Ordinary web access request or command to malware?

Anything over anything

This is another application of the AoA meta-protocol that I mentioned with the DNS-over-https stuff was first brought up. Honestly, the only surprise is that this appears to be new or at least rare.

On those corporations where cranefly stayed the longest check the puts and calls activity to look for unusual volumes at some point before major stock valuation moves either up or down. This is an ideal way to steal valuable info such as pending mergers and acquisition activity. Millions of dollars can be made safely and easily. A possible way to trace Cranefly might be to identify unusual volume spikes in derivative trades such as puts and calls. Catch the hackers by sneaking up on them from a direction they would never expect lol, via the particular national securities and exchange commission anr specific stock market where the victimized corporation was registered Honestly this is the safest and best way to make money via hacking I have ever seen. probably they trace to an offshore wnnymous business entity in panama lol. They are busted now if anyone is willing to put the resources into looking into it.

This is such a safe and ideal way to make guaranteed money that monetary gain must be the motive. Trading on inside information with leveraged, unhedged derivatives results in beaucoup bucks. My theory will be correct if Cranefly targets large cap corporations, since they have deep liquidity in their derivative markets. One might find some big whales behind this, an ingenious way to hack for profit, who thought they could never get caught. They are easier to catch in actuality than the dude who did the hacking.