pastebin.com/raw/BBh77A9C
200 OK 100 kB URL User Request GET HTTP/2 pastebin.com/raw/BBh77A9C
IP
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint55:C8:82:61:30:05:42:80:DB:47:5E:D0:66:B5:DF:AC:14:5B:19:6F
ValidityWed, 17 May 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT
File type PHP script text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (22861), with CRLF line terminators
Hash 723aa63dd6c41be730d3a454db6aa765
7ecf7d27991b5920adc941195e41cbd8e157f97a
e02ff82ce33603b1d5f9846d28723bbef81e6c1e0b0a4668ff797bc27e8d82a4
Analyzer Verdict Alert Public Nextron YARA rules malware php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules malware php webshell having some kind of input and using a callback to execute the payload. restricted to small files or would give lots of false positives
Public Nextron YARA rules malware php webshell containing base64 encoded payload
Public Nextron YARA rules malware PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
Public Nextron YARA rules malware Detects susupicious bash command
Public Nextron YARA rules malware Semi-Auto-generated - from files multiple_php_webshells
GET /raw/BBh77A9C HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Sep 2023 02:44:43 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: MISS
last-modified: Sat, 02 Sep 2023 02:44:43 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 800269a9cc13b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
IP
Requested by https://pastebin.com/raw/BBh77A9C
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint55:C8:82:61:30:05:42:80:DB:47:5E:D0:66:B5:DF:AC:14:5B:19:6F
ValidityWed, 17 May 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash de86a6f000f8f84e20bc7eb2c7d320e3
35af87deef9e6c081d834d08963ada2530dc0618
6a5e064af00286681a3ae734e5407a2ea883955d875c5490e597d1ddb8eda021
GET /favicon.ico HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pastebin.com/raw/BBh77A9C
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Sep 2023 02:44:43 GMT
content-type: image/x-icon
last-modified: Thu, 06 Jul 2023 08:38:48 GMT
etag: W/"64a67d98-13e"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6132
vary: Accept-Encoding
server: cloudflare
cf-ray: 800269aded27b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
172.67.34.170