Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.210.247.57 |
| stocks-army-malta-false.trycloudflare.com | 104.16.231.132 |
- TCP Requests
-
-
192.168.56.101:49169 104.16.230.132:443stocks-army-malta-false.trycloudflare.com
-
192.168.56.101:49170 104.16.230.132:443stocks-army-malta-false.trycloudflare.com
-
192.168.56.101:49191 104.16.230.132:443stocks-army-malta-false.trycloudflare.com
-
192.168.56.101:49192 104.16.230.132:443stocks-army-malta-false.trycloudflare.com
-
192.168.56.101:49197 117.18.232.200:80
-
192.168.56.101:49172 61.111.58.16:80apps.identrust.com
-
192.168.56.101:49193 61.111.58.16:80apps.identrust.com
-
192.168.56.101:49194 61.111.58.16:80apps.identrust.com
-
192.168.56.101:49173 61.111.58.34:80apps.identrust.com
-
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 12 Jun 2024 05:23:01 GMT
Date: Wed, 12 Jun 2024 04:23:01 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 12 Jun 2024 05:23:01 GMT
Date: Wed, 12 Jun 2024 04:23:01 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 12 Jun 2024 05:23:01 GMT
Date: Wed, 12 Jun 2024 04:23:01 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 12 Jun 2024 05:23:05 GMT
Date: Wed, 12 Jun 2024 04:23:05 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 12 Jun 2024 05:23:05 GMT
Date: Wed, 12 Jun 2024 04:23:05 GMT
Connection: keep-alive
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 12 Jun 2024 05:23:06 GMT
Date: Wed, 12 Jun 2024 04:23:06 GMT
Connection: keep-alive
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 17932
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Wed, 12 Jun 2024 04:24:00 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 17b72150-001e-0044-2f56-bce23f000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49170 -> 104.16.230.132:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49169 -> 104.16.230.132:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49191 -> 104.16.230.132:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2034552 | ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com) | Potentially Bad Traffic |
| TCP 192.168.56.101:49192 -> 104.16.230.132:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49169 104.16.230.132:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=trycloudflare.com | a3:f1:76:20:39:10:75:f8:d0:71:aa:22:34:05:7c:75:27:6a:51:4d |
|
TLSv1 192.168.56.101:49170 104.16.230.132:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=trycloudflare.com | a3:f1:76:20:39:10:75:f8:d0:71:aa:22:34:05:7c:75:27:6a:51:4d |
|
TLSv1 192.168.56.101:49191 104.16.230.132:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=trycloudflare.com | a3:f1:76:20:39:10:75:f8:d0:71:aa:22:34:05:7c:75:27:6a:51:4d |
|
TLSv1 192.168.56.101:49192 104.16.230.132:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=trycloudflare.com | a3:f1:76:20:39:10:75:f8:d0:71:aa:22:34:05:7c:75:27:6a:51:4d |
Snort Alerts
No Snort Alerts