Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| edgedl.me.gvt1.com | 34.104.35.123 | |
| plexic.xyz |
- UDP Requests
-
-
192.168.56.102:51319 164.124.101.2:53
-
192.168.56.102:57191 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61436 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49157 239.255.255.250:1900
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.32;winhttp
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: edgedl.me.gvt1.com
HTTP/1.1 200 OK
accept-ranges: bytes
content-disposition: attachment
content-length: 1310832
content-security-policy: default-src 'none'
content-type: application/octet-stream
etag: "9f6104"
last-modified: Tue, 13 Apr 2021 03:03:58 GMT
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Fri, 11 Jun 2021 02:13:03 GMT
age: 5858
alt-svc: h3=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49157 -> 172.217.31.238:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49159 -> 142.250.204.131:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49162 -> 142.250.204.131:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49161 -> 142.250.204.131:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 34.104.35.123:80 -> 192.168.56.102:49160 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 34.104.35.123:80 -> 192.168.56.102:49160 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49157 172.217.31.238:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | 57:fe:cc:b1:d0:ea:5d:b5:1b:1a:76:b0:7d:03:26:a4:8d:1f:90:83 |
|
TLS 1.2 192.168.56.102:49159 142.250.204.131:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | ce:0a:82:83:34:79:aa:42:c7:3b:4a:0e:fa:1e:98:31:b8:cf:3f:fb |
|
TLS 1.2 192.168.56.102:49162 142.250.204.131:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | ce:0a:82:83:34:79:aa:42:c7:3b:4a:0e:fa:1e:98:31:b8:cf:3f:fb |
|
TLS 1.2 192.168.56.102:49161 142.250.204.131:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | ce:0a:82:83:34:79:aa:42:c7:3b:4a:0e:fa:1e:98:31:b8:cf:3f:fb |
Snort Alerts
No Snort Alerts