Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| pastefy.app | 104.21.49.12 |
- TCP Requests
GET
200
https://pastefy.app/SXZ0OaCN/raw
REQUEST
RESPONSE
BODY
GET /SXZ0OaCN/raw HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: pastefy.app
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 03 Apr 2025 01:52:20 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
Access-Control-Allow-Origin: *
Cf-Cache-Status: DYNAMIC
Content-Encoding: gzip
CF-RAY: 92a4ed120b98df12-LHR
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49164 -> 104.21.49.12:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49164 104.21.49.12:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastefy.app | b6:42:cb:7c:dc:26:c2:f9:e3:e9:9c:47:e7:84:60:7f:b5:bc:66:32 |
Snort Alerts
No Snort Alerts