Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| d2js2viceajwla.cloudfront.net |
AAAA
2600:9000:2139:9200:11:6feb:6f80:93a1
AAAA
2600:9000:2139:ae00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:f600:11:6feb:6f80:93a1
AAAA
2600:9000:2139:c000:11:6feb:6f80:93a1
AAAA
2600:9000:2139:9000:11:6feb:6f80:93a1
AAAA
2600:9000:2139:4400:11:6feb:6f80:93a1
AAAA
2600:9000:2139:7c00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:ec00:11:6feb:6f80:93a1
|
99.86.202.23 |
| aus.thunderbird.net | 99.86.202.75 | |
| kakosidobrosam.gq | 172.67.180.37 | |
| prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 | |
| d2js2viceajwla.cloudfront.net | 99.86.202.23 | |
| aus5.mozilla.org | 35.244.181.201 | |
| prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 |
- TCP Requests
-
-
192.168.56.102:49321 104.21.67.197:443kakosidobrosam.gq
-
192.168.56.102:49313 35.244.181.201:443aus5.mozilla.org
-
192.168.56.102:49324 35.244.181.201:443aus5.mozilla.org
-
192.168.56.102:49311 99.86.144.100:443
-
192.168.56.102:49315 99.86.144.46:443
-
192.168.56.102:49316 99.86.144.61:443
-
192.168.56.102:49312 99.86.144.82:443
-
192.168.56.102:49323 99.86.202.125:443d2js2viceajwla.cloudfront.net
-
35.244.181.201:443 192.168.56.102:49322
-
99.86.202.125:443 192.168.56.102:49321
-
- UDP Requests
-
-
192.168.56.102:49547 164.124.101.2:53
-
192.168.56.102:49958 164.124.101.2:53
-
192.168.56.102:50105 164.124.101.2:53
-
192.168.56.102:50201 164.124.101.2:53
-
192.168.56.102:51397 164.124.101.2:53
-
192.168.56.102:54517 164.124.101.2:53
-
192.168.56.102:54700 164.124.101.2:53
-
192.168.56.102:55084 164.124.101.2:53
-
192.168.56.102:55426 164.124.101.2:53
-
192.168.56.102:57854 164.124.101.2:53
-
192.168.56.102:57860 164.124.101.2:53
-
192.168.56.102:58785 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:57353 239.255.255.250:1900
-
GET
200
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C01EC4A57619A16E6AEAA0F47B55BDA9.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C01EC4A57619A16E6AEAA0F47B55BDA9.html HTTP/1.1
Accept: application/json
Host: kakosidobrosam.gq
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 03 Jul 2021 00:23:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Jul 2021 13:09:58 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=74iHTMf%2Byw1DeuLGL7Hrpwk1OeBEDvW7QlNSttNGi6EmcSp1Lg7sBPG71PgWlvgFOl5spZO8so0HcaJ8QVo%2FfMrAI1LcWBJaNNsI%2BeEs9%2BRvRzcBug1U8RibsJ3EDyk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 668bf6b03b8ac6a0-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C4A8B2A795B9148BEAA8D315AA468649.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C4A8B2A795B9148BEAA8D315AA468649.html HTTP/1.1
Accept: application/json
Host: kakosidobrosam.gq
HTTP/1.1 200 OK
Date: Sat, 03 Jul 2021 00:23:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Jul 2021 13:10:05 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wF9ltF4k2CYsijTWw9wh5m8gKgziwx7cXK9Faa4dvQu%2FadysC2J%2FG5N2kKpeuRETQHQbm3tJxyQksUVQL1314Fx3wZ2vEB%2FJOsg1A2RmbJi1vRg3r0TESnioG0RZRWM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 668bf6b9ff0dc6a0-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B70EB8889C1E5B3277197714B6942614.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B70EB8889C1E5B3277197714B6942614.html HTTP/1.1
Accept: application/json
Host: kakosidobrosam.gq
HTTP/1.1 200 OK
Date: Sat, 03 Jul 2021 00:23:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Jul 2021 13:10:09 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=z5MWDUyVEwPnHOUk1zHdYYgiC9S5k0iAoV%2BqePNdiaVdkWrFycs8HyBSKJ6u0OW9OojwHaFX6UK6dYelb%2FcZRXrGkCoi859Sm1K2RopnUnS%2FybGaYsobFgPk%2Bkg8wvU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 668bf6c14faac6a0-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4BE99CBE54A285D972B1192483666889.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4BE99CBE54A285D972B1192483666889.html HTTP/1.1
Accept: application/json
Host: kakosidobrosam.gq
HTTP/1.1 200 OK
Date: Sat, 03 Jul 2021 00:23:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Jul 2021 13:10:17 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gjCGFzTTzcpuNhEYp%2Fh1zoBW5QzR9G3W8JUR90WEZocU91CLhufIrJZVkRRSoOXVnKScx02MQhTpimI1ovZnK7tu6ddCsojkiAQEYurFuadx1bzQ3ohgMmuMYt2keoY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 668bf6c4bc1bc6a0-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-885F730E823499F80A764E9EC20A7875.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-885F730E823499F80A764E9EC20A7875.html HTTP/1.1
Accept: application/json
Host: kakosidobrosam.gq
HTTP/1.1 200 OK
Date: Sat, 03 Jul 2021 00:23:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Jul 2021 13:10:26 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aons1INLhAUg4SgrbsFJvy7jTt%2BfIA6hVRrKHuBYxJSDBlhDdbspkUTwkPdTIgZfjn%2BEGaPk7zPqziI%2F2%2FEBOLqpp4GpgcdJeKQy9ge%2F5DL5iaO7a%2F9XiVi8I54p1XE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 668bf6c88906c6a0-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:50201 -> 164.124.101.2:53 | 2025104 | ET INFO DNS Query for Suspicious .gq Domain | Potentially Bad Traffic |
| TCP 192.168.56.102:49321 -> 104.21.67.197:443 | 2025108 | ET INFO Suspicious Domain (*.gq) in TLS SNI | Potentially Bad Traffic |
| TCP 192.168.56.102:49321 -> 104.21.67.197:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49321 104.21.67.197:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a2:99:7f:61:26:e9:24:3e:96:d0:98:83:eb:e0:35:eb:07:a8:19:f8 |
|
TLS 1.2 192.168.56.102:49323 99.86.202.125:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=thunderbird.net | dd:92:a0:f3:c5:f2:3a:c7:42:66:30:75:8a:b3:b3:03:6b:8c:df:9d |
|
TLS 1.2 192.168.56.102:49324 35.244.181.201:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=Mountain View, O=Mozilla Corporation, CN=aus5.mozilla.org | 37:1a:8a:6e:ae:e7:b7:ae:1f:a9:c0:87:53:e5:a0:94:ef:0b:de:0c |
Snort Alerts
No Snort Alerts