Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.17 |
nitrosoftwares.shop | 172.67.167.211 |
GET
200
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
GET /gate HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host: nitrosoftwares.shop
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 13 Sep 2023 22:51:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=tv22jaoa7pbce3oohetk8hu3jl; path=/
Set-Cookie: CSRF-TOKEN=6e56539da2ca8df17f487bbb1c2a9f34d795c3520a9bce82a75b2487efbbe7e2; expires=Thu, 14-Sep-2023 00:52:39 GMT; Max-Age=7200; path=/
Vary: User-Agent
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4rA9AU%2FFgLEfTzM3pQYHM3vCr62QrvifThwRB%2FdMyyOgOrE%2BuymkcndZmVyJ%2FJrAgj3kYG9rOfI%2BDCmZ4HlttVB1QCg%2F6lMPbqO6LAnjohrm61WywHJD2Z47QudC04fn7sgPhC9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8063f52cba1d266a-NRT
alt-svc: h3=":443"; ma=86400
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: dedfa962-635e-4b3a-8ce7-51d4b5d4b999
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 404
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 4f9438dd-6345-4fbc-8a0f-230df30b5102
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 176
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 0d8a03ed-530e-4131-946b-86b4c09ba915
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 188
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 0108dff3-3166-4dd8-b117-ae0382c1f93b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 166
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 44670297-5c23-4589-8ba4-5c6cfdc33acd
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 952
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 70d4703a-cfd3-4aff-ac6d-b4ea7eb60c6d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 168
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: afaa58e8-f0a3-405d-93a9-4c0088786737
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 418
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 586da1f3-6cf0-4bfd-95bf-db22c5057da5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 1996f369-8c7f-4c53-847d-b75f0903c624
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 404
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: c6a40e37-8f6b-4570-bb6a-431736478f01
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 414
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 3207a65b-4410-4166-97b7-cc2c5aae32fd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 404
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 24c6a131-c8a2-4ad1-b31b-7cbc78555f12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 416
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 34cf5f36-c05e-4fd2-98b2-c9a7e69b8d38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 412
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: adb91894-798d-403a-a3ec-9402bcb4ff37
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 416
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 9af15907-64eb-4162-8b1d-bb24fc19b990
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 420
Expect: 100-continue
HTTP/1.1 100 Continue
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Mon, 21 Aug 2023 22:08:28 GMT
ETag: "37d-603761e33cf00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 13 Sep 2023 23:51:56 GMT
Date: Wed, 13 Sep 2023 22:51:56 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49169 -> 104.21.41.247:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49169 104.21.41.247:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=nitrosoftwares.shop | 55:16:8c:37:8b:81:1a:5e:02:c1:77:19:5c:d1:66:2f:51:be:a7:33 |
Snort Alerts
No Snort Alerts