Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.216.159.9 |
| dl.uploadgram.me | 176.9.247.226 |
- TCP Requests
-
-
185.117.90.36:443 192.168.56.101:49172
-
185.117.90.36:443 192.168.56.101:49174
-
185.117.90.36:443 192.168.56.101:49175
-
185.117.90.36:443 192.168.56.101:49176
-
185.117.90.36:443 192.168.56.101:49177
-
185.117.90.36:443 192.168.56.101:49178
-
185.117.90.36:443 192.168.56.101:49179
-
192.168.56.101:49167 176.9.247.226:443dl.uploadgram.me
-
192.168.56.101:49168 23.206.175.43:80apps.identrust.com
-
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT
ETag: "37d-5cf84cd446e80"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 05 Nov 2021 01:20:08 GMT
Date: Fri, 05 Nov 2021 00:20:08 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49167 -> 176.9.247.226:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49167 176.9.247.226:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=uploadgram.me | b2:25:53:b6:35:cf:e0:82:94:71:7e:9b:4b:9e:b8:fd:35:04:ec:cb |
Snort Alerts
No Snort Alerts