Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| get.adobe.com |
CNAME
get.wip4.adobe.com
|
193.104.215.66 |
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61480 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://get.adobe.com/reader/webservices/adm/?cname=readerdc_en_ka_install.exe&bname=readerdc&site=live&type=install&language=kr
REQUEST
RESPONSE
BODY
GET /reader/webservices/adm/?cname=readerdc_en_ka_install.exe&bname=readerdc&site=live&type=install&language=kr HTTP/1.1
Connection: Keep-Alive
User-Agent: AAM
Host: get.adobe.com
HTTP/1.1 200 OK
Date: Mon, 09 Aug 2021 08:13:15 GMT
Server: Apache
Content-Language: en-US
Cache-Control: private, no-store, no-cache
Content-Type: application/xml;charset=UTF-8
Set-Cookie: SETTINGS.LOCALE=en%5Fus; Domain=.adobe.com; Expires=Wed, 02-Aug-2051 08:13:15 GMT; Path=/; HttpOnly
Connection: close
Strict-Transport-Security: max-age=53824347; includeSubDomain
Vary: Accept-Encoding
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49201 -> 192.147.130.63:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49201 192.147.130.63:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Jose, O=Adobe Inc., CN=get.adobe.com | 05:d9:ed:4e:4e:df:9e:c6:d3:f9:e3:93:de:3c:cf:6b:d1:57:a3:20 |
Snort Alerts
No Snort Alerts