Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| codeonicinc.com | 104.26.8.6 |
POST
200
https://codeonicinc.com/
REQUEST
RESPONSE
BODY
POST / HTTP/1.1
Host: codeonicinc.com
User-Agent: NSIS_InetLoad (Mozilla)
Accept: */*
Content-Length: 70
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 200 OK
Date: Tue, 02 Jul 2024 06:42:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8rbmflYLM0qAdaRuQTA8hZ%2ByrpZdTsUVskZsDNsJRB%2FE59ilf5ywqCn%2Fpc8oBUQQRIN66t775Sab1L9myp2KA0TboZed2NCV%2BwHDiJNQldrEz82IPQ8o3B%2BOa2SRbD8Ifg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89cca7dfca6729d4-FUK
POST
200
https://codeonicinc.com/
REQUEST
RESPONSE
BODY
POST / HTTP/1.1
Host: codeonicinc.com
User-Agent: NSIS_InetLoad (Mozilla)
Accept: */*
Content-Length: 70
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 200 OK
Date: Tue, 02 Jul 2024 06:42:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKVJDLfajouoMFJcbbRFNcKw0ssn3TV%2FpJscj4MFyw8O5qKq%2BYGfrE7Z6ws78SbHqMgHE6aWdt34jm%2FJybq9mOV%2Bn9O2Z1z4%2FHdHyEEE%2Bm0nJv0qdPX%2BkJekKsfng1XsZw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89cca7e2dc6929da-FUK
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49164 -> 104.26.9.6:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49167 -> 104.26.9.6:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49164 104.26.9.6:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=codeonicinc.com | 86:da:8b:36:46:21:b9:cf:2c:38:f1:8a:de:64:e9:75:47:0f:ee:47 |
|
TLS 1.2 192.168.56.101:49167 104.26.9.6:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=codeonicinc.com | 86:da:8b:36:46:21:b9:cf:2c:38:f1:8a:de:64:e9:75:47:0f:ee:47 |
Snort Alerts
No Snort Alerts