Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| apps.identrust.com |
CNAME
identrust.edgesuite.net
CNAME
a1952.dscq.akamai.net
|
221.161.198.19 |
| archive.torproject.org | 159.69.63.226 | |
| api.telegram.org | 149.154.167.220 | |
| ip-api.com | 208.95.112.1 |
- TCP Requests
-
-
192.168.56.103:49183 149.154.167.220:443api.telegram.org
-
192.168.56.103:49184 149.154.167.220:443api.telegram.org
-
192.168.56.103:49185 149.154.167.220:443api.telegram.org
-
192.168.56.103:49186 149.154.167.220:443api.telegram.org
-
192.168.56.103:49187 149.154.167.220:443api.telegram.org
-
192.168.56.103:49188 149.154.167.220:443api.telegram.org
-
192.168.56.103:49189 149.154.167.220:443api.telegram.org
-
192.168.56.103:49190 149.154.167.220:443api.telegram.org
-
192.168.56.103:49191 149.154.167.220:443api.telegram.org
-
192.168.56.103:49192 149.154.167.220:443api.telegram.org
-
192.168.56.103:49193 149.154.167.220:443api.telegram.org
-
192.168.56.103:49194 149.154.167.220:443api.telegram.org
-
192.168.56.103:49195 149.154.167.220:443api.telegram.org
-
192.168.56.103:49196 149.154.167.220:443api.telegram.org
-
192.168.56.103:49197 149.154.167.220:443api.telegram.org
-
192.168.56.103:49198 149.154.167.220:443api.telegram.org
-
192.168.56.103:49199 149.154.167.220:443api.telegram.org
-
192.168.56.103:49200 149.154.167.220:443api.telegram.org
-
192.168.56.103:49201 149.154.167.220:443api.telegram.org
-
192.168.56.103:49202 149.154.167.220:443api.telegram.org
-
192.168.56.103:49203 149.154.167.220:443api.telegram.org
-
192.168.56.103:49204 149.154.167.220:443api.telegram.org
-
192.168.56.103:49205 149.154.167.220:443api.telegram.org
-
192.168.56.103:49206 149.154.167.220:443api.telegram.org
-
192.168.56.103:49207 149.154.167.220:443api.telegram.org
-
192.168.56.103:49208 149.154.167.220:443api.telegram.org
-
192.168.56.103:49209 149.154.167.220:443api.telegram.org
-
192.168.56.103:49181 159.69.63.226:443archive.torproject.org
-
192.168.56.103:49180 208.95.112.1:80ip-api.com
-
192.168.56.103:49182 221.161.198.16:80apps.identrust.com
-
192.168.56.103:49171 94.142.138.219:20936
-
- UDP Requests
GET
200
http://ip-api.com/line?fields=query
REQUEST
RESPONSE
BODY
GET /line?fields=query HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 23:52:41 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 16
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 15 May 2023 00:52:56 GMT
Date: Sun, 14 May 2023 23:52:56 GMT
Connection: keep-alive
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.103 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49181 159.69.63.226:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=archive.torproject.org | 46:76:9d:7a:fb:c3:cf:f3:94:13:39:40:2e:98:0c:2a:7a:3a:ff:f1 |
Snort Alerts
No Snort Alerts