Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| pastebin.com | 104.20.3.235 | |
| api.telegram.org | 149.154.167.220 | |
| smkn2sumbawabesar.sch.id | 194.163.35.141 | |
| x1.i.lencr.org | 23.52.33.11 |
- TCP Requests
-
-
192.168.56.103:49172 149.154.167.220:443api.telegram.org
-
192.168.56.103:49178 149.154.167.220:443api.telegram.org
-
192.168.56.103:49183 149.154.167.220:443api.telegram.org
-
192.168.56.103:49171 172.67.19.24:443pastebin.com
-
192.168.56.103:49177 172.67.19.24:443pastebin.com
-
192.168.56.103:49182 172.67.19.24:443pastebin.com
-
192.168.56.103:49168 194.163.35.141:443smkn2sumbawabesar.sch.id
-
192.168.56.103:49169 23.41.113.9:80x1.i.lencr.org
-
192.168.56.103:49166 45.91.202.63:25415
-
GET
200
https://smkn2sumbawabesar.sch.id/1.exe
REQUEST
RESPONSE
BODY
GET /1.exe HTTP/1.1
Host: smkn2sumbawabesar.sch.id
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: application/x-executable
last-modified: Fri, 06 Sep 2024 02:18:04 GMT
etag: "6a800-66da665c-809658ca37269c0c;;;"
accept-ranges: bytes
content-length: 436224
date: Tue, 10 Sep 2024 01:26:38 GMT
server: LiteSpeed
platform: hostinger
panel: hpanel
content-security-policy: upgrade-insecure-requests
GET
200
https://pastebin.com/raw/EgQVHrqH
REQUEST
RESPONSE
BODY
GET /raw/EgQVHrqH HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 10 Sep 2024 01:26:44 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 556
Last-Modified: Tue, 10 Sep 2024 01:17:28 GMT
Server: cloudflare
CF-RAY: 8c0ba1af9d0729cf-FUK
GET
200
https://pastebin.com/raw/EgQVHrqH
REQUEST
RESPONSE
BODY
GET /raw/EgQVHrqH HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 10 Sep 2024 01:27:20 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 592
Last-Modified: Tue, 10 Sep 2024 01:17:28 GMT
Server: cloudflare
CF-RAY: 8c0ba291afa029d4-FUK
GET
200
https://pastebin.com/raw/EgQVHrqH
REQUEST
RESPONSE
BODY
GET /raw/EgQVHrqH HTTP/1.1
Host: pastebin.com
HTTP/1.1 200 OK
Date: Tue, 10 Sep 2024 01:27:45 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 617
Last-Modified: Tue, 10 Sep 2024 01:17:28 GMT
Server: cloudflare
CF-RAY: 8c0ba32de81729cf-FUK
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=56355
Expires: Tue, 10 Sep 2024 17:05:53 GMT
Date: Tue, 10 Sep 2024 01:26:38 GMT
Content-Length: 1391
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49168 194.163.35.141:443 |
C=US, O=Let's Encrypt, CN=R11 | CN=smkn2sumbawabesar.sch.id | d6:00:0a:51:e8:18:34:dd:26:f3:4c:a9:ca:62:75:6b:fa:17:51:16 |
|
TLS 1.2 192.168.56.103:49177 172.67.19.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastebin.com | e3:4a:2e:16:cc:2b:72:f6:c5:22:3e:52:49:b3:50:2a:1b:85:6f:8b |
|
TLS 1.2 192.168.56.103:49182 172.67.19.24:443 |
None | None | None |
|
TLS 1.2 192.168.56.103:49171 172.67.19.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastebin.com | e3:4a:2e:16:cc:2b:72:f6:c5:22:3e:52:49:b3:50:2a:1b:85:6f:8b |
Snort Alerts
No Snort Alerts