Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.43.165.66 |
| aloyadakmashin.com | 172.67.131.166 |
- UDP Requests
-
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:62849 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
0
https://aloyadakmashin.com/wp-content/chunky/8uODOeX9A6h677hAR_wP4SNeevFUo28JctX6oX0Cyc1RyLjVKgDnzzecFDV1HC81DeYUiU26g4uSuk8HLG7KJ97SjzYuMsNsAIljaKX8tBBhPz2SuQul8jbxWqgrRph5LKUsU1L5nQSG_ND-TIGx6pAfnCWxhIq6WzPCrbjF9TqvNj9M/soup.gif
REQUEST
RESPONSE
BODY
GET /wp-content/chunky/8uODOeX9A6h677hAR_wP4SNeevFUo28JctX6oX0Cyc1RyLjVKgDnzzecFDV1HC81DeYUiU26g4uSuk8HLG7KJ97SjzYuMsNsAIljaKX8tBBhPz2SuQul8jbxWqgrRph5LKUsU1L5nQSG_ND-TIGx6pAfnCWxhIq6WzPCrbjF9TqvNj9M/soup.gif HTTP/1.1
Accept-Language: en-US,en;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; CrOS x86_64 13597.94.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.186 Safari/537.36
Host: aloyadakmashin.com
Cache-Control: no-cache
GET
521
https://aloyadakmashin.com/wp-content/chunky/rDB1NLsu9aUkPE5NGS_57H2NjPwKcJkELAYMrCPRP8APG07YdNMRwmlP4jgrz9k4UzXihBNpdYbMabkKcr08KoABeTtw4TVhXlqVZfsvQh0_7Muf59hT_2girKV1lW50cnbaXgwqawnYLybzElJH587MaijvV3y3BeA0oOYWAzfx5clB/soup.gif
REQUEST
RESPONSE
BODY
GET /wp-content/chunky/rDB1NLsu9aUkPE5NGS_57H2NjPwKcJkELAYMrCPRP8APG07YdNMRwmlP4jgrz9k4UzXihBNpdYbMabkKcr08KoABeTtw4TVhXlqVZfsvQh0_7Muf59hT_2girKV1lW50cnbaXgwqawnYLybzElJH587MaijvV3y3BeA0oOYWAzfx5clB/soup.gif HTTP/1.1
Accept-Language: en-US,en;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; CrOS x86_64 13597.94.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.186 Safari/537.36
Host: aloyadakmashin.com
Cache-Control: no-cache
HTTP/1.1 521
Date: Fri, 09 Dec 2022 01:24:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_use_ob=0; path=/; expires=Fri, 09-Dec-22 01:25:05 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
CF-RAY: 7769f12ae8fa8360-KIX
Server: cloudflare
GET
521
https://aloyadakmashin.com/wp-content/chunky/Scx5kV7S-QDBwELo_NP1SZhxgFnvjJWhyfoACcYtM2Xq50J9kS8dZ4yz7p3OM9WdtsnuIfaVeSMplbWvl0Ewj2X9dZ6VHTnEu6aZwB7TTrjaEMc6AiRfWo3eoACQaWLRl4rW--nWZ6w90ypW965LQiswZo0Kq3AS4Bw4BQPqD5IUGcXk/soup.gif
REQUEST
RESPONSE
BODY
GET /wp-content/chunky/Scx5kV7S-QDBwELo_NP1SZhxgFnvjJWhyfoACcYtM2Xq50J9kS8dZ4yz7p3OM9WdtsnuIfaVeSMplbWvl0Ewj2X9dZ6VHTnEu6aZwB7TTrjaEMc6AiRfWo3eoACQaWLRl4rW--nWZ6w90ypW965LQiswZo0Kq3AS4Bw4BQPqD5IUGcXk/soup.gif HTTP/1.1
Accept-Language: en-US,en;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; CrOS x86_64 13597.94.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.186 Safari/537.36
Host: aloyadakmashin.com
Cache-Control: no-cache
HTTP/1.1 521
Date: Fri, 09 Dec 2022 01:25:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_use_ob=0; path=/; expires=Fri, 09-Dec-22 01:26:03 GMT
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
CF-RAY: 7769f294ca520a86-KIX
Server: cloudflare
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 02:23:47 GMT
Date: Fri, 09 Dec 2022 01:23:47 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 02:24:35 GMT
Date: Fri, 09 Dec 2022 01:24:35 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 02:25:33 GMT
Date: Fri, 09 Dec 2022 01:25:33 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49169 -> 104.21.4.44:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49162 -> 104.21.4.44:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49166 -> 104.21.4.44:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49169 104.21.4.44:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=*.aloyadakmashin.com | 47:62:0b:e6:2b:22:09:25:c2:dd:6e:4c:d7:e3:d6:27:c9:ac:3f:15 |
|
TLSv1 192.168.56.102:49162 104.21.4.44:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=*.aloyadakmashin.com | 47:62:0b:e6:2b:22:09:25:c2:dd:6e:4c:d7:e3:d6:27:c9:ac:3f:15 |
|
TLSv1 192.168.56.102:49166 104.21.4.44:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=*.aloyadakmashin.com | 47:62:0b:e6:2b:22:09:25:c2:dd:6e:4c:d7:e3:d6:27:c9:ac:3f:15 |
Snort Alerts
No Snort Alerts