Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| r2---sn-3u-bh2z7.gvt1.com |
CNAME
r2.sn-3u-bh2z7.gvt1.com
|
211.114.66.77 |
| matix.cf |
- TCP Requests
-
-
192.168.56.102:49159 142.250.207.67:443
-
192.168.56.102:49162 142.250.207.67:443
-
192.168.56.102:49163 142.250.207.67:443
-
192.168.56.102:49160 172.217.161.142:80
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49157 172.217.26.142:443
-
192.168.56.102:49161 211.114.66.77:80r2---sn-3u-bh2z7.gvt1.com
-
- UDP Requests
-
-
192.168.56.102:49514 164.124.101.2:53
-
192.168.56.102:50221 164.124.101.2:53
-
192.168.56.102:51008 164.124.101.2:53
-
192.168.56.102:56133 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49154 239.255.255.250:1900
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
8.8.8.8:53 192.168.56.102:57660
-
GET
302
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.32;winhttp
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
HTTP/1.1 302 Found
Date: Fri, 11 Jun 2021 03:53:54 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Location: http://r2---sn-3u-bh2z7.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1623379959&mv=u&mvi=2&pl=18&rmhost=r6---sn-3u-bh2z7.gvt1.com&shardbypass=yes&smhost=r6---sn-3u-bh2sy.gvt1.com
Content-Type: text/html; charset=UTF-8
Server: ClientMapServer
Content-Length: 541
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET
200
http://r2---sn-3u-bh2z7.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1623379959&mv=u&mvi=2&pl=18&rmhost=r6---sn-3u-bh2z7.gvt1.com&shardbypass=yes&smhost=r6---sn-3u-bh2sy.gvt1.com
REQUEST
RESPONSE
BODY
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1623379959&mv=u&mvi=2&pl=18&rmhost=r6---sn-3u-bh2z7.gvt1.com&shardbypass=yes&smhost=r6---sn-3u-bh2sy.gvt1.com HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.32;winhttp
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r2---sn-3u-bh2z7.gvt1.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 1310832
Content-Security-Policy: default-src 'none'
Content-Type: application/octet-stream
Etag: "9f6104"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Thu, 10 Jun 2021 21:01:20 GMT
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Last-Modified: Tue, 13 Apr 2021 03:03:58 GMT
Connection: keep-alive
Vary: Origin
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49159 142.250.207.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | ce:0a:82:83:34:79:aa:42:c7:3b:4a:0e:fa:1e:98:31:b8:cf:3f:fb |
|
TLS 1.2 192.168.56.102:49157 172.217.26.142:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | 57:fe:cc:b1:d0:ea:5d:b5:1b:1a:76:b0:7d:03:26:a4:8d:1f:90:83 |
|
TLS 1.2 192.168.56.102:49163 142.250.207.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | ce:0a:82:83:34:79:aa:42:c7:3b:4a:0e:fa:1e:98:31:b8:cf:3f:fb |
|
TLS 1.2 192.168.56.102:49162 142.250.207.67:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com | ce:0a:82:83:34:79:aa:42:c7:3b:4a:0e:fa:1e:98:31:b8:cf:3f:fb |
Snort Alerts
No Snort Alerts