Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
119.207.65.74 |
| www.onlinedocpage.org | 149.28.162.113 |
- UDP Requests
-
-
192.168.56.102:52062 164.124.101.2:53
-
192.168.56.102:52336 164.124.101.2:53
-
192.168.56.102:64034 164.124.101.2:53
-
192.168.56.102:64995 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49164 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
404
https://www.onlinedocpage.org/FcsDjkkPVjEsM6htE+uWxoDY7HoSX64xIHgNAoq6SF4=
REQUEST
RESPONSE
BODY
GET /FcsDjkkPVjEsM6htE+uWxoDY7HoSX64xIHgNAoq6SF4= HTTP/1.1
Accept: */*
Accept-Language: ko-KR
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MARKANYEPS#25118)
Host: www.onlinedocpage.org
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Wed, 13 Oct 2021 08:46:00 GMT
Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/5.6.40
X-Powered-By: PHP/5.6.40
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Thu, 02 Sep 2021 15:44:03 GMT
ETag: "37d-5cb050d5c96c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 13 Oct 2021 09:45:49 GMT
Date: Wed, 13 Oct 2021 08:45:49 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Thu, 02 Sep 2021 15:44:03 GMT
ETag: "37d-5cb050d5c96c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 13 Oct 2021 09:45:49 GMT
Date: Wed, 13 Oct 2021 08:45:49 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Thu, 02 Sep 2021 15:44:03 GMT
ETag: "37d-5cb050d5c96c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 13 Oct 2021 09:46:00 GMT
Date: Wed, 13 Oct 2021 08:46:00 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Thu, 02 Sep 2021 15:44:03 GMT
ETag: "37d-5cb050d5c96c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 13 Oct 2021 09:46:00 GMT
Date: Wed, 13 Oct 2021 08:46:00 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49172 -> 149.28.162.113:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49168 -> 149.28.162.113:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49172 149.28.162.113:443 |
None | None | None |
|
TLSv1 192.168.56.102:49168 149.28.162.113:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=onlinedocpage.org | 9f:8c:c7:f8:24:f3:11:5a:90:96:ed:5a:f4:62:93:56:2a:4a:3e:32 |
Snort Alerts
No Snort Alerts