Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ardownload3.adobe.com |
CNAME
a1818.dscd.akamai.net
|
23.216.159.128 |
| ardownload.adobe.com |
CNAME
a1953.dscd.akamai.net
|
23.216.159.145 |
| acroipm2.adobe.com |
CNAME
a122.dscd.akamai.net
|
23.216.159.139 |
- TCP Requests
-
-
192.168.56.103:49183 23.192.45.96:80ardownload.adobe.com
-
192.168.56.103:49168 23.212.12.57:443
-
192.168.56.103:49164 23.74.15.25:80acroipm2.adobe.com
-
192.168.56.103:49165 23.74.15.25:80acroipm2.adobe.com
-
192.168.56.103:49166 23.74.15.25:80acroipm2.adobe.com
-
192.168.56.103:49167 23.74.15.25:80acroipm2.adobe.com
-
192.168.56.103:49177 23.74.15.34:443ardownload3.adobe.com
-
192.168.56.103:49178 23.74.15.34:443ardownload3.adobe.com
-
192.168.56.103:49179 23.74.15.34:443ardownload3.adobe.com
-
192.168.56.103:49180 23.74.15.34:443ardownload3.adobe.com
-
192.168.56.103:49181 23.74.15.34:443ardownload3.adobe.com
-
- UDP Requests
-
-
192.168.56.103:49658 164.124.101.2:53
-
192.168.56.103:52031 164.124.101.2:53
-
192.168.56.103:53556 164.124.101.2:53
-
192.168.56.103:59302 164.124.101.2:53
-
192.168.56.103:65460 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:53559 239.255.255.250:1900
-
HEAD
200
https://armmf.adobe.com/arm-manifests/win/ReaderDCManifest3.msi
REQUEST
RESPONSE
BODY
HEAD /arm-manifests/win/ReaderDCManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Jul 2021 12:36:47 GMT
ETag: "4e00-5c82e3d685477"
Accept-Ranges: bytes
Content-Length: 19968
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:23:48 GMT
Connection: keep-alive
HEAD
200
https://armmf.adobe.com/arm-manifests/win/ReaderDCManifest3.msi
REQUEST
RESPONSE
BODY
HEAD /arm-manifests/win/ReaderDCManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Jul 2021 12:36:47 GMT
ETag: "4e00-5c82e3d685477"
Accept-Ranges: bytes
Content-Length: 19968
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:23:57 GMT
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-manifests/win/ReaderDCManifest3.msi
REQUEST
RESPONSE
BODY
GET /arm-manifests/win/ReaderDCManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 28 Jul 2021 12:36:47 GMT
Range: bytes=0-5421
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Wed, 28 Jul 2021 12:36:47 GMT
ETag: "4e00-5c82e3d685477"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:10 GMT
Content-Range: bytes 0-5421/19968
Content-Length: 5422
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-manifests/win/ReaderDCManifest3.msi
REQUEST
RESPONSE
BODY
GET /arm-manifests/win/ReaderDCManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 28 Jul 2021 12:36:47 GMT
Range: bytes=5422-12743
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Wed, 28 Jul 2021 12:36:47 GMT
ETag: "4e00-5c82e3d685477"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:14 GMT
Content-Range: bytes 5422-12743/19968
Content-Length: 7322
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-manifests/win/ReaderDCManifest3.msi
REQUEST
RESPONSE
BODY
GET /arm-manifests/win/ReaderDCManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 28 Jul 2021 12:36:47 GMT
Range: bytes=12744-19967
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Wed, 28 Jul 2021 12:36:47 GMT
ETag: "4e00-5c82e3d685477"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:16 GMT
Content-Range: bytes 12744-19967/19968
Content-Length: 7224
Connection: keep-alive
HEAD
200
https://armmf.adobe.com/arm-manifests/win/ArmManifest3.msi
REQUEST
RESPONSE
BODY
HEAD /arm-manifests/win/ArmManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:45 GMT
ETag: "3000-5bae63b6693bb"
Accept-Ranges: bytes
Content-Length: 12288
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:46 GMT
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-manifests/win/ArmManifest3.msi
REQUEST
RESPONSE
BODY
GET /arm-manifests/win/ArmManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Feb 2021 12:14:45 GMT
Range: bytes=0-8990
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:45 GMT
ETag: "3000-5bae63b6693bb"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:46 GMT
Content-Range: bytes 0-8990/12288
Content-Length: 8991
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-manifests/win/ArmManifest3.msi
REQUEST
RESPONSE
BODY
GET /arm-manifests/win/ArmManifest3.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Feb 2021 12:14:45 GMT
Range: bytes=8991-12287
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:45 GMT
ETag: "3000-5bae63b6693bb"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:48 GMT
Content-Range: bytes 8991-12287/12288
Content-Length: 3297
Connection: keep-alive
HEAD
200
https://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi
REQUEST
RESPONSE
BODY
HEAD /arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:46 GMT
ETag: "102000-5bae63b7b8063"
Accept-Ranges: bytes
Content-Length: 1056768
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:50 GMT
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi
REQUEST
RESPONSE
BODY
GET /arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Feb 2021 12:14:46 GMT
Range: bytes=0-38972
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:46 GMT
ETag: "102000-5bae63b7b8063"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:50 GMT
Content-Range: bytes 0-38972/1056768
Content-Length: 38973
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi
REQUEST
RESPONSE
BODY
GET /arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Feb 2021 12:14:46 GMT
Range: bytes=38973-124254
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:46 GMT
ETag: "102000-5bae63b7b8063"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:51 GMT
Content-Range: bytes 38973-124254/1056768
Content-Length: 85282
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi
REQUEST
RESPONSE
BODY
GET /arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Feb 2021 12:14:46 GMT
Range: bytes=124255-299440
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:46 GMT
ETag: "102000-5bae63b7b8063"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:52 GMT
Content-Range: bytes 124255-299440/1056768
Content-Length: 175186
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi
REQUEST
RESPONSE
BODY
GET /arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Feb 2021 12:14:46 GMT
Range: bytes=299441-652674
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:46 GMT
ETag: "102000-5bae63b7b8063"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:53 GMT
Content-Range: bytes 299441-652674/1056768
Content-Length: 353234
Connection: keep-alive
GET
206
https://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi
REQUEST
RESPONSE
BODY
GET /arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 Feb 2021 12:14:46 GMT
Range: bytes=652675-1056767
User-Agent: Microsoft BITS/7.5
Host: armmf.adobe.com
HTTP/1.1 206 Partial Content
Server: Apache
Last-Modified: Tue, 09 Feb 2021 12:14:46 GMT
ETag: "102000-5bae63b7b8063"
Accept-Ranges: bytes
Content-Type: application/x-msi
Date: Mon, 09 Aug 2021 13:24:54 GMT
Content-Range: bytes 652675-1056767/1056768
Content-Length: 404093
Connection: keep-alive
GET
304
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
REQUEST
RESPONSE
BODY
GET /20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip HTTP/1.1
Accept: */*
If-Modified-Since: Sun, 08 Aug 2021 13:23:24 GMT
User-Agent: IPM
Host: acroipm2.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 304 Not Modified
Content-Type: application/zip
Last-Modified: Thu, 12 Mar 2020 05:49:49 GMT
Cache-Control: max-age=900
Expires: Mon, 09 Aug 2021 13:38:33 GMT
Date: Mon, 09 Aug 2021 13:23:33 GMT
Connection: keep-alive
GET
304
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
REQUEST
RESPONSE
BODY
GET /20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip HTTP/1.1
Accept: */*
If-Modified-Since: Sun, 08 Aug 2021 13:23:24 GMT
User-Agent: IPM
Host: acroipm2.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 304 Not Modified
Content-Type: application/zip
Last-Modified: Thu, 12 Mar 2020 05:56:14 GMT
Cache-Control: max-age=900
Expires: Mon, 09 Aug 2021 13:38:33 GMT
Date: Mon, 09 Aug 2021 13:23:33 GMT
Connection: keep-alive
GET
304
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
REQUEST
RESPONSE
BODY
GET /20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip HTTP/1.1
Accept: */*
If-Modified-Since: Sun, 08 Aug 2021 13:23:24 GMT
User-Agent: IPM
Host: acroipm2.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 304 Not Modified
Content-Type: application/zip
Last-Modified: Thu, 12 Mar 2020 05:54:03 GMT
Cache-Control: max-age=900
Expires: Mon, 09 Aug 2021 13:38:33 GMT
Date: Mon, 09 Aug 2021 13:23:33 GMT
Connection: keep-alive
GET
304
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
REQUEST
RESPONSE
BODY
GET /20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip HTTP/1.1
Accept: */*
If-Modified-Since: Sun, 08 Aug 2021 13:23:24 GMT
User-Agent: IPM
Host: acroipm2.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 304 Not Modified
Content-Type: application/zip
Last-Modified: Thu, 12 Mar 2020 05:47:50 GMT
Cache-Control: max-age=900
Expires: Mon, 09 Aug 2021 13:38:33 GMT
Date: Mon, 09 Aug 2021 13:23:33 GMT
Connection: keep-alive
GET
200
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/2100520060/AcroRdrDCUpd2100520060_MUI.msp
REQUEST
RESPONSE
BODY
GET /pub/adobe/reader/win/AcrobatDC/2100520060/AcroRdrDCUpd2100520060_MUI.msp HTTP/1.1
User-Agent: ARM WinINet Downloader
Host: ardownload.adobe.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 28 Jul 2021 10:44:11 GMT
ETag: "88b3000-5c82caab23bb7"
Accept-Ranges: bytes
Content-Length: 143339520
Content-Type: application/microsoftpatch
Date: Mon, 09 Aug 2021 13:24:19 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49180 -> 23.74.15.34:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49168 -> 23.212.12.57:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 23.74.15.34:443 -> 192.168.56.103:49178 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.103:49179 -> 23.74.15.34:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 23.74.15.34:443 -> 192.168.56.103:49181 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.103:49177 -> 23.74.15.34:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49168 23.212.12.57:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=San Jose, O=Adobe Inc, CN=*.adobe.com | 34:65:16:66:1c:13:4a:0f:09:e2:e7:a8:54:c8:fc:ad:48:e8:ce:89 |
Snort Alerts
No Snort Alerts