Network Analysis

GET /raw/gCyjHCCH HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 08:34:45 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=df6876d51d1ede50cb98a90f68f5dad671617784484; expires=Fri, 07-May-21 08:34:44 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: EXPIRED cf-request-id: 094d114b64000012cad4841000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 63c1eb256c6912ca-ICN

GET /attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 08:34:46 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d1c39483c59581c578a399a01f4b62b211617784485; expires=Fri, 07-May-21 08:34:45 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c1eb2ccfd3351a-ICN Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 08:34:46 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094d1150000000351a0087b000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UxJ4tbdSczfd3DoaeyNkTHhNSf8rA_riVPm7rVBe04zkpB2kn8Yed9BHaJLhFr7OVVFRAfBzLW4CZpAJw5FEhc X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B1CbKNyyJNIG9EpH4Sup9gM5Drj0pYSg0GZXek7a7rVHCgQVS%2FJ0Ff%2FTiRTcUBzwW%2F8xM6sQh971i%2Bkt5qWeY1z%2Fzv8OM96jHB50WpG9DyVHj4Y%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/826416818390040589/826855866228670474/7525b875715555.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 08:34:46 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=d414a155eb6ce4f9906a409fed785c0f21617784485; expires=Fri, 07-May-21 08:34:45 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c1eb2ccf26fffc-ICN Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 08:34:46 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094d1150020000fffc8792e000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UzNBJFkEwwreNmZU_BJKU-gfVQpwH1-sgA57HYK6aqGX71yWIWa1alsUrUpHrm2QoaujpUm67jNTfkWyiVkXmJRgQu_Qw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6tADe1zYQ3A8OQPYJscrhB77wXRz1tl3Ri1tqMDnh4o5nJk6nIMftgPK6LamIExEz9BIE3Tys436do5pna7K020PVMJEepcJvElprEDHzEiFwR4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /setup-KGQJ-1.exe HTTP/1.1 Host: gwenetha.info Connection: Keep-Alive

HTTP/1.1 404 Not Found Date: Wed, 07 Apr 2021 08:34:46 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 19 Connection: keep-alive Set-Cookie: __cfduid=df15b165815ea64c4c5299cd1e79897e31617784486; expires=Fri, 07-May-21 08:34:46 GMT; path=/; domain=.gwenetha.info; HttpOnly; SameSite=Lax X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC cf-request-id: 094d1151e70000eb4df305a000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2vkwPRMsOATCOHgAuxSkLsH9aeliynxA7%2BiQB8FGP6FURJvqnlL48yxmSZ5kCc7FgRO2aN%2BcHlIZ54%2BbtcGjXOmzQYjsK6Uk0J57Q07H"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63c1eb2fd9caeb4d-LAX alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826469949593485312/file.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 403 Forbidden Date: Wed, 07 Apr 2021 08:34:48 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 223 Connection: keep-alive Set-Cookie: __cfduid=de3cc5f4d3455c6395a444d7edc34f4601617784488; expires=Fri, 07-May-21 08:34:48 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c1eb3ac828351a-ICN Cache-Control: private, max-age=0 Expires: Wed, 07 Apr 2021 08:34:48 GMT Vary: Accept-Encoding CF-Cache-Status: EXPIRED Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094d1158bd0000351af00fc000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-GUploader-UploadID: ABg5-UyIY34qffsYjS6LZ2pSbmdrVziZ0MyxdUEhRbuUESCflsVW59-ybIdM_UppCOo7fJrsD9jJaQqz1FIHxRU1vOg X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KWLSSSQjoJb0G6oRIr0WlDcwuSVKD6TLk1Wg07VO6Z51CaFF8PkxXFb98HG%2BCql88dRj2Sb2AKL%2F7TRYwKuU6XmEY46icKcTlGIKnGzWgreCArQ%3D"}],"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare

GET /attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 08:34:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: __cfduid=d3a55ce8a377ed6a8d33ea59a0e307dc51617784488; expires=Fri, 07-May-21 08:34:48 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax X-Frame-Options: SAMEORIGIN cf-request-id: 094d1158c2000012de43095000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FOpB0LfTD6IkDZL3SWeiJ0kDZfVwbKG6dOBtQ1H2quUtpVdvjyjSpo8bsKjfgPaqZcYsMbAkWobnhkIcmrnWbRivGPnrUitEaMEZcT%2BcQZLp%2BQM%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63c1eb3ac81912de-ICN alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET /attachments/826416818390040589/826540039764705360/7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe HTTP/1.1 Host: cdn.discordapp.com

HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 08:34:48 GMT Content-Type: application/x-msdos-program Content-Length: 505856 Connection: keep-alive Set-Cookie: __cfduid=d3a55ce8a377ed6a8d33ea59a0e307dc51617784488; expires=Fri, 07-May-21 08:34:48 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax CF-Ray: 63c1eb3c7c3712de-ICN Accept-Ranges: bytes Age: 639497 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=7525b875713675d4ff0018cf084f493a4e4977de_2021-03-30_22-25.exe ETag: "28345a7bb63babaf99e760965ce493b7" Expires: Thu, 07 Apr 2022 08:34:48 GMT Last-Modified: Tue, 30 Mar 2021 19:35:01 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id: 094d1159cc000012de4218c000000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1617132901889175 x-goog-hash: crc32c=Ws/4nQ== x-goog-hash: md5=KDRae7Y7q6+Z52CWXOSTtw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 505856 X-GUploader-UploadID: ABg5-UznZNO55X93AubXlWYP0c5SyYOTRHkzDJhcIzrcH58RoyWaPDs0j0jqBmhsS-QvB5VHDoqPplp1xtV5hwkr0kW8h3tVvw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9m1PISS2fAvnJb3yE9uEs5rGS0uu40oyq01VfdUeo0RPi7rJejvBsKxDBvdF2Ln%2Bao3rNRFXGTIqdKoHpTq%2B3Q53kQlvdMUNQlIKhyZuYuVTkrQ%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare