Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| gwenetha.info | 104.21.12.27 | |
| pastebin.com | 104.23.98.190 | |
| cdn.discordapp.com | 162.159.133.233 | |
| iplogger.org | 88.99.66.31 | |
| whatitis.website |
- TCP Requests
-
-
162.159.133.233:443 192.168.56.101:49207
-
192.168.56.101:49201 104.21.12.27:443gwenetha.info
-
192.168.56.101:49200 104.23.98.190:443pastebin.com
-
192.168.56.101:49202 162.159.135.233:443cdn.discordapp.com
-
192.168.56.101:49203 162.159.135.233:443cdn.discordapp.com
-
192.168.56.101:49206 162.159.135.233:443cdn.discordapp.com
-
192.168.56.101:49208 162.159.135.233:443cdn.discordapp.com
-
192.168.56.101:49204 88.99.66.31:443iplogger.org
-
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:65329 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62327 239.255.255.250:1900
-
192.168.56.101:62329 239.255.255.250:3702
-
192.168.56.101:62331 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:55450
-
GET
200
https://pastebin.com/raw/gCyjHCCH
REQUEST
RESPONSE
BODY
GET /raw/gCyjHCCH HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 08:17:44 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d90ae443dda2f2b0549ad56ade28a4bce1617783464; expires=Fri, 07-May-21 08:17:44 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 1203
cf-request-id: 094d01bb240000a56af21d8000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 63c1d23e9863a56a-NRT
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 08:18:06 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d02bc5aae667f59453477baa2bd776e541617783486; expires=Fri, 07-May-21 08:18:06 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63c1d2c6389da219-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 08:18:06 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094d020fe40000a2199413f000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UwmalZaE26UNw-baCTr-jgf279HIHAmoI4k5OjngvlopSBK-j5_B7eru4Tc5dDCTanZzjq9ricInoJBgx7l_LI37zw1XA
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LkBnam77qgp6HxILI7Y0yUbdutOzzTPSaZ44zGI57%2By4Q0sGCYTvU2M339Wn5OzLKo%2BXlGP2BSdGxI5YBaH6McYzU9fUC57YjV3ZfxuacymezjQ%3D"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 08:18:07 GMT
Content-Type: application/x-msdos-program
Content-Length: 505856
Connection: keep-alive
Set-Cookie: __cfduid=d2222e826f244933e55eea433131124d21617783487; expires=Fri, 07-May-21 08:18:07 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63c1d2c9fdac12ca-ICN
Accept-Ranges: bytes
Age: 638496
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe
ETag: "28345a7bb63babaf99e760965ce493b7"
Expires: Thu, 07 Apr 2022 08:18:07 GMT
Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094d02123a000012caed065000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1617132901889175
x-goog-hash: crc32c=Ws/4nQ==
x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 505856
X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wAGKFYeEY%2BFuhCyJ53udPGQgBxduxszHdpOD9yeeP%2BhcFXv0VabdbiY63UBdOlC0faJwCUn6J82Ufyq6a9scoVmHmHy29G4rAWhyspu5ZdZTjxc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
0
https://gwenetha.info/setup-KGQJ-1.exe
REQUEST
RESPONSE
BODY
GET /setup-KGQJ-1.exe HTTP/1.1
Host: gwenetha.info
Connection: Keep-Alive
GET
301
https://iplogger.org/2LehR6.exe
REQUEST
RESPONSE
BODY
GET /2LehR6.exe HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Apr 2021 08:18:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=5niee61qj3rld1mgf2127thjm1; path=/; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=261264699; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Location: https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 08:18:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d983f1e46961ceed9a25cbd01f60695981617783494; expires=Fri, 07-May-21 08:18:14 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 094d022e8e0000350dfd861000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BxRqVT3J%2BLoh474XXEpf2%2B7IQ%2FIpX6zHvZTL1HBHg6s3Xmwx7Zg0JLPYjSE%2FMqhOAMhBVYL9zwn93Llv6Koj8DnOwT3VrOEtPeGhjVgDzEZbO2A%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63c1d2f74e71350d-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
403
https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 08:18:16 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d22c491a51cdb394b61ab7b57085f12dd1617783495; expires=Fri, 07-May-21 08:18:15 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63c1d301dd8b12ca-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 08:18:16 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094d023525000012ca023c5000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UwlgBMosduitN3aGs3_oDF38jADEV8l1f0FAX29JVvK0QMmvXWOU4FOLFAeE8Y7d9500C6Z0nMVHToR7XEN12AwQc8vtQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=q1t24s%2FCsBh5fg2Bnh%2BT6nytScWzLe9MRNcZZaEvhhJaLV9ReVXklxJ8Wy4rg4o3dFbo3dcQLVK9%2F%2B78lpxtwc2d2jYnZiZkO5DKrdF7RMM7Zso%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe
REQUEST
RESPONSE
BODY
GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Wed, 07 Apr 2021 08:18:18 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
Set-Cookie: __cfduid=d52b29cfd3393c92cfeb0a23313b524051617783498; expires=Fri, 07-May-21 08:18:18 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
CF-Ray: 63c1d3130f7d350d-ICN
Cache-Control: private, max-age=0
Expires: Wed, 07 Apr 2021 08:18:18 GMT
Vary: Accept-Encoding
CF-Cache-Status: EXPIRED
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 094d023fe40000350dfda2c000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ABg5-UzPKKeuQzQbC19Z6xacijF8Uw8V_Ic_iTpRDOZJS1LvG64aXi-Z6wEtqBpRbWyKGtkQ-2LdPX_lzg1azc7E9JoVs_UZ7A
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6W3%2BSX%2BmBDFnrvJiT33SUm9K%2Bef6Wtk9M8oSInsNE1seOn%2FA45fH8vDM%2Bq61akWPhzsNpvWVh03uy3vR%2BO3Iyq%2Flh6Fot0ZlJ2z8AfWO6QyahJk%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe
REQUEST
RESPONSE
BODY
GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 08:18:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=df33a4718c46f0d2aa0c5451b2d5fbbba1617783500; expires=Fri, 07-May-21 08:18:20 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 094d02477400003519b8ab1000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BHzZcqIs%2FDTTAI5ZuMaALcazkan9tYSwN6FTQE95SkHqvMMOY3xhplJHA%2F44lWI%2BG8QOOLoKJ%2FTGSzSXuCrm5wa9494bsChJWBRsh9TrO4UgY7g%3D"}],"max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63c1d31f1a5b3519-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts