04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0+(compatible;+MSIE+6.1;+Windows+XP)
38.11.27.33 359 B URL User Request GET 04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0+(compatible;+MSIE+6.1;+Windows+XP)
IP 38.11.27.33:0
File type JavaScript source, ASCII text
Hash c4229ac7214753d5aa0c49aa52f6add5
b17b2f03a38fb55022a6c3a6fd7664ea05241228
abd8e175d244bfe9c71896c6749bc17123087805e89b169e0739e4da46f013ba
NIDS Severity Alert suricata medium ET ADWARE_PUP W32/iBryte.Adware Affiliate Campaign Executable Download
suricata medium ET ADWARE_PUP W32/iBryte.Adware Installer Download
GET /o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0+(compatible;+MSIE+6.1;+Windows+XP) HTTP/1.1
Host: 04062014.installic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 10:02:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
04062014.installic.com/favicon.ico
38.11.27.33200 OK 359 B URL GET HTTP/1.1 04062014.installic.com/favicon.ico
IP 38.11.27.33:80
Requested by http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0+(compatible;+MSIE+6.1;+Windows+XP)
File type JavaScript source, ASCII text
Hash c4229ac7214753d5aa0c49aa52f6add5
b17b2f03a38fb55022a6c3a6fd7664ea05241228
abd8e175d244bfe9c71896c6749bc17123087805e89b169e0739e4da46f013ba
GET /favicon.ico HTTP/1.1
Host: 04062014.installic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0+(compatible;+MSIE+6.1;+Windows+XP)
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 10:02:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
hm.baidu.com/hm.js?b6be702d5efbbd4cf86b253dd2a5b607
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?b6be702d5efbbd4cf86b253dd2a5b607
IP 14.215.183.79:443
Requested by http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0+(compatible;+MSIE+6.1;+Windows+XP)
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (619)
Hash 5aaeb8913d323d7dd2eb7f3e702dcc0e
2c9fa89288f3c49e5aaf0274591facfb8163e10c
086ecedf49adf0a7987c6d3d973505884abb21311ca8d102331528da2c0dacb0
GET /hm.js?b6be702d5efbbd4cf86b253dd2a5b607 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://04062014.installic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Thu, 18 Apr 2024 10:02:26 GMT
Etag: c2418cac5de5757370ef4a92a4bfb3fe
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B1EECD6272A097EA; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2054353549&si=b6be702d5efbbd4cf86b253dd2a5b607&v=1.3.0&lv=1&sn=21971&r=0&ww=1280&u=http%3A%2F%2F04062014.installic.com%2Fo%2Fskypetalk%2Fsetup.exe%3Fmode%3Ddl%26sf%3D0%26filedescription%3Dskypetalk%26subid%3Dgoogle_skype-search-in-pc-exact-30223163573-%26user_id%3Dcfd9f3e0-d54f-4359-af59-74212c4ecd72%26thankyouurl%3Dhttp%3A%2Fdownloadactivation.com%2Fthanks%3Fsource%3Dgoogle_skype-%26callback%26browser%3DIE%26useragent%3DMozilla%2F4.0%2B(compatible%3B%2BMSIE%2B6.1%3B%2BWindows%2BXP)&tt=502%20Bad%20Gateway
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2054353549&si=b6be702d5efbbd4cf86b253dd2a5b607&v=1.3.0&lv=1&sn=21971&r=0&ww=1280&u=http%3A%2F%2F04062014.installic.com%2Fo%2Fskypetalk%2Fsetup.exe%3Fmode%3Ddl%26sf%3D0%26filedescription%3Dskypetalk%26subid%3Dgoogle_skype-search-in-pc-exact-30223163573-%26user_id%3Dcfd9f3e0-d54f-4359-af59-74212c4ecd72%26thankyouurl%3Dhttp%3A%2Fdownloadactivation.com%2Fthanks%3Fsource%3Dgoogle_skype-%26callback%26browser%3DIE%26useragent%3DMozilla%2F4.0%2B(compatible%3B%2BMSIE%2B6.1%3B%2BWindows%2BXP)&tt=502%20Bad%20Gateway
IP 14.215.183.79:443
Requested by http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0+(compatible;+MSIE+6.1;+Windows+XP)
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2054353549&si=b6be702d5efbbd4cf86b253dd2a5b607&v=1.3.0&lv=1&sn=21971&r=0&ww=1280&u=http%3A%2F%2F04062014.installic.com%2Fo%2Fskypetalk%2Fsetup.exe%3Fmode%3Ddl%26sf%3D0%26filedescription%3Dskypetalk%26subid%3Dgoogle_skype-search-in-pc-exact-30223163573-%26user_id%3Dcfd9f3e0-d54f-4359-af59-74212c4ecd72%26thankyouurl%3Dhttp%3A%2Fdownloadactivation.com%2Fthanks%3Fsource%3Dgoogle_skype-%26callback%26browser%3DIE%26useragent%3DMozilla%2F4.0%2B(compatible%3B%2BMSIE%2B6.1%3B%2BWindows%2BXP)&tt=502%20Bad%20Gateway HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://04062014.installic.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 18 Apr 2024 10:02:26 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=134A166FED5E9868; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff