Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| yandex.ru | 77.88.55.88 | |
| sso.passport.yandex.ru |
CNAME
passport.yandex.ru
|
213.180.204.24 |
| dzen.ru | 62.217.160.2 |
GET
302
https://yandex.ru/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: yandex.ru
Connection: Keep-Alive
HTTP/1.1 302 Moved temporarily
Accept-CH: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
Cache-Control: max-age=1209600,private
Date: Wed, 21 Jun 2023 06:55:40 GMT
Location: https://dzen.ru/?yredirect=true
NEL: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
Portal: Home
Report-To: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Yandex-Req-Id: 1687330540395780-7249678679549251344-balancer-l7leveler-kubr-yp-sas-148-BAL-9180
set-cookie: is_gdpr=0; Path=/; Domain=.yandex.ru; Expires=Fri, 20 Jun 2025 06:55:40 GMT
set-cookie: is_gdpr_b=CIPQbBCxvgEoAg==; Path=/; Domain=.yandex.ru; Expires=Fri, 20 Jun 2025 06:55:40 GMT
set-cookie: _yasc=TRi6SqUjW4WiIT61IX05nA+MjSFghvvfFwZMqbm0IXUBZAsWrQQgr/RhD7qPmQ==; domain=.yandex.ru; path=/; expires=Sat, 18 Jun 2033 06:55:40 GMT; secure
set-cookie: i=iE87x0l0rAkU+NMCM3S0m4H13IB2onnAbJFlGeGeSr0KVok7JRj3QTyne49uzwTWtfW511qyHOv1ec5EvkDqGHrPNUA=; Expires=Fri, 20-Jun-2025 06:55:40 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
set-cookie: yandexuid=8492513441687330540; Expires=Fri, 20-Jun-2025 06:55:40 GMT; Domain=.yandex.ru; Path=/; Secure
GET
302
https://dzen.ru/?yredirect=true
REQUEST
RESPONSE
BODY
GET /?yredirect=true HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: dzen.ru
Connection: Keep-Alive
HTTP/1.1 302 Found
Content-Length: 0
Content-Type: application/json;charset=utf-8
Date: Wed, 21 Jun 2023 06:55:41 GMT
Location: https://sso.passport.yandex.ru/push?uuid=b7d82276-c92f-4350-9469-9356de41d229&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
Set-Cookie: zen_sso_checked=1; Path=/; Domain=.dzen.ru; Expires=Wed, 21-Jun-2023 18:55:41 GMT; Max-Age=43200; Secure; HttpOnly
Set-Cookie: _yasc=iwpTk7cGLYQtIwvLTYXzsoH9pt9HfP89nm2VbWV1L36pXL+X0HAulTj6Tfs=; domain=.dzen.ru; path=/; expires=Sat, 18 Jun 2033 06:55:41 GMT; secure
GET
200
https://sso.passport.yandex.ru/push?uuid=b7d82276-c92f-4350-9469-9356de41d229&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
REQUEST
RESPONSE
BODY
GET /push?uuid=b7d82276-c92f-4350-9469-9356de41d229&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: sso.passport.yandex.ru
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Jun 2023 06:55:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1958
Connection: close
Vary: Accept-Encoding
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
X-DNS-Prefetch-Control: off
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'none'; frame-ancestors https://*.dzen.ru https://dzen.ru; connect-src 'self'; script-src 'nonce-4fb8b79165fbcd59f334f860652ad48c' 'self'; img-src 'self'
Set-Cookie: mda2_beacon=1687330543075; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/
Set-Cookie: ys=c_chck.2698358150; Domain=.yandex.ru; Secure; Path=/
Set-Cookie: i=9jDN77GTjg01apW42mkEfhCC3vRQeDSAK/oZbw2t7VIq+w6LiKE5yfXWcoM7gLMoQIHwaCXoEFEgmiPyrbIq3NekGH0=; Domain=.yandex.ru; Expires=Sat, 18 Jun 2033 06:55:43 GMT; Secure; HttpOnly; Path=/
Set-Cookie: yandexuid=3152278141687330543; Domain=.yandex.ru; Expires=Sat, 18 Jun 2033 06:55:43 GMT; Secure; Path=/
Set-Cookie: mda2_domains=dzen.ru; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/
Referrer-Policy: origin
ETag: W/"7a6-9n9L9ARv6qt9ZXCGONcVRxjIVKY"
Strict-Transport-Security: max-age=315360000; includeSubDomains
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49164 -> 213.180.204.24:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49162 -> 77.88.55.88:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49163 -> 62.217.160.2:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49164 213.180.204.24:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru | f0:52:26:54:41:65:2b:6a:37:7b:c1:5b:de:9c:e9:d4:41:c6:81:2d |
|
TLSv1 192.168.56.103:49162 77.88.55.88:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai | 7a:e6:ff:bb:19:79:e4:52:b5:47:97:69:f8:78:1c:38:bd:e6:2f:c2 |
|
TLSv1 192.168.56.103:49163 62.217.160.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru | 6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2 |
Snort Alerts
No Snort Alerts