04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0%20(compatible;%20MSIE%206.1;%20Windows%20XP)
38.11.27.33 359 B URL User Request GET 04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0%20(compatible;%20MSIE%206.1;%20Windows%20XP)
IP 38.11.27.33:0
File type JavaScript source, ASCII text
Hash c4229ac7214753d5aa0c49aa52f6add5
b17b2f03a38fb55022a6c3a6fd7664ea05241228
abd8e175d244bfe9c71896c6749bc17123087805e89b169e0739e4da46f013ba
NIDS Severity Alert suricata medium ET ADWARE_PUP W32/iBryte.Adware Affiliate Campaign Executable Download
suricata medium ET ADWARE_PUP W32/iBryte.Adware Installer Download
GET /o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0%20(compatible;%20MSIE%206.1;%20Windows%20XP) HTTP/1.1
Host: 04062014.installic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 10:02:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
04062014.installic.com/favicon.ico
38.11.27.33200 OK 359 B URL GET HTTP/1.1 04062014.installic.com/favicon.ico
IP 38.11.27.33:80
Requested by http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0%20(compatible;%20MSIE%206.1;%20Windows%20XP)
File type JavaScript source, ASCII text
Hash c4229ac7214753d5aa0c49aa52f6add5
b17b2f03a38fb55022a6c3a6fd7664ea05241228
abd8e175d244bfe9c71896c6749bc17123087805e89b169e0739e4da46f013ba
GET /favicon.ico HTTP/1.1
Host: 04062014.installic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0%20(compatible;%20MSIE%206.1;%20Windows%20XP)
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 10:02:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
hm.baidu.com/hm.js?b6be702d5efbbd4cf86b253dd2a5b607
111.45.3.198200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?b6be702d5efbbd4cf86b253dd2a5b607
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0%20(compatible;%20MSIE%206.1;%20Windows%20XP)
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (619)
Hash 8059ad373874b7b4d0bc0e82c5d94c88
69c24bdc264423d0f7bc39136361357812a4e11e
d5ea53b3e0b60f1cacc2bd6a893f194baab87e82ec9f3351dc416156b5fa6864
GET /hm.js?b6be702d5efbbd4cf86b253dd2a5b607 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://04062014.installic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Thu, 18 Apr 2024 10:02:54 GMT
Etag: 0eba43a939f1a1d60b9e345f5c7d6952
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=150F68A08756EAD2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1804616985&si=b6be702d5efbbd4cf86b253dd2a5b607&v=1.3.0&lv=1&sn=22000&r=0&ww=1280&u=http%3A%2F%2F04062014.installic.com%2Fo%2Fskypetalk%2Fsetup.exe%3Fmode%3Ddl%26sf%3D0%26filedescription%3Dskypetalk%26subid%3Dgoogle_skype-search-in-pc-exact-30223163573-%26user_id%3Dcfd9f3e0-d54f-4359-af59-74212c4ecd72%26thankyouurl%3Dhttp%3A%2Fdownloadactivation.com%2Fthanks%3Fsource%3Dgoogle_skype-%26callback%26browser%3DIE%26useragent%3DMozilla%2F4.0%2520(compatible%3B%2520MSIE%25206.1%3B%2520Windows%2520XP)&tt=502%20Bad%20Gateway
111.45.3.198200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1804616985&si=b6be702d5efbbd4cf86b253dd2a5b607&v=1.3.0&lv=1&sn=22000&r=0&ww=1280&u=http%3A%2F%2F04062014.installic.com%2Fo%2Fskypetalk%2Fsetup.exe%3Fmode%3Ddl%26sf%3D0%26filedescription%3Dskypetalk%26subid%3Dgoogle_skype-search-in-pc-exact-30223163573-%26user_id%3Dcfd9f3e0-d54f-4359-af59-74212c4ecd72%26thankyouurl%3Dhttp%3A%2Fdownloadactivation.com%2Fthanks%3Fsource%3Dgoogle_skype-%26callback%26browser%3DIE%26useragent%3DMozilla%2F4.0%2520(compatible%3B%2520MSIE%25206.1%3B%2520Windows%2520XP)&tt=502%20Bad%20Gateway
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by http://04062014.installic.com/o/skypetalk/setup.exe?mode=dl&sf=0&filedescription=skypetalk&subid=google_skype-search-in-pc-exact-30223163573-&user_id=cfd9f3e0-d54f-4359-af59-74212c4ecd72&thankyouurl=http:/downloadactivation.com/thanks?source=google_skype-&callback&browser=IE&useragent=Mozilla/4.0%20(compatible;%20MSIE%206.1;%20Windows%20XP)
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1804616985&si=b6be702d5efbbd4cf86b253dd2a5b607&v=1.3.0&lv=1&sn=22000&r=0&ww=1280&u=http%3A%2F%2F04062014.installic.com%2Fo%2Fskypetalk%2Fsetup.exe%3Fmode%3Ddl%26sf%3D0%26filedescription%3Dskypetalk%26subid%3Dgoogle_skype-search-in-pc-exact-30223163573-%26user_id%3Dcfd9f3e0-d54f-4359-af59-74212c4ecd72%26thankyouurl%3Dhttp%3A%2Fdownloadactivation.com%2Fthanks%3Fsource%3Dgoogle_skype-%26callback%26browser%3DIE%26useragent%3DMozilla%2F4.0%2520(compatible%3B%2520MSIE%25206.1%3B%2520Windows%2520XP)&tt=502%20Bad%20Gateway HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://04062014.installic.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 18 Apr 2024 10:02:55 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=36250E7486FDC52A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff