Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| gwenetha.info | 172.67.131.232 | |
| pastebin.com | 104.23.98.190 | |
| cdn.discordapp.com | 162.159.135.233 | |
| iplogger.org | 88.99.66.31 | |
| whatitis.website |
- TCP Requests
-
-
192.168.56.102:49809 104.21.12.27:443gwenetha.info
-
192.168.56.102:49808 104.23.99.190:443pastebin.com
-
192.168.56.102:49811 162.159.133.233:443cdn.discordapp.com
-
192.168.56.102:49812 162.159.133.233:443cdn.discordapp.com
-
192.168.56.102:49813 162.159.133.233:443cdn.discordapp.com
-
192.168.56.102:49814 162.159.133.233:443cdn.discordapp.com
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49810 88.99.66.31:443iplogger.org
-
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:61998 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
https://pastebin.com/raw/gCyjHCCH
REQUEST
RESPONSE
BODY
GET /raw/gCyjHCCH HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:26:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d9b4a76dcf567e2fa9010971b16c6817a1617596773; expires=Wed, 05-May-21 04:26:13 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 278
cf-request-id: 0941e10adf00003538e325c000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 63b00457cdff3538-ICN
GET
404
https://gwenetha.info/setup-KGQJ-1.exe
REQUEST
RESPONSE
BODY
GET /setup-KGQJ-1.exe HTTP/1.1
Host: gwenetha.info
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Mon, 05 Apr 2021 04:26:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: keep-alive
Set-Cookie: __cfduid=d85d5ff37729c39b2e49d5d86981fbe4f1617596804; expires=Wed, 05-May-21 04:26:44 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
cf-request-id: 0941e183ef000042c24c9d2000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=igz%2BC1o8j8R9QPMj2fxGxUflJWfnLCt0eRAYqhdTrQhBzfaSqG4KMLapEcVOCZQWTof%2FwvE9OzPsJ2YNgwNDzh5OjmSxiLmKeALETIpX"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 63b005197d6142c2-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:26:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d9f5cd0e27a72af4d52536fbb05f476961617596804; expires=Wed, 05-May-21 04:26:44 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 0941e186c7000012d66f8bc000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jHUfpoKe4VFs1wbP721yMlvMeHI7gwpbCa2F9xz6x2cohOD5cXvJd6szhbpm9bLHHKUyozimdidVgcH6EBnn30CAzsPcEYwCpOjUlmFeJzbQbLc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 63b0051e0a5f12d6-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
0
https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1
Host: cdn.discordapp.com
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:26:45 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=df220bbb4a9e58a4a82b7d7dab43430091617596805; expires=Wed, 05-May-21 04:26:45 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b005222d663532-ICN
Age: 290
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:21:55 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e18959000035323b05a000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UyFfb0ju1UrZ8d3NVFfJE2mzlIJ6zA-jrpBc5Sed9FaHeB6-X5SNWuiJVWee-3nAVZmMLnfGcMql2KTa7C362jNEp-T7Q
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5VqfjB8%2FForBy%2FJuFOOOLWPAE1DA7akL%2F4VaHYY9%2BBVTQePoIMlJy5rNdVVSPaqVZplyg6gsOCI0oZaXJf%2FBPqQI6lE8ZfsvgMLSlzqWM7x5VPQ%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
301
https://iplogger.org/2LehR6.exe
REQUEST
RESPONSE
BODY
GET /2LehR6.exe HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Apr 2021 04:26:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=f0o7s4snls9tavp470rinooc13; path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451384; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
0
https://cdn.discordapp.com/attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1
Host: cdn.discordapp.com
GET
0
https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe
REQUEST
RESPONSE
BODY
GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1
Host: cdn.discordapp.com
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:27:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db371095ba3be1a35bde591815348b4141617596835; expires=Wed, 05-May-21 04:27:15 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 0941e1fedf00003531a99c8000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=j%2FqDhW5fXaYHDqYXHXwaKCpOAJpZunOim3i8QrUyyqy4MDfzo4Uu%2BDkLT5YFKyFfEz41JKLU6v8mqWznwIiUmpzgWojnSO2tRddPrT5pKKBTOtQ%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63b005de38973531-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts