Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| right-championships-junior-pubs.trycloudflare.com | 104.16.230.132 |
GET
200
https://right-championships-junior-pubs.trycloudflare.com/FAQ/taxCPAm.bat
REQUEST
RESPONSE
BODY
GET /FAQ/taxCPAm.bat HTTP/1.1
User-Agent: AutoIt
Host: right-championships-junior-pubs.trycloudflare.com
HTTP/1.1 200 OK
Date: Fri, 28 Mar 2025 00:45:58 GMT
Content-Type: text/plain
Content-Length: 6293386
Connection: keep-alive
CF-Ray: 92731b8f3992a7cc-ICN
CF-Cache-Status: DYNAMIC
Accept-Ranges: bytes
ETag: "456a956e8936c8c0e61e2a6123ef7966-1742813072-6293386"
Last-Modified: Mon, 24 Mar 2025 10:44:32 GMT
Server: cloudflare
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49162 -> 104.16.230.132:443 | 2058175 | ET HUNTING TryCloudFlare Domain in TLS SNI | Misc activity |
| TCP 192.168.56.101:49162 -> 104.16.230.132:443 | 2060250 | ET INFO Observed trycloudflare .com Domain in TLS SNI | Misc activity |
| TCP 192.168.56.101:49162 -> 104.16.230.132:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2034552 | ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com) | Potentially Bad Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49162 104.16.230.132:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=trycloudflare.com | c1:f5:d9:f4:2e:e4:62:4a:93:1f:06:f7:a0:22:d4:38:59:bf:bd:94 |
Snort Alerts
No Snort Alerts