Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| outlook.com | 40.97.164.146 | |
| outlook.office365.com |
CNAME
outlook.ha.office365.com
|
40.100.52.18 |
| www.outlook.com |
CNAME
outlook.ha.office365.com
CNAME
outlook.office365.com
|
40.101.144.98 |
- TCP Requests
-
-
192.168.56.103:49182 40.100.48.82:443www.outlook.com
-
192.168.56.103:49181 40.100.49.2:443outlook.office365.com
-
192.168.56.103:49179 40.100.49.34:443www.outlook.com
-
192.168.56.103:49180 40.100.49.34:443www.outlook.com
-
192.168.56.103:49176 40.97.161.50:443outlook.com
-
192.168.56.103:49177 40.97.161.50:443outlook.com
-
- UDP Requests
-
-
192.168.56.103:53498 164.124.101.2:53
-
192.168.56.103:53893 164.124.101.2:53
-
192.168.56.103:56357 164.124.101.2:53
-
192.168.56.103:58465 164.124.101.2:53
-
192.168.56.103:63128 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:49168 239.255.255.250:1900
-
192.168.56.103:49170 239.255.255.250:3702
-
192.168.56.103:49172 239.255.255.250:3702
-
192.168.56.103:49174 239.255.255.250:3702
-
GET
301
https://outlook.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
REQUEST
RESPONSE
BODY
GET /tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: outlook.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Location: https://www.outlook.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
Server: Microsoft-IIS/10.0
request-id: d07d7f53-0b16-57f1-8c4a-a631aedc2c21
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: MWHPR11CA0028
X-RequestId: 63c1db8e-2caa-4063-a6c9-304525b00820
MS-CV: U3990BYL8VeMSqYxrtwsIQ.0
X-Powered-By: ASP.NET
X-FEServer: MWHPR11CA0028
Date: Tue, 10 Aug 2021 12:30:05 GMT
Connection: close
Content-Length: 0
GET
301
https://outlook.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
REQUEST
RESPONSE
BODY
GET /tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: outlook.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Location: https://www.outlook.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
Server: Microsoft-IIS/10.0
request-id: bb504cf0-8c53-88b1-0027-4d56f59ad885
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: MWHPR11CA0028
X-RequestId: aad8d37b-ea51-4216-ba48-7541ec4f8326
MS-CV: 8ExQu1OMsYgAJ01W9ZrYhQ.0
X-Powered-By: ASP.NET
X-FEServer: MWHPR11CA0028
Date: Tue, 10 Aug 2021 12:30:05 GMT
Connection: close
Content-Length: 0
GET
301
https://www.outlook.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
REQUEST
RESPONSE
BODY
GET /tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: www.outlook.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Location: https://outlook.office365.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
Server: Microsoft-IIS/10.0
request-id: ec613c1b-ede4-7e95-1139-894e13f850b7
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: SL2P216CA0027
X-RequestId: c39e1389-c170-4beb-9dca-1e8baacc4460
MS-CV: Gzxh7OTtlX4ROYlOE/hQtw.0
X-Powered-By: ASP.NET
X-FEServer: SL2P216CA0027
Date: Tue, 10 Aug 2021 12:30:05 GMT
Connection: close
Content-Length: 0
GET
301
https://www.outlook.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
REQUEST
RESPONSE
BODY
GET /tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: www.outlook.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Location: https://outlook.office365.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
Server: Microsoft-IIS/10.0
request-id: 9065f3e0-f741-429e-b34e-864acc6477ee
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: SL2P216CA0032
X-RequestId: 95c6f66f-e47d-48da-8127-4394590c38b3
MS-CV: 4PNlkEH3nkKzToZKzGR37g.0
X-Powered-By: ASP.NET
X-FEServer: SL2P216CA0032
Date: Tue, 10 Aug 2021 12:30:05 GMT
Connection: close
Content-Length: 0
GET
404
https://outlook.office365.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
REQUEST
RESPONSE
BODY
GET /tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: outlook.office365.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 1245
Content-Type: text/html
Server: Microsoft-IIS/10.0
request-id: 4b772016-569b-7f17-924f-d8d245f7479e
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-CalculatedBETarget: SL2P216MB0154.KORP216.PROD.OUTLOOK.COM
X-BackEndHttpStatus: 404
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 404
MS-CV: FiB3S5tWF3+ST9jSRfdHng.1
X-Powered-By: ASP.NET
X-FEServer: SLXP216CA0065
Date: Tue, 10 Aug 2021 12:30:05 GMT
GET
404
https://outlook.office365.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw
REQUEST
RESPONSE
BODY
GET /tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Host: outlook.office365.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 1245
Content-Type: text/html
Server: Microsoft-IIS/10.0
request-id: 3df895bf-038b-4ce0-1e30-4a4a41640425
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-CalculatedFETarget: PS2PR06CU001.internal.outlook.com
X-BackEndHttpStatus: 404
X-FEProxyInfo: PS2PR06CA0011.APCPRD06.PROD.OUTLOOK.COM
X-CalculatedBETarget: PSXP216MB0470.KORP216.PROD.OUTLOOK.COM
X-BackEndHttpStatus: 404
X-RUM-Validated: 1
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 404
MS-CV: v5X4PYsD4EweMEpKQWQEJQ.1.1
X-FEServer: PS2PR06CA0011
X-Powered-By: ASP.NET
X-FEServer: SL2P216CA0009
Date: Tue, 10 Aug 2021 12:30:05 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49179 40.100.49.34:443 |
C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com | 8e:59:43:4e:03:70:3d:5a:f5:34:42:24:da:21:81:05:01:b1:20:6e |
|
TLSv1 192.168.56.103:49176 40.97.161.50:443 |
C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com | 0a:e2:86:8c:39:3d:57:df:34:f1:c2:be:9b:32:aa:f6:6e:76:42:5a |
|
TLSv1 192.168.56.103:49180 40.100.49.34:443 |
C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com | 8e:59:43:4e:03:70:3d:5a:f5:34:42:24:da:21:81:05:01:b1:20:6e |
|
TLSv1 192.168.56.103:49177 40.97.161.50:443 |
C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com | 0a:e2:86:8c:39:3d:57:df:34:f1:c2:be:9b:32:aa:f6:6e:76:42:5a |
|
TLSv1 192.168.56.103:49181 40.100.49.2:443 |
C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com | 8e:59:43:4e:03:70:3d:5a:f5:34:42:24:da:21:81:05:01:b1:20:6e |
|
TLSv1 192.168.56.103:49182 40.100.48.82:443 |
C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com | 8e:59:43:4e:03:70:3d:5a:f5:34:42:24:da:21:81:05:01:b1:20:6e |
Snort Alerts
No Snort Alerts