Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.google.com | 172.217.175.4 |
- UDP Requests
-
-
192.168.56.102:52062 164.124.101.2:53
-
192.168.56.102:52336 164.124.101.2:53
-
192.168.56.102:58838 164.124.101.2:53
-
192.168.56.102:64034 164.124.101.2:53
-
192.168.56.102:64472 164.124.101.2:53
-
192.168.56.102:64995 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49164 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 31 Aug 2021 02:11:07 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-08-31-02; expires=Thu, 30-Sep-2021 02:11:07 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=222=VeDPZ0XTxK0UNwUHVLPBoBbygVsJTMqtAnXgZ-PiKlOKaPln1IQP7qjXSH0eQTsILAVqgy4SH_Ks1P9OCsJoF4DaxwyE3JqLv7atpCKTBmWZ9053h6-2inr6Q1ArQPd_G1Oq9Q_FWQr_lLeZjCRR2GkpcxqpXt2G7koaRwZ6Okk; expires=Wed, 02-Mar-2022 02:11:07 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUID=119DFD507CF165D336E6EDF47D536449; domain=.bing.com; expires=Sun, 25-Sep-2022 02:11:07 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=119DFD507CF165D336E6EDF47D536449; expires=Sun, 25-Sep-2022 02:11:07 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=314D298D03096FE93C3C392902AB6E87; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 25-Sep-2022 02:11:07 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:07 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=311BCF75EDCC4504A6D9A322A6804809&dmnchg=1; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:07 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20210831; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:07 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:07 GMT; path=/
Set-Cookie: _SS=SID=314D298D03096FE93C3C392902AB6E87; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Mon, 30-Aug-2021 02:11:07 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0wOC0zMVQwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:07 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: DBE1EBF06F3B4870AB7C5D6DBA7627CA Ref B: SLAEDGE0506 Ref C: 2021-08-31T02:11:07Z
Date: Tue, 31 Aug 2021 02:11:06 GMT
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 31 Aug 2021 02:11:38 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-08-31-02; expires=Thu, 30-Sep-2021 02:11:38 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=222=AnEmugk5MQxJMWnEpC-Ai7u9Zy3dGYWFMhsOSwsY_8oRVr3s6siOpmkxtKS0gvTowUQExnXjGZTDzoR1QiDT2KcqBxGYCxvjGkXI0rJPulLjl0oreAQU8eHUsFgQ1FWXYFZGwQacgjU8w43QVfGU3UON_rRI67c59b9Xv2wY05w; expires=Wed, 02-Mar-2022 02:11:38 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUID=0C067C66FA85627C3F486CC2FB276356; domain=.bing.com; expires=Sun, 25-Sep-2022 02:11:38 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=0C067C66FA85627C3F486CC2FB276356; expires=Sun, 25-Sep-2022 02:11:38 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=31C49B21401068D10AA28B8541B269E2; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 25-Sep-2022 02:11:38 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:38 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=FAAD495DCBEA4809BAFB56BB3397E499&dmnchg=1; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:38 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20210831; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:38 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:38 GMT; path=/
Set-Cookie: _SS=SID=31C49B21401068D10AA28B8541B269E2; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Mon, 30-Aug-2021 02:11:38 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0wOC0zMVQwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Thu, 31-Aug-2023 02:11:38 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 8E66D2C04D654190B711473E4E178EBF Ref B: SLAEDGE0619 Ref C: 2021-08-31T02:11:38Z
Date: Tue, 31 Aug 2021 02:11:37 GMT
GET
200
http://193.169.255.212/pnb/vbc.exe
REQUEST
RESPONSE
BODY
GET /pnb/vbc.exe HTTP/1.1
Host: 193.169.255.212
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 31 Aug 2021 02:10:36 GMT
Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.3.29
Last-Modified: Mon, 30 Aug 2021 08:36:30 GMT
ETag: "b0800-5cac2bacf2e3f"
Accept-Ranges: bytes
Content-Length: 722944
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49170 172.217.24.68:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 50:9d:4c:90:97:dd:23:de:78:ad:a2:09:25:c9:6b:30:0c:13:f1:94 |
|
TLSv1 192.168.56.102:49175 13.107.21.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47 |
|
TLSv1 192.168.56.102:49171 204.79.197.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47 |
|
TLSv1 192.168.56.102:49174 142.250.196.132:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 50:9d:4c:90:97:dd:23:de:78:ad:a2:09:25:c9:6b:30:0c:13:f1:94 |
Snort Alerts
No Snort Alerts