Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| cacerts.digicert.com |
CNAME
crl.edge.digicert.com
CNAME
e3913.cd.akamaiedge.net
|
118.214.79.16 |
GET
200
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
REQUEST
RESPONSE
BODY
| : | GET /DigiCertGlobalRootG2.crt HTTP/1.1 |
| Connection: | Keep-Alive |
| Accept: | */* |
| User-Agent: | Microsoft-CryptoAPI/6.1 |
| Host: | cacerts.digicert.com |
| : | HTTP/1.1 200 OK |
| Last-Modified: | Wed, 06 Dec 2017 21 |
| ETag: | "5a286417-392" |
| Content-Type: | application/pkix-cert |
| Content-Length: | 914 |
| Accept-Ranges: | bytes |
| Cache-Control: | public, max-age=117655 |
| Expires: | Thu, 17 Apr 2025 23 |
| Date: | Wed, 16 Apr 2025 15 |
| Connection: | keep-alive |
| Server-Timing: | cdn-cache; desc=HIT |
| Server-Timing: | edge; dur=1 |
| Akamai-GRN: | 0.de3a6f3d.1744815863.68e84c7c |
| Server-Timing: | ak_p; desc="1744815863131_1030699742_1760054396_15_1052_2_0_-";dur=1 |
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49172 -> 52.239.160.33:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49170 -> 52.239.160.33:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49172 52.239.160.33:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.web.core.windows.net | 22:d9:a8:14:ff:86:7a:4b:f0:95:ea:b0:9f:c1:b5:62:6b:b0:62:a9 |
|
TLSv1 192.168.56.103:49170 52.239.160.33:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.web.core.windows.net | 22:d9:a8:14:ff:86:7a:4b:f0:95:ea:b0:9f:c1:b5:62:6b:b0:62:a9 |
Snort Alerts
No Snort Alerts
