Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
doc-0c-bs-docs.googleusercontent.com | 142.250.207.97 | |
drive.google.com | 142.250.206.206 |
GET
0
https://drive.google.com/uc?export=download&confirm=no_antivirus&id=1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8
REQUEST
RESPONSE
BODY
GET /uc?export=download&confirm=no_antivirus&id=1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8 HTTP/1.1
Accept: */*
User-Agent: Clickteam
Host: drive.google.com
Connection: Keep-Alive
Cache-Control: no-cache
GET
200
https://doc-0c-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gsj07kmmd732u9jfj0sd2ubl6lqnbh2o/1702290825000/03617822427045637603/*/1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8?e=download&uuid=cd74acaf-b34e-46e0-a195-a721074feb84
REQUEST
RESPONSE
BODY
GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gsj07kmmd732u9jfj0sd2ubl6lqnbh2o/1702290825000/03617822427045637603/*/1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8?e=download&uuid=cd74acaf-b34e-46e0-a195-a721074feb84 HTTP/1.1
Accept: */*
User-Agent: Clickteam
Connection: Keep-Alive
Cache-Control: no-cache
Host: doc-0c-bs-docs.googleusercontent.com
HTTP/1.1 200 OK
X-GUploader-UploadID: ABPtcPra3dmoA-7CQybkeqGS0HpdjkLHu1WzjthsXcET5cc1WGDokOL3GcwabNm1j8oGPeWGEVU
X-Content-Type-Options: nosniff
Content-Type: text/plain
Content-Disposition: attachment; filename="lock.txt"; filename*=UTF-8''lock.txt
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
Access-Control-Allow-Methods: GET,HEAD,OPTIONS
Accept-Ranges: bytes
Content-Length: 14
Last-Modified: Wed, 10 Aug 2022 09:00:45 GMT
Date: Mon, 11 Dec 2023 10:33:59 GMT
Expires: Mon, 11 Dec 2023 10:33:59 GMT
Cache-Control: private, max-age=0
X-Goog-Hash: crc32c=tcqNOQ==
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49168 -> 142.251.220.97:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49165 -> 142.251.220.78:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49168 142.251.220.97:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.googleusercontent.com | 17:e3:6e:db:3c:c4:0e:b4:6d:d3:55:1a:70:f8:0b:23:86:54:69:d8 |
TLSv1 192.168.56.103:49165 142.251.220.78:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.google.com | 5d:3a:d9:47:14:b0:78:30:a1:bf:b4:45:f6:f5:81:ad:0a:c7:76:89 |
Snort Alerts
No Snort Alerts