Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
119.207.65.137 |
| mail.obrascsm.com | 91.134.184.195 |
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 16 Aug 2022 02:24:55 GMT
Date: Tue, 16 Aug 2022 01:24:55 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 91.134.184.195:587 -> 192.168.56.103:49164 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
| TCP 192.168.56.103:49164 -> 91.134.184.195:587 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49164 91.134.184.195:587 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.mjbeldawebholding.com | 0e:26:cf:9a:1e:e1:c3:df:0c:c9:d7:51:53:f3:d9:57:ba:3d:5d:16 |
Snort Alerts
No Snort Alerts