Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| mail.timextradingplc.com |
CNAME
timextradingplc.com
|
162.221.189.194 |
| apps.identrust.com |
CNAME
identrust.edgesuite.net
CNAME
a1952.dscq.akamai.net
|
23.67.53.17 |
| api.ipify.org |
CNAME
api4.ipify.org
|
173.231.16.76 |
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Mon, 21 Aug 2023 22:08:28 GMT
ETag: "37d-603761e33cf00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 23 Aug 2023 23:39:55 GMT
Date: Wed, 23 Aug 2023 22:39:55 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 64.185.227.156:443 -> 192.168.56.103:49165 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 162.221.189.194:587 -> 192.168.56.103:49166 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
| TCP 192.168.56.103:49165 -> 64.185.227.156:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49166 -> 162.221.189.194:587 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49166 162.221.189.194:587 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.timextradingplc.com | 65:62:bb:2f:d0:8d:d0:59:39:56:e6:51:4f:7c:55:4a:0f:87:f6:54 |
Snort Alerts
No Snort Alerts