Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| self.events.data.microsoft.com | 20.189.173.3 | |
| msedge.api.cdp.microsoft.com |
CNAME
api.cdp.microsoft.com
|
20.114.58.89 |
| msedge.f.tlu.dl.delivery.mp.microsoft.com |
CNAME
a1847.dscd.akamai.net
|
199.232.214.172 |
| config.edge.skype.com |
CNAME
l-0007.l-msedge.net
CNAME
l-0007.config.skype.com
|
52.123.254.33 |
- TCP Requests
-
-
192.168.56.101:49180 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49181 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49182 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49183 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49188 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49189 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49191 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49192 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49205 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49206 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49209 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49210 13.107.42.16:443config.edge.skype.com
-
192.168.56.101:49204 13.89.179.9:443self.events.data.microsoft.com
-
192.168.56.101:49207 13.89.179.9:443self.events.data.microsoft.com
-
192.168.56.101:49208 13.89.179.9:443self.events.data.microsoft.com
-
192.168.56.101:49211 13.89.179.9:443self.events.data.microsoft.com
-
192.168.56.101:49198 13.95.26.4:443msedge.api.cdp.microsoft.com
-
192.168.56.101:49199 23.56.109.165:80msedge.f.tlu.dl.delivery.mp.microsoft.com
-
192.168.56.101:49178 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49184 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49185 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49186 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49187 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49190 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49193 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49194 51.104.15.252:443self.events.data.microsoft.com
-
192.168.56.101:49195 51.104.15.252:443self.events.data.microsoft.com
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:53853 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:61950
-
8.8.8.8:53 192.168.56.101:52815
-
8.8.8.8:53 192.168.56.101:54883
-
POST
200
https://msedge.api.cdp.microsoft.com/api/v1.1/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/latest?action=select
REQUEST
RESPONSE
BODY
POST /api/v1.1/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/latest?action=select HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/json
User-Agent: Microsoft Edge Update/1.3.153.53;winhttp
X-Old-UID: cnt=0
MS-CorrelationId: {096747B4-EC8B-4600-8235-A99E9BCDACA8}
MS-RequestId: {87B28B77-C5D1-4BA4-BEBD-C3F1EC6445C3}
MS-CV: tEdnCYvsAEaCNamem82sqA.0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 648
Host: msedge.api.cdp.microsoft.com
HTTP/1.1 200 OK
Content-Length: 101
Content-Type: text/plain; charset=utf-8
Content-Type: application/json; charset=utf-8
Date: Wed, 05 Jun 2024 14:18:23 GMT
ETag: "bQBzAGUAZABnAGUAdwBlAGIAdgBpAGUAdwAtAHMAdABhAGIAbABlAC0AdwBpAG4ALQB4ADYANAAxADIANQAuADAALgAyADUAMwA1AC4AOAA1AA=="
MS-CorrelationId: 096747b4-ec8b-4600-8235-a99e9bcdaca8
MS-RequestId: 87b28b77-c5d1-4ba4-bebd-c3f1ec6445c3
MS-CV: {096747B4-EC8B-4600-8235-A99E9BCDACA8}.0
POST
200
https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/125.0.2535.85/files?action=GenerateDownloadInfo&foregroundPriority=true
REQUEST
RESPONSE
BODY
POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/125.0.2535.85/files?action=GenerateDownloadInfo&foregroundPriority=true HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/json
User-Agent: Microsoft Edge Update/1.3.153.53;winhttp
X-Old-UID: cnt=0
MS-CorrelationId: {096747B4-EC8B-4600-8235-A99E9BCDACA8}
MS-RequestId: {0B1157F0-ABCE-40C8-A1A0-129881A55F5F}
MS-CV: tEdnCYvsAEaCNamem82sqA.1
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 2
Host: msedge.api.cdp.microsoft.com
HTTP/1.1 200 OK
Content-Length: 5346
Content-Type: text/plain; charset=utf-8
Content-Type: application/json; charset=utf-8
Date: Wed, 05 Jun 2024 14:18:26 GMT
MS-CorrelationId: 096747b4-ec8b-4600-8235-a99e9bcdaca8
MS-RequestId: 0b1157f0-abce-40c8-a1a0-129881a55f5f
MS-CV: {096747B4-EC8B-4600-8235-A99E9BCDACA8}.0
HEAD
200
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3c775e75-aff8-4af1-aede-7a5c0349aa0b?P1=1718201907&P2=404&P3=2&P4=WiuGZ5IY9kx3eECOliePn%2bZR2Oa2T%2fIA6AoadHbz1e2TomQPzt6zla8iSDn3KibvVKZ7rCsNDdx37Vncvson%2bw%3d%3d
REQUEST
RESPONSE
BODY
HEAD /filestreamingservice/files/3c775e75-aff8-4af1-aede-7a5c0349aa0b?P1=1718201907&P2=404&P3=2&P4=WiuGZ5IY9kx3eECOliePn%2bZR2Oa2T%2fIA6AoadHbz1e2TomQPzt6zla8iSDn3KibvVKZ7rCsNDdx37Vncvson%2bw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: msedge.f.tlu.dl.delivery.mp.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
ETag: "2O5rwW/vhGbCPNN02zL8j/CBMiA="
Last-Modified: Sat, 01 Jun 2024 21:02:06 GMT
MS-CorrelationId: c76675e0-0a49-4018-b72d-24d369ed5ef8
MS-CV: rY+yFxyBS0qsZDTxGgMP3A.0.1.1.6.1.1.1.0
MS-RequestId: 5255e23c-ed9c-4c28-883f-a6216d8ac376
Server: ECAcc (sac/2554)
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.3
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Content-Length: 173675576
Date: Wed, 05 Jun 2024 14:18:31 GMT
Connection: keep-alive
X-CID: 2
X-CCC: US
GET
200
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3c775e75-aff8-4af1-aede-7a5c0349aa0b?P1=1718201907&P2=404&P3=2&P4=WiuGZ5IY9kx3eECOliePn%2bZR2Oa2T%2fIA6AoadHbz1e2TomQPzt6zla8iSDn3KibvVKZ7rCsNDdx37Vncvson%2bw%3d%3d
REQUEST
RESPONSE
BODY
GET /filestreamingservice/files/3c775e75-aff8-4af1-aede-7a5c0349aa0b?P1=1718201907&P2=404&P3=2&P4=WiuGZ5IY9kx3eECOliePn%2bZR2Oa2T%2fIA6AoadHbz1e2TomQPzt6zla8iSDn3KibvVKZ7rCsNDdx37Vncvson%2bw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Sat, 01 Jun 2024 21:02:06 GMT
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: msedge.f.tlu.dl.delivery.mp.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 88826c97-1b11-45af-8847-d19d3110a75e
MS-CV: rY+yFxyBS0qsZDTxGgMP3A.0.1.1.6.1.1.2.0
MS-RequestId: 21028506-37aa-4b93-897e-154df255ff09
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.3
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Sat, 01 Jun 2024 21:02:06 GMT
ETag: "2O5rwW/vhGbCPNN02zL8j/CBMiA="
Content-Length: 173675576
Date: Wed, 05 Jun 2024 14:18:31 GMT
Connection: keep-alive
X-CID: 2
X-CCC: US
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
| Command | Params | Type |
|---|---|---|
| DIE | \x84=\xbf\x0f\x03\xf3%\xbe\xf7\x97\x9d\xc4$\xa9\xc42\x1cp\xfd\xcf,e\x9a\xc2\x07\xa8\x85:#U\x95 C\xab\xe2\xb1\x13\xe2\xee\x8f\x85\x14\xa3kZy\xc0\xe0aE\xfd\x81\x04\xdf\x06>c\x870k\xdc\x97\xa2 C\xbe\xbfN\xe1\xccrb\xd08\xec\xa2;b\xd6\x88\xa8\x96S;\xc1\xf1Z\xd6\x86M\xe4\xdeA\xbb\x9d\xccs\xc1L\x0c},\xffGx\xe2\xd4\x9b\xa4\xe3\xe1\x82\x98\xa0\x8c.oAp\xb5QZJ\x02\xf7A\xe7\xac4\xb3\xb2s\x1e!\x92'\xc3\x90d\x0cu\x1d\xff\x85^)\x95\xbed\xc0z\xdf\x15TRv\xcd[\xebX\xc02,\xa1\x8a^\x10\x1atb\x8d0\xaa\x87\xb7\xa2\x81\xe6\x9a\x19\x05\x04l9M.SP\xa0O\xfa\xeb\xd01\xbcd6\xe2\x91y\x10\xa5\xe7\x87\xc6CJ\xad\xe7g\xd9$\x1c\xd3cR\x19\x97g3^\xa7\x16\x8a\x17@y\xcfn\xec\x81i4\x96\xb8 | client |
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49180 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49183 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49189 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49188 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49191 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49181 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49198 13.95.26.4:443 |
C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 2.1 | C=US, ST=WA, L=Redmond, O=Microsoft, OU=DSP, CN=api.cdp.microsoft.com | ac:53:77:36:b6:a9:62:e6:d6:6d:ef:4e:92:bf:86:b0:5e:84:b8:e5 |
|
TLS 1.2 192.168.56.101:49182 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49192 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49206 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49209 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49210 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
|
TLS 1.2 192.168.56.101:49205 13.107.42.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.config.skype.com | 2a:d6:b5:27:8a:e8:2f:07:4f:9c:85:f1:4c:ee:95:0d:d3:0c:6b:a8 |
Snort Alerts
No Snort Alerts