Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
kakosidobrosam.gq | 172.67.180.37 |
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61480 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-CBCFAE6F7B8D32422898307A805F1FED.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-CBCFAE6F7B8D32422898307A805F1FED.html HTTP/1.1
Accept: application/json
Host: kakosidobrosam.gq
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 03 Jul 2021 00:50:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Jul 2021 23:37:55 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WmZ5EnvT85YQSD0JqZwbPzhovwsS3gHlY0PB5HnbR%2Fhgga2eHcwVx7yJQzByGj7GGqudCL3OIF%2B42v3%2F3thPDxZcg5ykgsVlrilTT62EzPxgMtBbqBVP1DeYIMkcrR4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 668c1ef4ceeee819-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-24CE7FE78D268B93DB4AD64C9B7971DD.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-24CE7FE78D268B93DB4AD64C9B7971DD.html HTTP/1.1
Accept: application/json
Host: kakosidobrosam.gq
HTTP/1.1 200 OK
Date: Sat, 03 Jul 2021 00:50:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Jul 2021 23:38:01 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JWs1DVYDWgGUxX1cYo48t%2F937%2Bw9%2FAK6YyJbRIIcVhyG35KHkWFBXUp9jAAQFFaNi4LzW3F%2Bl00trYtDGYsxHLl6JFcO8H%2Fc3EMTB6wyXD%2FX14NnFlnpzn6N9JjAPJg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 668c1efd3a06e819-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:62324 -> 164.124.101.2:53 | 2025104 | ET INFO DNS Query for Suspicious .gq Domain | Potentially Bad Traffic |
TCP 192.168.56.101:49199 -> 104.21.67.197:443 | 2025108 | ET INFO Suspicious Domain (*.gq) in TLS SNI | Potentially Bad Traffic |
TCP 192.168.56.101:49199 -> 104.21.67.197:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49199 104.21.67.197:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a2:99:7f:61:26:e9:24:3e:96:d0:98:83:eb:e0:35:eb:07:a8:19:f8 |
Snort Alerts
No Snort Alerts