Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.17 |
lamba.nitrosoftwares.shop | 172.67.167.211 |
GET
200
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
GET /gate HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host: lamba.nitrosoftwares.shop
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 14 Sep 2023 04:24:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=tp82im1a3ji8tg8b157ud31k0s; path=/
Set-Cookie: CSRF-TOKEN=a2f0c98d4c93b1dc8f1b46b0e08d797eaea3c09055ee28e0f6042746f267679a; expires=Thu, 14-Sep-2023 06:25:04 GMT; Max-Age=7200; path=/
Vary: User-Agent
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQO7f9lcfW9Evxdmlj1vLbKCs%2BJM4w8c0xtBtdnjvGs4jxMsu%2FvvkiYvFePTEtbOdqiPS8hIJbOX15BkWDHeqcKFQ3kb2PoiKMe%2BWso5IgmdtV1AoN5eoTY8Lr2ibn8B2I26GdmLZKfmVziF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8065dc19ef1d266a-NRT
alt-svc: h3=":443"; ma=86400
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 752081b3-4cb9-437f-a328-a5cfb82fd036
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 404
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: acbfae7a-1734-4394-93b3-1bc81cbe6bc3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 178
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 2d6b78f7-9eaf-491a-891b-0c83899422b7
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 196
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 5bc9e830-54b0-44d0-b22e-34085af71414
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 174
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 68d99baa-ea9d-467a-beda-9b99d04c6dc9
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 938
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 5412cd17-993b-4e61-bec8-69c77f60d095
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 168
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 50604a9b-e6c1-4fa4-86cc-2bba1786ae25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 406
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 015d88ff-a3be-453a-a51c-34461b4b6cf6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 410
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 688c3f84-fce1-4547-a19c-d091b5a1d27b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 05938cbe-db00-4c04-8216-c8b7aa24a950
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: cca7af0a-284f-4e6a-9754-d8db49d6f89b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: c25d3ee7-ad7d-4319-9359-079e8b51c8a7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 406
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 6fb186df-934f-40f2-81af-71ef33527471
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 408
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: 18abe08b-4959-455a-9b5f-8a95c97c6df8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 406
Expect: 100-continue
HTTP/1.1 100 Continue
POST
100
https://lamba.nitrosoftwares.shop/gate
REQUEST
RESPONSE
BODY
POST /gate HTTP/1.1
x-key: b59b7067-6aef-4786-a677-7f2ee095c423
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Content-Type: application/x-www-form-urlencoded
Host: lamba.nitrosoftwares.shop
Content-Length: 404
Expect: 100-continue
HTTP/1.1 100 Continue
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Mon, 21 Aug 2023 22:08:28 GMT
ETag: "37d-603761e33cf00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 14 Sep 2023 05:24:20 GMT
Date: Thu, 14 Sep 2023 04:24:20 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49169 -> 104.21.41.247:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49169 104.21.41.247:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=nitrosoftwares.shop | 55:16:8c:37:8b:81:1a:5e:02:c1:77:19:5c:d1:66:2f:51:be:a7:33 |
Snort Alerts
No Snort Alerts