1�L

m-ou.se

IN MX

alt2�L

m-ou.se

IN MX

aspmx4�.

m-ou.se

IN MX

aspmx3�.
DNS

aspmx5.googlemail.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

aspmx5.googlemail.com

IN A

Response

aspmx5.googlemail.com

IN A

142.250.157.27
DNS

acm.org

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

acm.org

IN MX

Response

acm.org

IN MX

mail mailroutenet
DNS

mail.mailroute.net

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

mail.mailroute.net

IN A

Response

mail.mailroute.net

IN A

199.89.1.120

mail.mailroute.net

IN A

199.89.3.120
DNS

cs.stanford.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

cs.stanford.edu

IN MX

Response

cs.stanford.edu

IN MX

smtp2�

cs.stanford.edu

IN MX

�

cs.stanford.edu

IN MX

smtp1�
DNS

smtp2.cs.stanford.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

smtp2.cs.stanford.edu

IN A

Response

smtp2.cs.stanford.edu

IN A

171.64.64.26
DNS

burtleburtle.net

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

burtleburtle.net

IN MX

Response

burtleburtle.net

IN MX

mx�
DNS

alumni.caltech.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

alumni.caltech.edu

IN MX

Response

alumni.caltech.edu

IN MX

alumni-caltech-edumail protectionoutlookcom
DNS

mx.burtleburtle.net

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

mx.burtleburtle.net

IN A

Response

mx.burtleburtle.net

IN A

65.254.254.51

mx.burtleburtle.net

IN A

65.254.254.52

mx.burtleburtle.net

IN A

65.254.254.50
DNS

alumni-caltech-edu.mail.protection.outlook.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

alumni-caltech-edu.mail.protection.outlook.com

IN A

Response

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.41.56

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.10.18

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.194.0

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.10.2
DNS

gzip.org

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

gzip.org

IN MX

Response

gzip.org

IN MX

�
DNS

gzip.org

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

gzip.org

IN A

Response

gzip.org

IN A

85.187.148.2
DNS

search.yahoo.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

search.yahoo.com

IN A

Response

search.yahoo.com

IN CNAME

ds-global3.l7.search.ystg1.b.yahoo.com

ds-global3.l7.search.ystg1.b.yahoo.com

IN A

212.82.100.137
DNS

search.lycos.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

search.lycos.com

IN A

Response

search.lycos.com

IN CNAME

search-core2.bo3.lycos.com

search-core2.bo3.lycos.com

IN A

209.202.254.10
GET

http://search.yahoo.com/search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:26 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50
Content-Length: 25
Content-Type: text/html
DNS

www.google.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.164
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+cs.stanford.edu&num=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+cs.stanford.edu&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjDgZzBMHoVbJXhvf3uDGTLH99DJMWV7ks274IpVKrRj3gfKD5l9wwLvXaOvaAfHWgUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsI78XQuwYQgoz7EBIEtdewUw
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-5FXp85OtclqmnIilRuWX1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:27 GMT
Server: gws
Content-Length: 491
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-VTj10PyiWvth5V7xqnbL5V6NiR_JQq7amcsctanQ20rg7aXuUEXA; expires=Sun, 29-Jun-2025 16:59:27 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=m-ou.se+mailto

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=m-ou.se+mailto HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Bmailto&hl=en&q=EgS117BTGO_F0LsGIjDMbS6rsmTx1ahz3WdYkO23GMLGuZvKKBIldVEGaAp5-L29FluLh0C96B2qHQFkZZgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwI78XQuwYQ2PKq2gESBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-wMIXohaqZtXkAgd4T4awWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:27 GMT
Server: gws
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-Wy4hAKbNKxHAnjGpstk-eXe-OwNXbYVNYdJ7dovJQP6dEMGJ1DKK8; expires=Sun, 29-Jun-2025 16:59:27 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjB4A68h7bPODnFidv96UWE-3XuSW29daOavsNrvakIe3qf4CS9aHfFrgVe5iHNW8b8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjB4A68h7bPODnFidv96UWE-3XuSW29daOavsNrvakIe3qf4CS9aHfFrgVe5iHNW8b8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 31 Dec 2024 16:59:27 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3282
X-XSS-Protection: 0
GET

https://search.yahoo.com/search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:26 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mail+acm.org&num=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=mail+acm.org&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjB4A68h7bPODnFidv96UWE-3XuSW29daOavsNrvakIe3qf4CS9aHfFrgVe5iHNW8b8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwI7sXQuwYQ0te5xgMSBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-OeQWFMcyrExpgG0Xhb4PFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:26 GMT
Server: gws
Content-Length: 481
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-WdutREl9u6MAsqgwAOXMaFXvdqthvaRHjFFqwfjYYZ6Ho9EBolLw; expires=Sun, 29-Jun-2025 16:59:26 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+mailto&num=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+mailto&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjAYh5OSs7ai2-zG0fPVZ_brLqXNwqjNQTJbEVEm6JMtKiMZo6pKXXeFiTvBGw7dz_kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwI78XQuwYQiduQ8wESBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-7UexoIBasCBXy9QdMwfXtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:27 GMT
Server: gws
Content-Length: 491
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-XDBpH1X6yQntYkciBfNPs_ifmJQCDIng-PhbIxsAoO8Vg5e0EFXg8; expires=Sun, 29-Jun-2025 16:59:27 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mail+acm.org&num=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=mail+acm.org&num=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D50&hl=en&q=EgS117BTGO_F0LsGIjAKYdeeIToqQMzYT-OTrfqQ6JW-FLR2SBWsf-2Ul1tq6AkrTVD7h2PTbNxOUUiKnfUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsI8MXQuwYQ3PGBCRIEtdewUw
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ZN4yDNPNNv9ZhrbL4jmTNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:28 GMT
Server: gws
Content-Length: 480
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-W33tQyVNMN4BFtjLR4pHYq82gw8Fh6S9qhTJcJK5PWjqM25zz2cA; expires=Sun, 29-Jun-2025 16:59:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Bmailto&hl=en&q=EgS117BTGO_F0LsGIjDMbS6rsmTx1ahz3WdYkO23GMLGuZvKKBIldVEGaAp5-L29FluLh0C96B2qHQFkZZgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Bmailto&hl=en&q=EgS117BTGO_F0LsGIjDMbS6rsmTx1ahz3WdYkO23GMLGuZvKKBIldVEGaAp5-L29FluLh0C96B2qHQFkZZgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 31 Dec 2024 16:59:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3252
X-XSS-Protection: 0
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:26 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail
Content-Length: 304
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
DNS

137.100.82.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.100.82.212.in-addr.arpa

IN PTR

Response

137.100.82.212.in-addr.arpa

IN PTR

ats1l7searchvipir2yahoocom
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:26 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu
Content-Length: 315
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 302 Found

Date: Tue, 31 Dec 2024 16:59:27 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Location: https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 302 Found

Date: Tue, 31 Dec 2024 16:59:27 GMT
Server: Apache
X-Powered-By: PHP/7.2.22
Location: https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://search.yahoo.com/search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:27 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100
Content-Length: 25
Content-Type: text/html
GET

https://search.yahoo.com/search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:27 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
DNS

r11.o.lencr.org

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

r11.o.lencr.org

IN A

Response

r11.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

88.221.134.123

a1887.dscq.akamai.net

IN A

88.221.134.106

a1887.dscq.akamai.net

IN A

88.221.134.147

a1887.dscq.akamai.net

IN A

88.221.134.105

a1887.dscq.akamai.net

IN A

88.221.134.146

a1887.dscq.akamai.net

IN A

88.221.134.129

a1887.dscq.akamai.net

IN A

88.221.134.113

a1887.dscq.akamai.net

IN A

88.221.134.112

a1887.dscq.akamai.net

IN A

88.221.134.120
GET

http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

88.221.134.123:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r11.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5EE7117BB5E883491AC8AB6B4DD56FFCCED742B46207FC7C37A153AEFF7ADD36"
Last-Modified: Mon, 30 Dec 2024 01:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3945
Expires: Tue, 31 Dec 2024 18:05:12 GMT
Date: Tue, 31 Dec 2024 16:59:27 GMT
Connection: keep-alive
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjDgZzBMHoVbJXhvf3uDGTLH99DJMWV7ks274IpVKrRj3gfKD5l9wwLvXaOvaAfHWgUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjDgZzBMHoVbJXhvf3uDGTLH99DJMWV7ks274IpVKrRj3gfKD5l9wwLvXaOvaAfHWgUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 31 Dec 2024 16:59:27 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3312
X-XSS-Protection: 0
GET

http://search.yahoo.com/search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:27 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50
Content-Length: 25
Content-Type: text/html
DNS

164.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.20.217.172.in-addr.arpa

IN PTR

Response

164.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f41e100net

164.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f4�H

164.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f164�H
DNS

10.254.202.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.254.202.209.in-addr.arpa

IN PTR

Response

10.254.202.209.in-addr.arpa

IN PTR

search-core2bo3lycoscom
DNS

61.45.26.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

61.45.26.184.in-addr.arpa

IN PTR

Response

61.45.26.184.in-addr.arpa

IN PTR

a184-26-45-61deploystaticakamaitechnologiescom
DNS

123.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.134.221.88.in-addr.arpa

IN PTR

Response

123.134.221.88.in-addr.arpa

IN PTR

a88-221-134-123deploystaticakamaitechnologiescom
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+gzip.org&num=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+gzip.org&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bgzip.org%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjC43krYKthMPDSAuhutX0NHIYc-tEe5tIPkt6SvYoJgbRvNybXAxhIqi39e3BK6yNYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwI8MXQuwYQ17HmnQESBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-32IcdAn5uEXHHYoyNdRJLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:28 GMT
Server: gws
Content-Length: 484
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-X3BqJ8bXBj5U3HNf06bkDqP8ICw0TtvS9HXEMMxl4WE8-wvRucgIs; expires=Sun, 29-Jun-2025 16:59:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjAYh5OSs7ai2-zG0fPVZ_brLqXNwqjNQTJbEVEm6JMtKiMZo6pKXXeFiTvBGw7dz_kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjAYh5OSs7ai2-zG0fPVZ_brLqXNwqjNQTJbEVEm6JMtKiMZo6pKXXeFiTvBGw7dz_kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 31 Dec 2024 16:59:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3312
X-XSS-Protection: 0
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:27 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org
Content-Length: 304
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:27 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail
Content-Length: 320
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://search.yahoo.com/search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:27 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50
Content-Length: 25
Content-Type: text/html
GET

https://search.yahoo.com/search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:28 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

https://search.yahoo.com/search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:28 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 404 Not Found

Date: Tue, 31 Dec 2024 16:59:28 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp/?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 404 Not Found

Date: Tue, 31 Dec 2024 16:59:28 GMT
Server: Apache
X-Powered-By: PHP/7.2.17
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=reply+alumni.caltech.edu&num=20

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=reply+alumni.caltech.edu&num=20 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dreply%2Balumni.caltech.edu%26num%3D20&hl=en&q=EgS117BTGPDF0LsGIjAmCiS3z2hSqk0zwOJ7BLN2yWTLNL22Of8X13iO2tUr9HoPUOU5yLZ6N9TpOAX1SjsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwI8MXQuwYQkNiNvAISBLXXsFM
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-PQeFadAxqATsIOm8nKBbcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:28 GMT
Server: gws
Content-Length: 492
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-VcIJrgcThdrY3LiaIiw8m6C6pP-eCK_a-YI5mu109sbAFYvIfVUQQ; expires=Sun, 29-Jun-2025 16:59:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D50&hl=en&q=EgS117BTGO_F0LsGIjAKYdeeIToqQMzYT-OTrfqQ6JW-FLR2SBWsf-2Ul1tq6AkrTVD7h2PTbNxOUUiKnfUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D50&hl=en&q=EgS117BTGO_F0LsGIjAKYdeeIToqQMzYT-OTrfqQ6JW-FLR2SBWsf-2Ul1tq6AkrTVD7h2PTbNxOUUiKnfUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 31 Dec 2024 16:59:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3279
X-XSS-Protection: 0
DNS

www.altavista.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

8.8.8.8:53

Request

www.altavista.com

IN A

Response

www.altavista.com

IN CNAME

us.yhs4.search.yahoo.com

us.yhs4.search.yahoo.com

IN CNAME

ds-global3.l7.search.ystg1.b.yahoo.com

ds-global3.l7.search.ystg1.b.yahoo.com

IN A

212.82.100.137
GET

http://www.altavista.com/web/results?q=mail+cs.stanford.edu&kgs=0&kls=0&nbq=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=mail+cs.stanford.edu&kgs=0&kls=0&nbq=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:28 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.altavista.com/web/results?q=acm.org+mailto&kgs=0&kls=0&nbq=20

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=acm.org+mailto&kgs=0&kls=0&nbq=20 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:28 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.altavista.com/web/results?q=mail+alumni.caltech.edu&kgs=0&kls=0&nbq=20

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /web/results?q=mail+alumni.caltech.edu&kgs=0&kls=0&nbq=20 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.altavista.com
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:29 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+contact+mail&num=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+contact+mail&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Location: http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bcontact%2Bmail%26num%3D100&hl=en&q=EgS117BTGPDF0LsGIjA76-cqFQLfIc8JxBZA6yHTBMsfy65zi295E6sBer5eL5wvfDs8qldlWa6wq9r5wiQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgsI8cXQuwYQ0qLmDxIEtdewUw
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-14clZIig2GswTewvLZASJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
Date: Tue, 31 Dec 2024 16:59:29 GMT
Server: gws
Content-Length: 499
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AZ6Zc-WldlGs4wgmnfl5KyrtF4DnmNNGhhe7OnbxnTF2YkjHl4yv_5WOF2U; expires=Sun, 29-Jun-2025 16:59:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+email&num=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+email&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mail+cs.stanford.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=mail+cs.stanford.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:28 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mail+cs.stanford.edu
Content-Length: 310
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 302 Found

Date: Tue, 31 Dec 2024 16:59:29 GMT
Server: Apache
X-Powered-By: PHP/7.2.14
Location: https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://search.yahoo.com/search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:80

Request

GET /search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.yahoo.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:28 GMT
Connection: close
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
Location: https://search.yahoo.com/search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50
Content-Length: 25
Content-Type: text/html
GET

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bgzip.org%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjC43krYKthMPDSAuhutX0NHIYc-tEe5tIPkt6SvYoJgbRvNybXAxhIqi39e3BK6yNYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bgzip.org%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjC43krYKthMPDSAuhutX0NHIYc-tEe5tIPkt6SvYoJgbRvNybXAxhIqi39e3BK6yNYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 429 Too Many Requests

Date: Tue, 31 Dec 2024 16:59:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3291
X-XSS-Protection: 0
GET

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:443

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.lycos.com

Response

HTTP/1.1 302 Found

Date: Tue, 31 Dec 2024 16:59:29 GMT
Server: Apache
X-Powered-By: PHP/7.2.14
Location: https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=email+gzip.org
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

https://search.yahoo.com/search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

212.82.100.137:443

Request

GET /search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: search.yahoo.com

Response

HTTP/1.1 500 Internal Server Error

Content-Type: text/plain; charset=utf-8;
Secure_search_bypass: true
Date: Tue, 31 Dec 2024 16:59:29 GMT
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Server: ATS
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=alumni.caltech.edu+mailto&num=100

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

172.217.20.164:80

Request

GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=alumni.caltech.edu+mailto&num=100 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.google.com
Connection: Keep-Alive
GET

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+cs.stanford.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

Remote address:

209.202.254.10:80

Request

GET /default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+cs.stanford.edu HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: search.lycos.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Tue, 31 Dec 2024 16:59:29 GMT
Server: Apache
Location: https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+cs.stanford.edu
Content-Length: 312
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

172.16.1.3:1034

services.exe

260 B
5
192.168.56.176:1034

services.exe

260 B
5
10.135.189.123:1034

services.exe

260 B
5
192.168.144.131:1034

services.exe

260 B
5
10.127.0.6:1034

services.exe
10.135.150.237:1034

services.exe

208 B
4
142.250.157.27:25

aspmx5.googlemail.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

156 B
3
199.89.1.120:25

mail.mailroute.net

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

156 B
3
171.64.64.26:25

smtp2.cs.stanford.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

156 B
3
171.64.64.26:25

smtp2.cs.stanford.edu

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

156 B
3
65.254.254.51:25

mx.burtleburtle.net

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

156 B
3
52.101.41.56:25

alumni-caltech-edu.mail.protection.outlook.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

156 B
3
85.187.148.2:25

gzip.org

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

156 B
3
212.82.100.137:80

http://search.yahoo.com/search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

616 B
645 B
6
5

HTTP Request

GET http://search.yahoo.com/search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

301
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjB4A68h7bPODnFidv96UWE-3XuSW29daOavsNrvakIe3qf4CS9aHfFrgVe5iHNW8b8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.8kB
6.8kB
14
11

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+cs.stanford.edu&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=m-ou.se+mailto

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjB4A68h7bPODnFidv96UWE-3XuSW29daOavsNrvakIe3qf4CS9aHfFrgVe5iHNW8b8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
212.82.100.137:443

https://search.yahoo.com/search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.4kB
6.3kB
16
11

HTTP Request

GET https://search.yahoo.com/search?p=reply+m-ou.se&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

500
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Bmailto&hl=en&q=EgS117BTGO_F0LsGIjDMbS6rsmTx1ahz3WdYkO23GMLGuZvKKBIldVEGaAp5-L29FluLh0C96B2qHQFkZZgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

2.3kB
8.4kB
17
14

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mail+acm.org&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+mailto&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=mail+acm.org&num=50

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dm-ou.se%2Bmailto&hl=en&q=EgS117BTGO_F0LsGIjDMbS6rsmTx1ahz3WdYkO23GMLGuZvKKBIldVEGaAp5-L29FluLh0C96B2qHQFkZZgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

610 B
774 B
6
4

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

HTTP Response

301
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

621 B
796 B
6
4

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

HTTP Response

301
209.202.254.10:443

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.2kB
3.9kB
12
8

HTTP Request

GET https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

HTTP Response

302
209.202.254.10:443

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.2kB
3.9kB
12
8

HTTP Request

GET https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

HTTP Response

302
212.82.100.137:80

http://search.yahoo.com/search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

580 B
655 B
5
5

HTTP Request

GET http://search.yahoo.com/search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

HTTP Response

301
212.82.100.137:443

https://search.yahoo.com/search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.5kB
6.2kB
15
10

HTTP Request

GET https://search.yahoo.com/search?p=mailto+cs.stanford.edu&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=100

HTTP Response

500
88.221.134.123:80

http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

428 B
1.0kB
4
3

HTTP Request

GET http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgTv%2BHV0Bd%2FqEQJQjG4LfvoXXw%3D%3D

HTTP Response

200
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjDgZzBMHoVbJXhvf3uDGTLH99DJMWV7ks274IpVKrRj3gfKD5l9wwLvXaOvaAfHWgUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

951 B
3.8kB
9
6

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bcs.stanford.edu%26num%3D100&hl=en&q=EgS117BTGO7F0LsGIjDgZzBMHoVbJXhvf3uDGTLH99DJMWV7ks274IpVKrRj3gfKD5l9wwLvXaOvaAfHWgUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
212.82.100.137:80

http://search.yahoo.com/search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

618 B
647 B
6
5

HTTP Request

GET http://search.yahoo.com/search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

301
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjAYh5OSs7ai2-zG0fPVZ_brLqXNwqjNQTJbEVEm6JMtKiMZo6pKXXeFiTvBGw7dz_kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.4kB
5.3kB
11
8

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=e-mail+gzip.org&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dcs.stanford.edu%2Bmailto%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjAYh5OSs7ai2-zG0fPVZ_brLqXNwqjNQTJbEVEm6JMtKiMZo6pKXXeFiTvBGw7dz_kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

610 B
774 B
6
4

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org

HTTP Response

301
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

626 B
806 B
6
4

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail

HTTP Response

301
212.82.100.137:80

http://search.yahoo.com/search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

627 B
656 B
6
5

HTTP Request

GET http://search.yahoo.com/search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

301
212.82.100.137:443

https://search.yahoo.com/search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.5kB
6.2kB
15
10

HTTP Request

GET https://search.yahoo.com/search?p=gzip.org+mailto&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

500
212.82.100.137:443

https://search.yahoo.com/search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.3kB
6.2kB
15
10

HTTP Request

GET https://search.yahoo.com/search?p=alumni.caltech.edu+email&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

500
209.202.254.10:443

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.7kB
16.8kB
22
17

HTTP Request

GET https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=mailto+alumni.caltech.edu

HTTP Response

404
209.202.254.10:443

https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.7kB
16.8kB
22
17

HTTP Request

GET https://search.lycos.com/default.asp/?lpv=1&loc=searchhp&tab=web&query=acm.org+e-mail

HTTP Response

404
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D50&hl=en&q=EgS117BTGO_F0LsGIjAKYdeeIToqQMzYT-OTrfqQ6JW-FLR2SBWsf-2Ul1tq6AkrTVD7h2PTbNxOUUiKnfUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.4kB
5.4kB
12
9

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=reply+alumni.caltech.edu&num=20

HTTP Response

302

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dmail%2Bacm.org%26num%3D50&hl=en&q=EgS117BTGO_F0LsGIjAKYdeeIToqQMzYT-OTrfqQ6JW-FLR2SBWsf-2Ul1tq6AkrTVD7h2PTbNxOUUiKnfUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
212.82.100.137:80

http://www.altavista.com/web/results?q=mail+alumni.caltech.edu&kgs=0&kls=0&nbq=20

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.3kB
1.4kB
8
5

HTTP Request

GET http://www.altavista.com/web/results?q=mail+cs.stanford.edu&kgs=0&kls=0&nbq=50

HTTP Response

500

HTTP Request

GET http://www.altavista.com/web/results?q=acm.org+mailto&kgs=0&kls=0&nbq=20

HTTP Response

500

HTTP Request

GET http://www.altavista.com/web/results?q=mail+alumni.caltech.edu&kgs=0&kls=0&nbq=20

HTTP Response

500
172.217.20.164:80

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+email&num=100

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

947 B
1.7kB
6
5

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+contact+mail&num=100

HTTP Response

302

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=cs.stanford.edu+email&num=100
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mail+cs.stanford.edu

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

616 B
786 B
6
4

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mail+cs.stanford.edu

HTTP Response

301
209.202.254.10:443

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.2kB
4.0kB
12
8

HTTP Request

GET https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=cs.stanford.edu+contact+e-mail

HTTP Response

302
212.82.100.137:80

http://search.yahoo.com/search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

618 B
647 B
6
5

HTTP Request

GET http://search.yahoo.com/search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

301
172.217.20.164:80

http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bgzip.org%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjC43krYKthMPDSAuhutX0NHIYc-tEe5tIPkt6SvYoJgbRvNybXAxhIqi39e3BK6yNYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

898 B
3.8kB
8
5

HTTP Request

GET http://www.google.com/sorry/index?continue=http://www.google.com/search%3Fhl%3Den%26ie%3DUTF-8%26oe%3DUTF-8%26q%3De-mail%2Bgzip.org%26num%3D100&hl=en&q=EgS117BTGO_F0LsGIjC43krYKthMPDSAuhutX0NHIYc-tEe5tIPkt6SvYoJgbRvNybXAxhIqi39e3BK6yNYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
209.202.254.10:443

https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.2kB
3.9kB
11
7

HTTP Request

GET https://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=email+gzip.org

HTTP Response

302
212.82.100.137:443

https://search.yahoo.com/search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

tls, http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

1.6kB
6.3kB
16
11

HTTP Request

GET https://search.yahoo.com/search?p=mailto+gzip.org&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=&n=50

HTTP Response

500
172.217.20.164:80

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=alumni.caltech.edu+mailto&num=100

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

477 B
92 B
3
2

HTTP Request

GET http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=alumni.caltech.edu+mailto&num=100
209.202.254.10:80

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+cs.stanford.edu

http

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

572 B
750 B
5
3

HTTP Request

GET http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=mailto+cs.stanford.edu

HTTP Response

301
209.202.254.10:80

search.lycos.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

52 B
1
209.202.254.10:443

search.lycos.com

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

52 B
1
212.82.100.137:80

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
172.217.20.164:80

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
212.82.100.137:443

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
209.202.254.10:443

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

180.129.81.91.in-addr.arpa

dns

72 B
147 B
1
1

DNS Request

180.129.81.91.in-addr.arpa
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

181.129.81.91.in-addr.arpa

dns

72 B
147 B
1
1

DNS Request

181.129.81.91.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

m-ou.se

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

53 B
232 B
1
1

DNS Request

m-ou.se
8.8.8.8:53

aspmx5.googlemail.com

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

67 B
83 B
1
1

DNS Request

aspmx5.googlemail.com

DNS Response

142.250.157.27
8.8.8.8:53

acm.org

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

53 B
87 B
1
1

DNS Request

acm.org
8.8.8.8:53

mail.mailroute.net

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

64 B
96 B
1
1

DNS Request

mail.mailroute.net

DNS Response

199.89.1.120

199.89.3.120
8.8.8.8:53

cs.stanford.edu

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

61 B
121 B
1
1

DNS Request

cs.stanford.edu
8.8.8.8:53

smtp2.cs.stanford.edu

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

67 B
83 B
1
1

DNS Request

smtp2.cs.stanford.edu

DNS Response

171.64.64.26
8.8.8.8:53

burtleburtle.net

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

62 B
81 B
1
1

DNS Request

burtleburtle.net
8.8.8.8:53

alumni.caltech.edu

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

64 B
126 B
1
1

DNS Request

alumni.caltech.edu
8.8.8.8:53

mx.burtleburtle.net

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

65 B
113 B
1
1

DNS Request

mx.burtleburtle.net

DNS Response

65.254.254.51

65.254.254.52

65.254.254.50
8.8.8.8:53

alumni-caltech-edu.mail.protection.outlook.com

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

92 B
156 B
1
1

DNS Request

alumni-caltech-edu.mail.protection.outlook.com

DNS Response

52.101.41.56

52.101.10.18

52.101.194.0

52.101.10.2
8.8.8.8:53

gzip.org

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

54 B
70 B
1
1

DNS Request

gzip.org
8.8.8.8:53

gzip.org

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

54 B
70 B
1
1

DNS Request

gzip.org

DNS Response

85.187.148.2
8.8.8.8:53

search.yahoo.com

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

62 B
121 B
1
1

DNS Request

search.yahoo.com

DNS Response

212.82.100.137
8.8.8.8:53

search.lycos.com

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

62 B
109 B
1
1

DNS Request

search.lycos.com

DNS Response

209.202.254.10
8.8.8.8:53

www.google.com

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.20.164
8.8.8.8:53

137.100.82.212.in-addr.arpa

dns

73 B
119 B
1
1

DNS Request

137.100.82.212.in-addr.arpa
8.8.8.8:53

r11.o.lencr.org

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

61 B
272 B
1
1

DNS Request

r11.o.lencr.org

DNS Response

88.221.134.123

88.221.134.106

88.221.134.147

88.221.134.105

88.221.134.146

88.221.134.129

88.221.134.113

88.221.134.112

88.221.134.120
8.8.8.8:53

164.20.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

164.20.217.172.in-addr.arpa
8.8.8.8:53

10.254.202.209.in-addr.arpa

dns

73 B
113 B
1
1

DNS Request

10.254.202.209.in-addr.arpa
8.8.8.8:53

61.45.26.184.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

61.45.26.184.in-addr.arpa
8.8.8.8:53

123.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

123.134.221.88.in-addr.arpa
8.8.8.8:53

www.altavista.com

dns

7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

63 B
157 B
1
1

DNS Request

www.altavista.com

DNS Response

212.82.100.137

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2YUS9Q6F\search[2].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBD3D.tmp

Filesize
29KB

MD5
921834dfef5e09a6dc9de48231310c24

SHA1
169de65f8a8b23a63a805992c7a38c7fad11eee9

SHA256
7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc

SHA512
12fc38fd3afedadac9df94ed287f92bee7b1634df8bb4782ea5e24bfda4c82ea8d9bcc6ed0fce2179224653650bb98b5ea4a9523585b8b7cddb8dcb1957e1366

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
320B

MD5
bf1fda362a8e5de0f59f6c2c9168ec28

SHA1
618b5714f1720137f26a02394a912a981e26950e

SHA256
39321ddd17095f504071d1c82dd297efcc4ff93ae45b898550ae8b9f73eb765e

SHA512
4e4a209a911959408135008f045608363eca8d51203d34ff90951f8b7ddbbb6ba8017ce801c8fc0faca946c46c04a0a89d9a884fd035898ec649772c9d65cb33

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/3368-33-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-40-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-28-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-5-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-38-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-16-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-45-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-50-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-52-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-15-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3368-57-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4888-56-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/4888-13-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/4888-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response