来自我的计算机的未知 https 调用

Question

我从 Fiddler 捕获了奇怪的通话记录。

重复调用。

我用几个关键词搜索了一下，没有任何线索。

有人知道吗？

CNT https://1 CON 216 上下文：公元前 67 年最后消息 ID：0

------------------------------------------------------------------

CNT https://1 CON 231
Context: 6402
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 61ce
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 5dc2
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 5be6
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 581c
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 5642
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 52bd
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 5156
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 4da3
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 4cce
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 4912
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 48c3
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 4510
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 44f3
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 4171
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 4164
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 3e64
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 3e5e
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 3bee
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 3bee
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 39e7
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

CNT https://1 CON 216
Context: 39e7
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 216
Context: 39dd
Last-Msg-Id: 0




------------------------------------------------------------------

CNT https://1 CON 231
Context: 39dd
Last-Msg-Id: 159d428c446a5b3e




------------------------------------------------------------------

Answer 1

是的，我以前见过这个，来自 Windows Explorer 进程。它是无害的，但基本上发生的事情是客户端试图通过 HTTPS 代理隧道发送非 HTTP 流量，并且由于它不是合法的 HTTPS 流量，您会收到屏幕截图中显示的奇怪解析错误。

遗憾的是，我不记得我关于具体 Windows 功能导致此问题的发现。请参阅 https://github.com/cvandeplas/plaso/blob/master/test_data/skydriveerr.log 处的 wnpconnmanager.cpp 备注，也许这是来自 Windows 通知服务？

来自我的计算机的未知 https 调用

Unknown https call from my computer

https

http

fiddler