Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.17 |
nitrosoftwares.shop | 172.67.167.211 |
GET
200
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
GET /gate HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host: nitrosoftwares.shop
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 13 Sep 2023 22:54:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=1pvim9o6s62jkpnl0j82653l1r; path=/
Set-Cookie: CSRF-TOKEN=480293647436679166eabce3602972ccb6d59bca2d334440905088c2df4343e5; expires=Thu, 14-Sep-2023 00:54:48 GMT; Max-Age=7200; path=/
Vary: User-Agent
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIATnObCzLzLX86hXuMvOYYP6N8qYxc8Mtg3IOuwDd0gLY7mnJvO1j9%2BlDlqIJYN7%2F6qBhbGWbqkwmihKkHGX4QDIB1YZkKb6MKtEP3rp%2FDXEBb4nW4G0nR%2BsQIe0T0eFnlI4rq6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8063f852e85c8d12-KIX
alt-svc: h3=":443"; ma=86400
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: b86e5025-d812-4ef6-9e3f-05885dea1956
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 414
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 13444fc4-34a6-4965-9ce5-d6ac03c620ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 182
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 1053ce6a-de4c-4335-b54e-8a4bd30734ac
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 202
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 5b26f3e5-30de-47d0-abe3-a0e74ff4b03a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 168
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 60ee93a4-383d-48f8-9ca0-64a207c3b4ea
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 954
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 5d331e32-34c8-418b-ae24-67ec6f08052e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 170
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 464ba74a-4921-4864-8a6d-34622391a2be
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 410
Expect: 100-continue
HTTP/1.1 100 Continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 1fbac542-e5c9-42e2-8ab4-6367745afc8a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 420
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 49ec2785-5366-4f43-89a8-909ced079c21
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 416
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 5fb7b6f1-3d0d-4edb-8afd-254427438c3b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: de885388-e36f-4b56-ab84-0e288c550331
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 9be8daf8-1d8e-4af2-91d1-70cb00d7ce84
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 414
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: d8d4d5f6-57f3-440e-b483-ee148af63160
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 414
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 5cf930b2-7a37-4e05-9a04-e6599ff5eeed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 406
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: f5117b2f-5475-4337-8767-5db640eddcda
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 410
Expect: 100-continue
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Mon, 21 Aug 2023 22:08:28 GMT
ETag: "37d-603761e33cf00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 13 Sep 2023 23:54:05 GMT
Date: Wed, 13 Sep 2023 22:54:05 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49169 -> 172.67.167.211:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49169 172.67.167.211:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=nitrosoftwares.shop | 55:16:8c:37:8b:81:1a:5e:02:c1:77:19:5c:d1:66:2f:51:be:a7:33 |
Snort Alerts
No Snort Alerts