My TLS client initiate an unexpected ClientHello to a domain

asked 2018-10-09 14:12:42 +0000

anonymous user


updated 2018-10-09 14:14:02 +0000

I am conducting a TLS scanning for a set of domain names. I tried to monitor the client's behaviour using WireShark. I find strange connection initiated from my client in a ClientHello (I made sure from this point as I know my custom set of ciphersuites) to a domain not in my list. This is the source and dest. after anonymizing the source IP and name. I am gussing this can be normal due to CDNs like cloudflare etc.

Can an expert confirms this is ok? to see connections (several cases there) to a domain not in my list as the following:

Src,Dest.,Protocol,Length,Info ,,TLSv1.2, 233 Client Hello

Please, advise. Is this a problem? attack that is taking over my computer and initiates outgoing connections from my PC? or normal?

edit retag flag offensive close merge delete