Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ddfcbb9325637bcdeff.mxttbszhh1.free.hr | 104.21.5.141 |
- UDP Requests
-
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.103:137
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:63712 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.js
REQUEST
RESPONSE
BODY
GET /oauth/pdf/Monetary_Funding_Sheet_2024.js HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MARKANYEPS#25118)
Host: ddfcbb9325637bcdeff.mxttbszhh1.free.hr
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 29 Jul 2024 07:41:52 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 21 Jul 2024 22:22:06 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3838
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHTmeGxPhVIsofpRk4XbS6V9lze%2FrbPbwcvNyFhe0SolrqFx5FVJs6YbJUuVRmnJXYlSra4JBYzgLDJQGISZqtP8zWebwNElmhqkuPyJm2HOKiwzbkIHSbLWriDE3MACTWf%2BbAIFOYkoBROR5BMd1th%2BtwuypS26dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8aab7812c8fd7c74-LAX
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET
200
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.pdf
REQUEST
RESPONSE
BODY
GET /oauth/pdf/Monetary_Funding_Sheet_2024.pdf HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MARKANYEPS#25118)
Host: ddfcbb9325637bcdeff.mxttbszhh1.free.hr
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 29 Jul 2024 07:41:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IWHJyO0Cplp3rqBR7zGbG7kZarq8k5cAWeKuWaK1Omq4tYFvl0SJLA5g%2BTCQ%2FBMmBVxNvdnrpPFumtRUPER7M%2B6qgb9PdUZBSRzIn8OdcelGYa%2BIt0iyXTzNV7i16FnonYwwfddxIQ2o4ip3S41%2FveGa10fbbwgZAA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8aab78166cf17c74-LAX
Content-Encoding: gzip
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49162 -> 172.67.154.165:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49162 172.67.154.165:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=mxttbszhh1.free.hr | ee:0f:6a:a4:31:ca:d0:e1:4e:db:47:f2:a8:49:c6:25:75:68:16:1f |
Snort Alerts
No Snort Alerts