Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.microsoft.com | 23.201.37.168 | |
| incoming.telemetry.mozilla.org | 44.240.8.189 | |
| definitionupdates.microsoft.com |
CNAME
e3673.g.akamaiedge.net
|
23.40.44.112 |
| hermescomm.net | 162.241.27.24 |
- TCP Requests
-
-
192.168.56.101:49196 192.168.56.103:2869
-
192.168.56.101:49197 192.168.56.103:5357
-
192.168.56.101:49200 192.168.56.103:139
-
192.168.56.101:49201 192.168.56.103:139
-
192.168.56.102:49803 192.168.56.103:5357
-
192.168.56.102:49804 192.168.56.103:2869
-
192.168.56.102:49807 192.168.56.103:139
-
192.168.56.102:49808 192.168.56.103:139
-
192.168.56.103:49596 162.241.27.24:443hermescomm.net
-
192.168.56.103:49598 162.241.27.24:443hermescomm.net
-
192.168.56.103:49599 162.241.27.24:443hermescomm.net
-
192.168.56.103:49601 162.241.27.24:443hermescomm.net
-
192.168.56.103:49602 162.241.27.24:443hermescomm.net
-
192.168.56.103:49603 162.241.27.24:443hermescomm.net
-
192.168.56.103:49611 23.197.161.201:80
-
192.168.56.103:49612 23.201.37.168:443www.microsoft.com
-
192.168.56.103:49613 23.40.44.112:443definitionupdates.microsoft.com
-
192.168.56.103:49591 52.33.45.66:443incoming.telemetry.mozilla.org
-
- UDP Requests
-
-
192.168.56.103:58285 164.124.101.2:53
-
192.168.56.103:58575 164.124.101.2:53
-
192.168.56.103:58935 164.124.101.2:53
-
192.168.56.103:64714 164.124.101.2:53
-
192.168.56.103:65511 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:1900 192.168.56.101:62445
-
192.168.56.103:3702 192.168.56.101:62449
-
192.168.56.103:137 192.168.56.102:137
-
192.168.56.103:1900 192.168.56.102:56752
-
192.168.56.103:3702 192.168.56.102:56756
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:1900 239.255.255.250:1900
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:50368 239.255.255.250:1900
-
GET
302
https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092
REQUEST
RESPONSE
BODY
GET /security/encyclopedia/adlpackages.aspx?arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092 HTTP/1.1
Connection: Keep-Alive
Accept-Charset: utf-8
User-Agent: MpCommunication
Host: www.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 234
Content-Type: text/html; charset=utf-8
Location: https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.339.927.0/x86/mpas-fe.exe
Request-Context: appId=cid-v1:6243adf7-17c9-447a-a882-1b86b3e43445
Access-Control-Expose-Headers: Request-Context
X-EdgeConnect-MidMile-RTT: 170
X-EdgeConnect-Origin-MEX-Latency: 38
Expires: Tue, 18 May 2021 00:52:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 18 May 2021 00:52:22 GMT
Connection: keep-alive
Set-Cookie: ARRAffinity=78e432219cd08c3e26b2d2af4ae48536421622b33edbe866a1b320ca40dfaa17;Path=/;HttpOnly;Secure;Domain=adl.sr.wd.microsoft.com
Set-Cookie: ARRAffinitySameSite=78e432219cd08c3e26b2d2af4ae48536421622b33edbe866a1b320ca40dfaa17;Path=/;HttpOnly;SameSite=None;Secure;Domain=adl.sr.wd.microsoft.com
R-Tag: SecADL
TLS_version: tls1
Strict-Transport-Security: max-age=31536000
X-RTag: RT
GET
200
https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.339.927.0/x86/mpas-fe.exe
REQUEST
RESPONSE
BODY
GET /download/DefinitionUpdates/VersionedSignatures/AM/1.339.927.0/x86/mpas-fe.exe HTTP/1.1
Connection: Keep-Alive
Accept-Charset: utf-8
User-Agent: MpCommunication
Host: definitionupdates.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 64dba4d2-901e-0051-7f76-4b9f4a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Last-Modified: Mon, 17 May 2021 21:21:48 GMT
ETag: 0x8D91979C7AFBA3A
Content-Length: 59906496
Date: Tue, 18 May 2021 00:52:22 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092 HTTP/1.1
Connection: Keep-Alive
Accept-Charset: utf-8
User-Agent: MpCommunication
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Location: https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092
Server: Kestrel
Request-Context: appId=cid-v1:b47e5e27-bf85-45ba-a97c-0377ce0e5779
X-Response-Cache-Status: True
X-Powered-By: ASP.NET
Content-Length: 0
Expires: Tue, 18 May 2021 00:52:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 18 May 2021 00:52:21 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49591 52.33.45.66:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=Mountain View, O=Mozilla Corporation, OU=Cloud Services, CN=*.telemetry.mozilla.org | 6d:3c:6a:a4:5f:46:eb:8b:b6:fb:8f:08:44:02:01:61:a0:25:c3:c8 |
|
TLSv1 192.168.56.103:49612 23.201.37.168:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
|
TLSv1 192.168.56.103:49613 23.40.44.112:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=download.microsoft.com | e7:01:d1:e2:a1:0e:a1:84:0b:d0:c6:2e:a2:42:7a:f4:7b:40:91:c5 |
Snort Alerts
No Snort Alerts