Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 121.254.136.27 | Active | Moloch |
| 142.250.204.106 | Active | Moloch |
| 142.250.206.195 | Active | Moloch |
| 142.250.66.68 | Active | Moloch |
| 142.250.66.99 | Active | Moloch |
| 142.251.130.10 | Active | Moloch |
| 142.251.220.35 | Active | Moloch |
| 142.251.220.36 | Active | Moloch |
| 142.251.222.195 | Active | Moloch |
| 151.101.1.91 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 172.217.24.78 | Active | Moloch |
- TCP Requests
-
-
192.168.56.101:49166 121.254.136.27:80apps.identrust.com
-
192.168.56.101:49162 142.250.204.106:443translate.googleapis.com
-
192.168.56.101:49173 142.250.206.195:443fonts.gstatic.com
-
192.168.56.101:49165 142.250.66.68:443www.google.com
-
192.168.56.101:49178 142.250.66.99:443www.gstatic.com
-
192.168.56.101:49168 142.251.130.10:443fonts.googleapis.com
-
192.168.56.101:49169 142.251.220.35:443www.gstatic.com
-
192.168.56.101:49170 142.251.220.35:443www.gstatic.com
-
192.168.56.101:49171 142.251.220.35:443www.gstatic.com
-
192.168.56.101:49167 142.251.220.36:443www.google.com
-
192.168.56.101:49175 142.251.220.36:443www.google.com
-
192.168.56.101:49163 142.251.222.195:443clientservices.googleapis.com
-
192.168.56.101:49164 151.101.1.91:443curl.se
-
192.168.56.101:49174 172.217.24.78:443apis.google.com
-
- UDP Requests
-
-
192.168.56.101:52753 164.124.101.2:53
-
192.168.56.101:52797 164.124.101.2:53
-
192.168.56.101:52815 164.124.101.2:53
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:58297 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:5353 224.0.0.251:5353
-
192.168.56.101:52756 239.255.255.250:1900
-
192.168.56.101:53852 239.255.255.250:1900
-
192.168.56.101:58299 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.101:52797
-
192.168.56.103:137 192.168.56.101:137
-
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 29 May 2023 05:42:58 GMT
Date: Mon, 29 May 2023 04:42:58 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 29 May 2023 05:42:58 GMT
Date: Mon, 29 May 2023 04:42:58 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49167 142.251.220.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 48:e3:15:66:fc:ea:15:bf:d2:34:c1:dd:60:d4:23:a3:63:57:89:8d |
|
TLS 1.2 192.168.56.101:49164 151.101.1.91:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=curl.se | c4:67:83:02:bd:d2:15:48:6a:86:15:b8:4a:9e:48:fa:81:8c:00:02 |
|
TLS 1.2 192.168.56.101:49174 172.217.24.78:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.apis.google.com | 4f:ff:c8:c8:21:72:d7:61:54:72:75:ea:84:95:ad:f2:71:2f:c6:33 |
|
TLS 1.2 192.168.56.101:49168 142.251.130.10:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 5f:ac:74:e6:97:66:cd:d0:f1:ea:0d:01:37:89:65:2e:98:22:84:6c |
|
TLS 1.2 192.168.56.101:49169 142.251.220.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49163 142.251.222.195:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 5f:ac:74:e6:97:66:cd:d0:f1:ea:0d:01:37:89:65:2e:98:22:84:6c |
|
TLS 1.2 192.168.56.101:49162 142.250.204.106:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 5f:ac:74:e6:97:66:cd:d0:f1:ea:0d:01:37:89:65:2e:98:22:84:6c |
|
TLS 1.2 192.168.56.101:49171 142.251.220.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49170 142.251.220.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49178 142.250.66.99:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49173 142.250.206.195:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
|
TLS 1.2 192.168.56.101:49175 142.251.220.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 48:e3:15:66:fc:ea:15:bf:d2:34:c1:dd:60:d4:23:a3:63:57:89:8d |
|
UNDETERMINED 192.168.56.101:49165 142.250.66.68:443 |
None | None | None |
Snort Alerts
No Snort Alerts