Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| gwenetha.info | 172.67.131.232 | |
| pastebin.com | 104.23.99.190 | |
| iplogger.org | 88.99.66.31 | |
| cdn.discordapp.com | 162.159.133.233 | |
| whatitis.website |
- TCP Requests
-
-
104.21.12.27:443 192.168.56.101:49202
-
192.168.56.101:49204 104.21.12.27:443gwenetha.info
-
192.168.56.101:49201 104.23.98.190:443pastebin.com
-
192.168.56.101:49202 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49203 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49206 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49207 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49208 162.159.134.233:443cdn.discordapp.com
-
192.168.56.101:49205 88.99.66.31:443iplogger.org
-
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:65329 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://pastebin.com/raw/gCyjHCCH
REQUEST
RESPONSE
BODY
GET /raw/gCyjHCCH HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 04:23:48 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da9253562140124890ff88193ead1806a1617769428; expires=Fri, 07-May-21 04:23:48 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 573
cf-request-id: 094c2b8f890000e9c86a0dd000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 63c07b927a33e9c8-ICN
GET
404
https://gwenetha.info/setup-KGQJ-1.exe
REQUEST
RESPONSE
BODY
GET /setup-KGQJ-1.exe HTTP/1.1
Host: gwenetha.info
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 07 Apr 2021 04:24:11 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: keep-alive
Set-Cookie: __cfduid=dc4e92bf6a334ae7575372f8c713da6531617769450; expires=Fri, 07-May-21 04:24:10 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
cf-request-id: 094c2be4f30000eb8146b51000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IkkPEXR0smU8C%2B9e%2FalwzDMGc0n%2BhZY26lH35m9vP0Lc%2FVHsvbUA5cpP23zqG1o2KeSOO9mYlAJigL7XZef6pfGYHttarq52cSO20u7z"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 63c07c1b1d26eb81-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
403
https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe
REQUEST
RESPONSE
BODY
GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 04:24:11 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d6fb68440a6b84d6b21f5ad5502443fd41617769450; expires=Fri, 07-May-21 04:24:10 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63c07c1abf6d350d-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 04:24:11 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094c2be4b90000350d48104000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-Uw1EZnSpBD1TjSXGJW5ybQ3Ueq79kDZ7S60u3svnVvyzbbLyGdESLi8nS29jR91WYo9qINPep5ROvNRz8co_T23GoCBww
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FvWfgiVwanuuwVBMTV3FsTrTyOcHQurBpZ%2BXEvBVNcBJOc%2FEvfsV0zRVj9e059CqPE91Is4ZeLCqa%2F4aj%2Ft88%2Be5fEovK%2BicskiI0zI%2BVFwXK78%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 04:24:11 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=df23a7af3089956a0d4a3bfcce3da38811617769450; expires=Fri, 07-May-21 04:24:10 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63c07c1b5fa5e9f4-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 04:24:11 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094c2be5160000e9f473a48000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UwjbO6slIdW8IpX4-7moxYoq55GtFdWhlXruX6OopY3I-oPhHnf3VefjcyGa75HB-noX98BiN2_X6l0dDUgiaUS2OSWCA
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jXCE1KvfSrT7Iv1GaYH8VqZBLR5C9gLd%2BlS6rlVKJEmjCHI8c5uv8EQkS49Pn4yL5yvVgWfkq97%2FrzA8V3ZEIjmXiInadVxcSxNSb0vvwXSxYYM%3D"}],"max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
301
https://iplogger.org/2LehR6.exe
REQUEST
RESPONSE
BODY
GET /2LehR6.exe HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Apr 2021 04:24:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=8h5oug99kjs7n8tslqfdkmctl3; path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261278740; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 04:24:24 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d7d67740020978862591d016e262e52a71617769463; expires=Fri, 07-May-21 04:24:23 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63c07c6bedca3532-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 04:24:24 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094c2c177400003532bc3db000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-Uzn12lEV2ChRLMHvHDTBFih6rmLCQfJ4B5hG8HDCyPAEAXBy48vYD29BBVsMYr2ZYH-nv4jNJS4T8C3v6vmId8iBhQBiA
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UaxvZgoZ1VI0MoOD3xIWy7kdkgKqbej%2FKAzR%2BsPZe3nMgS1JXkSQN0q3QQUX%2BtlLAgY%2Bf8obhmfHmxNusMBLSP7K4pV2kfNhUM1baYzaIvpiYII%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 04:24:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d16ff414b6501d75d20bc551105a1ff191617769463; expires=Fri, 07-May-21 04:24:23 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 094c2c178c0000e9d83331a000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1dvH1oWNjAB2Np8iQWn5001duDYyzcC0sFnfdwmFGlNgc8hraGGIqBgpGqZ1FmoQiQGY4Yl%2FQoWUWfv2acIxFNJxmVllSXQaYvLq%2FtFk6SfjO%2BU%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63c07c6c1f20e9d8-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 04:24:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d0a62e6ecd67027e38400d2c9496828dd1617769468; expires=Fri, 07-May-21 04:24:28 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 094c2c28780000a27f0a81f000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GreNw1kOZ2SLTn970QuzEzuWVTSlT7DZeRMvPp%2FthJ%2B%2BvR1nWExSK7mA95vXIytAFaOyeP8dd%2BX5WmPWCpqi3rIHLMfhGlI2kRKHR5DEm5OVZWw%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63c07c87292ca27f-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts