Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.27 |
nice.nitrosoftwares.shop | 172.67.167.211 |
GET
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
GET /gate HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host: nice.nitrosoftwares.shop
Connection: Keep-Alive
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: b7ebd632-d029-4211-93f1-d1f2143041ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 410
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 3a8390ad-5a36-4b41-86ba-eab85ed45418
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 182
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 47c12a44-7881-44b9-94f7-54ec0ec6c3ef
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 188
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 8a035e6a-9b7a-4125-960e-5692ac76bdc0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 178
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 0ca14c36-ad3e-4820-a10f-e074420452be
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 956
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: d2ebb0c0-151b-4691-b8f0-48a1ff1d75d1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 164
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 87e17c7f-07e4-43c3-bd23-0903e4ce7eb0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 410
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: df08bc65-b30f-495d-98c3-8af764ed3a9f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 412
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: b07f5b50-d4ce-4679-b833-a016da653b11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 416
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: b8e6af68-c58e-469c-afb3-c81a2a85627d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: e4ab9733-bd51-49f5-88da-6cb22245e714
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 412
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: e914748b-667d-4373-ba6e-e45a1f5226a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 402
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: b90e6b0d-ffbb-442e-abfb-089159671a04
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 418
Expect: 100-continue
POST
0
https://nice.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 7babff47-bc41-4cbf-a5e6-7dbd357f0578
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nice.nitrosoftwares.shop
Content-Length: 412
Expect: 100-continue
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Mon, 21 Aug 2023 22:08:28 GMT
ETag: "37d-603761e33cf00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 14 Sep 2023 00:02:50 GMT
Date: Wed, 13 Sep 2023 23:02:50 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49169 -> 104.21.41.247:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49169 104.21.41.247:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=nitrosoftwares.shop | 55:16:8c:37:8b:81:1a:5e:02:c1:77:19:5c:d1:66:2f:51:be:a7:33 |
Snort Alerts
No Snort Alerts