| pastecode.dev/raw/vykqnlo4/paste1.txt |  172.66.43.27 | 200 OK | 101 kB |
URL User Request GET HTTP/2pastecode.dev/raw/vykqnlo4/paste1.txt IP172.66.43.27:443
CertificateIssuerGoogle Trust Services Subjectpastecode.dev Fingerprint95:6F:39:17:D1:D9:BE:03:F7:53:B9:BF:62:D4:67:8C:28:9D:E6:A4 ValidityMon, 16 Dec 2024 20:30:51 GMT - Sun, 16 Mar 2025 21:28:49 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size101 kB (101036 bytes) Hash840c6aadd8114f84a7f5396e3204240c d5091cf3119cb88cec510e82960881489f983236 d0423578683b481c87d2b90a74213612e8837faf7f066c8e81ec92f9b2658c65
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Base64 encoded file | | Public Nextron YARA rules | malware | Detects an base64 encoded executable with reversed characters |
GET /raw/vykqnlo4/paste1.txt HTTP/1.1
Host: pastecode.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 24 Dec 2024 08:56:50 GMT
content-type: text/plain; charset=utf-8
set-cookie: _csrf=QqDUTf6m1aTACDdf99fSRg; Max-Age=600; Path=/; HttpOnly
etag: W/"18aac-1Qkc8xGcuIzsUQ6ClgiBSJ+YMjY"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8f6f61610e1956aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5784&min_rtt=486&rtt_var=10637&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3279&recv_bytes=1258&delivery_rate=7941499&cwnd=254&unsent_bytes=0&cid=4fc3b98750a5fa92&ts=157&x=0"
X-Firefox-Spdy: h2
|
| pastecode.dev/favicon.ico | 172.66.43.27 | 404 Not Found | 548 B |
URL GET HTTP/3pastecode.dev/favicon.ico IP172.66.43.27:443
Requested byhttps://pastecode.dev/raw/vykqnlo4/paste1.txt CertificateIssuerGoogle Trust Services Subjectpastecode.dev Fingerprint95:6F:39:17:D1:D9:BE:03:F7:53:B9:BF:62:D4:67:8C:28:9D:E6:A4 ValidityMon, 16 Dec 2024 20:30:51 GMT - Sun, 16 Mar 2025 21:28:49 GMT
File typeHTML document, ASCII text, with very long lines (574), with no line terminators Hash5b3bd9705af8e4446f589e073b64d64c e25d724de194a431213080e10392963efc18ad75 ad8ec7fd0face5bd866b2a915cd34853cf60f18229acc156dfa99f5dd5d3c775
GET /favicon.ico HTTP/1.1
Host: pastecode.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pastecode.dev/raw/vykqnlo4/paste1.txt
Cookie: _csrf=QqDUTf6m1aTACDdf99fSRg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 24 Dec 2024 08:56:50 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=31536000
cf-cache-status: HIT
priority: u=6,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f6f61642dfe1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5865&min_rtt=1235&rtt_var=3770&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4204&recv_bytes=1234&delivery_rate=519555&cwnd=12000&unsent_bytes=0&cid=4dc14067b196f47f&ts=376&x=1", cfExtPri, cfHdrFlush;dur=0
|
172.66.43.27