Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.216.159.81 |
rentry.co | 198.251.88.130 | |
www.google.com | 142.250.206.228 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:53853 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 01:02:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-03-20-01; expires=Wed, 19-Apr-2023 01:02:33 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=ARSKqsIGSxlGcD_vdsyMCDPOfFcPqFDZa6YgR3N5m6RIhB_Ar8oOmfN86X8; expires=Sat, 16-Sep-2023 01:02:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=u4B0ggMUNSIvJwfXkS1cAId7DsE3lljVMTULX_X4xXUvSu2eoA-5WBCkSwhQgF4SilZqvt4D8C7PqE8Lskk5rlixuKv5gxk97wQbpbQkR_6dbuAJ-7qTe9i4heG1Ti6TeK5L4ClXHh4VxosQYdeqtMkuqUfzpv8nPG7ZUK7QSDc; expires=Tue, 19-Sep-2023 01:02:33 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 20 Mar 2023 02:02:45 GMT
Date: Mon, 20 Mar 2023 01:02:45 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49168 -> 198.251.88.130:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49164 -> 142.250.204.68:80 | 2036303 | ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check | A Network Trojan was detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.101:49168 198.251.88.130:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=rentry.co | 59:bb:b9:be:2b:22:60:a5:a0:3a:54:7b:18:79:ab:d7:d5:a5:ec:cc |
Snort Alerts
No Snort Alerts