Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| gwenetha.info | 104.21.12.27 | |
| pastebin.com | 104.23.98.190 | |
| cdn.discordapp.com | 162.159.134.233 | |
| iplogger.org | 88.99.66.31 | |
| whatitis.website |
- TCP Requests
-
-
104.21.12.27:443 192.168.56.101:49202
-
192.168.56.101:49201 104.23.99.190:443pastebin.com
-
192.168.56.101:49203 162.159.129.233:443cdn.discordapp.com
-
192.168.56.101:49205 162.159.129.233:443cdn.discordapp.com
-
192.168.56.101:49206 162.159.129.233:443cdn.discordapp.com
-
192.168.56.101:49207 162.159.129.233:443cdn.discordapp.com
-
192.168.56.101:49204 88.99.66.31:443iplogger.org
-
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:65329 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
0
https://pastebin.com/raw/gCyjHCCH
REQUEST
RESPONSE
BODY
GET /raw/gCyjHCCH HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
GET
403
https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe
REQUEST
RESPONSE
BODY
GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 01:41:53 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d27ad55a824a6162533461311eddcc50e1617759713; expires=Fri, 07-May-21 01:41:53 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63bf8e604c4e3537-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 01:41:53 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094b975028000035379bb6b000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-Uxz1BgFmy7zvi-0a5YigR0nm2KcK012w7fIRCL_pMIbWob7WYWd407m5xeC0WQw-yCHuYCndkILKHO7fYJsiK4
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=va8hNNnvr33OqLZzCUs%2BLKGWR%2BMF%2F9MZ2Omp%2FoSsGwrBMti%2BdKmdfjeV1JFk411ro2m7YlGYb%2BMRBwsEC3HISW%2FOOYJAbfD9D6zUINF7QZ7%2Bm%2BM%3D"}]}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
404
https://gwenetha.info/setup-KGQJ-1.exe
REQUEST
RESPONSE
BODY
GET /setup-KGQJ-1.exe HTTP/1.1
Host: gwenetha.info
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 07 Apr 2021 01:41:54 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: keep-alive
Set-Cookie: __cfduid=d7f1e0e18e9fdcf809a4f931c5f1a0b701617759713; expires=Fri, 07-May-21 01:41:53 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
cf-request-id: 094b97517b000042f4103fc000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=13xXUSs3pZeayN50m1QQssjjwW%2FY5Wb%2BdB3A8BfGV80jHqOE6%2BaE9a%2F0PUpNUSiENvC4gkPKi1lhFhcCb2C5bOioSIZrKETA3VGXy9xs"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 63bf8e625ed842f4-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 01:41:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d2bebeb93602ea2eaf228bee141cad6201617759713; expires=Fri, 07-May-21 01:41:53 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 094b9752bc0000a1b93e1f9000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HoNa%2FQWNt%2F2QeEa%2BzT4yGAbU36%2F4nEa%2F31sjioaUOEnzD7%2Fx09TQSfj5r4e9S%2BZzTCAjmJ2xGWzKkYPub3YOuSLfKBZyF1h30jjzaVQCfeWEJWw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 63bf8e6459efa1b9-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 01:41:57 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d2440ccc4ca972dd20954ee85cdc1a9631617759717; expires=Fri, 07-May-21 01:41:57 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63bf8e77cef2a1b9-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 01:41:57 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094b975ee10000a1b945867000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UxIAm_mSVnlHDO23OX1jMNn14iWB9iN_eOvwxtC9ir3w7pIzCjl5jzAY1ktdl1Ij0b2IaFEFEwADxLoEXCeT_g2cLYstg
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m1a5B3LXZYEWQFH7Ldh7tNNmfBP3c6TB4g1aPF9LNrXMlARAlM0DPoODtfoyZlEEYu0TJpXlNbHRtnabx6vFYgtxPksoaemquba7nXdM4kjUF94%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
301
https://iplogger.org/2LehR6.exe
REQUEST
RESPONSE
BODY
GET /2LehR6.exe HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Apr 2021 01:42:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ng8vljip1ogt0a2f1d6p7ehu00; path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261288471; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 01:42:23 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d566295c8cc6db3f3c5c0887c058d3ee11617759742; expires=Fri, 07-May-21 01:42:22 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63bf8f18cacce9ec-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 01:42:23 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094b97c3810000e9ec5e33e000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UwOhUeiWb9BMLbpTHjvDhqm5F1l6xc1EROMjCVHqtvg3H0cNeAU9da6LGjX6LmGyMLPxgwwpEEZarQZPz_O5MeZFto7dg
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZoJwozR%2BxYio818NbwftQEz2DjAUDfHDEtH7Pv9S%2FURSV2HEOULyxX0n0Ox8%2BZpzaZZk0Y4tH7ar33nNbV4C4D9riLYKAmZYr6eSrsW1fuXwoY8%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
0
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
GET
0
https://cdn.discordapp.com/attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1
Host: cdn.discordapp.com
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts