Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| chromedriver.storage.googleapis.com | 142.250.206.208 | |
| github.com | 20.200.245.247 |
- TCP Requests
-
-
192.168.56.101:49161 195.123.211.57:80
-
192.168.56.101:49164 20.200.245.247:443github.com
-
192.168.56.101:49165 20.200.245.247:443github.com
-
192.168.56.101:49166 20.200.245.247:443github.com
-
192.168.56.101:49168 20.200.245.247:443github.com
-
192.168.56.101:49169 20.200.245.247:443github.com
-
192.168.56.101:49170 20.200.245.247:443github.com
-
192.168.56.101:49163 34.64.4.16:443chromedriver.storage.googleapis.com
-
GET
0
https://chromedriver.storage.googleapis.com/LATEST_RELEASE_65
REQUEST
RESPONSE
BODY
GET /LATEST_RELEASE_65 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: chromedriver.storage.googleapis.com
Cache-Control: no-cache
POST
200
http://195.123.211.57/g.php
REQUEST
RESPONSE
BODY
POST /g.php HTTP/1.1
Content-Type: application/octet-stream
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: 195.123.211.57
Content-Length: 39
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Mar 2023 08:37:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST
200
http://195.123.211.57/g.php
REQUEST
RESPONSE
BODY
POST /g.php HTTP/1.1
Content-Type: application/octet-stream
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: 195.123.211.57
Content-Length: 39
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Mar 2023 08:37:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST
200
http://195.123.211.57/g.php
REQUEST
RESPONSE
BODY
POST /g.php HTTP/1.1
Content-Type: application/octet-stream
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: 195.123.211.57
Content-Length: 36
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Mar 2023 08:37:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST
200
http://195.123.211.57/g.php
REQUEST
RESPONSE
BODY
POST /g.php HTTP/1.1
Content-Type: application/octet-stream
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: 195.123.211.57
Content-Length: 44
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Mar 2023 08:37:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49163 34.64.4.16:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.storage.googleapis.com | 41:50:4b:65:48:0d:a3:ad:6f:e5:44:02:02:69:ff:a7:1f:e8:7f:d0 |
Snort Alerts
No Snort Alerts