Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| drive.google.com | 172.217.175.14 |
- UDP Requests
-
-
192.168.56.103:53893 164.124.101.2:53
-
192.168.56.103:58465 164.124.101.2:53
-
192.168.56.103:63128 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:49168 239.255.255.250:1900
-
192.168.56.103:49170 239.255.255.250:3702
-
192.168.56.103:49172 239.255.255.250:3702
-
192.168.56.103:58466 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.103:123
-
GET
404
https://drive.google.com/uc?export=download&id=1gBqvywOWfsStLEvq5ZjLlqCoaQdniUCl
REQUEST
RESPONSE
BODY
GET /uc?export=download&id=1gBqvywOWfsStLEvq5ZjLlqCoaQdniUCl HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: drive.google.com
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
x-chromium-appcache-fallback-override: disallow-fallback
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Security-Policy: script-src 'nonce-8nz5AmYYVFtnPJuyyjLSOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
Date: Mon, 06 Sep 2021 03:11:16 GMT
Expires: Mon, 06 Sep 2021 03:11:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Set-Cookie: NID=222=pQ_rGiAG0ovN7DZijM6OI497aDAc7mXU00YXlAfQuo_3Q_zNAqyGl8ysqOpJm_evMN2cNN7r648ukFhsGG2IWew1qwnh2M5NOaNBeJIpfxZTmRbe7rK1jEmuxaKmhPfAEiB0MlZ_YsgsT4edGPSZwPfGu2418UqY5fFiJwabu4Y; expires=Tue, 08-Mar-2022 03:11:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49169 -> 142.250.199.110:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49169 142.250.199.110:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.google.com | 8f:b6:6e:35:48:00:39:39:d4:59:1a:58:7b:b6:38:5a:92:b0:b6:9f |
Snort Alerts
No Snort Alerts