Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.17 |
nitrosoftwares.shop | 172.67.167.211 |
GET
200
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
GET /gate HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host: nitrosoftwares.shop
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 13 Sep 2023 23:00:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=f5td1l7k1gesgt1addhh2b8bus; path=/
Set-Cookie: CSRF-TOKEN=f6e1d788489a281c87cdece3320a83c812e0f3bbef33c462094e3741161def0d; expires=Thu, 14-Sep-2023 01:01:23 GMT; Max-Age=7200; path=/
Vary: User-Agent
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=51pScKVHUbbZtAWxjSGTDYxpKNSbqu97XVIEecHalGxv0HZW5ll0gHTh5Q1f4mLk5HQJqdtw6UOf2RY6zcafXsr5UKIGvC0wh72FYxMzY%2F0uagNopxaPJw2QTKyOt4nMBEqOoVlk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 806401f72e358d12-KIX
alt-svc: h3=":443"; ma=86400
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: ba00ac4c-81dd-45be-ab4f-2255b167c038
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 412
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: ea66fbe0-89b9-439e-8d2d-38e8c97613b5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 182
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 6eed03dc-bd60-455b-9712-5c244ac05488
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 192
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 9c7a6fa5-ccec-4e42-ac92-3fdf88bd9c73
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 164
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: b4f0e978-9b91-4f9b-b37b-b773d0fc944a
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 954
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 2653a97c-4540-4a27-88aa-ff36e31155eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 164
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: dc16c26b-e2cd-4193-9b26-095190420519
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 412
Expect: 100-continue
HTTP/1.1 100 Continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 10541b4a-5099-44eb-9f43-01f37d88202c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 414
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 1ec5d4b9-65d0-4bd3-8dae-7d3f1e540ea9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 418
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 47c751dc-ed35-44bd-a967-d40de470f4d2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 1eef97eb-7e58-436f-8ddb-9f4f6b5fd6bd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 406
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 1b7167ec-5a97-4fb1-8eee-24923eae2079
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 404
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: ae0c5643-77fe-444d-983a-35e3234611c9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 406
Expect: 100-continue
POST
0
https://nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 99a677ca-1b6e-49b4-8a51-12df27093b54
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: nitrosoftwares.shop
Content-Length: 414
Expect: 100-continue
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Mon, 21 Aug 2023 22:08:28 GMT
ETag: "37d-603761e33cf00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 14 Sep 2023 00:00:40 GMT
Date: Wed, 13 Sep 2023 23:00:40 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49169 -> 172.67.167.211:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49169 172.67.167.211:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=nitrosoftwares.shop | 55:16:8c:37:8b:81:1a:5e:02:c1:77:19:5c:d1:66:2f:51:be:a7:33 |
Snort Alerts
No Snort Alerts