Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.dropbox.com |
CNAME
www-env.dropbox-dns.com
|
162.125.80.18 |
| docs.google.com | 172.217.25.174 | |
| freedns.afraid.org | 69.42.215.252 | |
| drive.usercontent.google.com | 142.250.206.193 | |
| xred.mooo.com | ||
| smtp.163.com | 103.129.252.45 |
- TCP Requests
-
-
103.129.252.45:25 192.168.56.101:49163
-
192.168.56.101:49172 142.250.196.238:443docs.google.com
-
192.168.56.101:49173 142.250.71.225:443drive.usercontent.google.com
-
192.168.56.101:49174 162.125.80.18:443www.dropbox.com
-
192.168.56.101:49175 162.125.80.18:443www.dropbox.com
-
192.168.56.101:49176 162.125.80.18:443www.dropbox.com
-
192.168.56.101:49168 69.42.215.252:80freedns.afraid.org
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:61953 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.101:53004
-
192.168.56.103:137 192.168.56.101:137
-
GET
303
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
REQUEST
RESPONSE
BODY
GET /uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
HTTP/1.1 303 See Other
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:47:17 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Content-Security-Policy: script-src 'report-sample' 'nonce-I0uPJF1bxbpTRiqph8FMhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET
404
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
REQUEST
RESPONSE
BODY
GET /download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download HTTP/1.1
User-Agent: Synaptics.exe
Connection: Keep-Alive
Cache-Control: no-cache
Host: drive.usercontent.google.com
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:47:17 GMT
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Content-Security-Policy: script-src 'report-sample' 'nonce-YMaR5QMDyL0EZ5FjehweyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Length: 1642
X-GUploader-UploadID: AHxI1nOa1tKkaDZV3UuQ4GNfhbeJbX2yGcaYAubs_Si_4L-gD7rk8_TIrfQkh6cjPo5LKLolIa8
Server: UploadServer
Set-Cookie: NID=516=CoLzxBl8Kz9cOq9tI5mVXO42oPZsBqY3T-cNaPgQaB56aSYYEP2e7QUhZszPR_K6faeofIbtttX4WUPZsy96QhBm-lmpo-72B-8flQQEjAloX-ilYPHQADRI212sAHo_3edDjWZqx8hAsFAQBxvS5UzSb8NnaNBiHT9nvoLydrs; expires=Tue, 28-Jan-2025 04:47:17 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
GET
303
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
REQUEST
RESPONSE
BODY
GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
Cookie: NID=516=CoLzxBl8Kz9cOq9tI5mVXO42oPZsBqY3T-cNaPgQaB56aSYYEP2e7QUhZszPR_K6faeofIbtttX4WUPZsy96QhBm-lmpo-72B-8flQQEjAloX-ilYPHQADRI212sAHo_3edDjWZqx8hAsFAQBxvS5UzSb8NnaNBiHT9nvoLydrs
HTTP/1.1 303 See Other
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:48:01 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: script-src 'report-sample' 'nonce-84NR135h2SUPJB_qlpJaZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET
404
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
REQUEST
RESPONSE
BODY
GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: drive.usercontent.google.com
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: NID=516=CoLzxBl8Kz9cOq9tI5mVXO42oPZsBqY3T-cNaPgQaB56aSYYEP2e7QUhZszPR_K6faeofIbtttX4WUPZsy96QhBm-lmpo-72B-8flQQEjAloX-ilYPHQADRI212sAHo_3edDjWZqx8hAsFAQBxvS5UzSb8NnaNBiHT9nvoLydrs
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:48:01 GMT
Content-Security-Policy: script-src 'report-sample' 'nonce-PX5gZ1vNzF8QhW0jZGLdxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Length: 1642
X-GUploader-UploadID: AHxI1nPy2HDwXgYuS0Hz47suKUELhQXVsNLgD4HXHvtgy01dlSSk5590ydiSQMu3iHqtK_EZr89RGlIF6w
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
GET
303
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
REQUEST
RESPONSE
BODY
GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
Cookie: NID=516=CoLzxBl8Kz9cOq9tI5mVXO42oPZsBqY3T-cNaPgQaB56aSYYEP2e7QUhZszPR_K6faeofIbtttX4WUPZsy96QhBm-lmpo-72B-8flQQEjAloX-ilYPHQADRI212sAHo_3edDjWZqx8hAsFAQBxvS5UzSb8NnaNBiHT9nvoLydrs
HTTP/1.1 303 See Other
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:48:02 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Content-Security-Policy: script-src 'report-sample' 'nonce-JSUByyVdzGDElE2UR4wEag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET
404
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
REQUEST
RESPONSE
BODY
GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: drive.usercontent.google.com
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: NID=516=CoLzxBl8Kz9cOq9tI5mVXO42oPZsBqY3T-cNaPgQaB56aSYYEP2e7QUhZszPR_K6faeofIbtttX4WUPZsy96QhBm-lmpo-72B-8flQQEjAloX-ilYPHQADRI212sAHo_3edDjWZqx8hAsFAQBxvS5UzSb8NnaNBiHT9nvoLydrs
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:48:02 GMT
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Content-Security-Policy: script-src 'report-sample' 'nonce-SKUSrkgdIDuN6nllADE5Ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Content-Length: 1642
X-GUploader-UploadID: AHxI1nNMZgVpBU5S5NeHC2aJGKZZR0b8C1imCzjqcYhjC3vfX6hKB9rbJTwFeGqry4x8UsfXaefv2_t0SA
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
GET
303
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
REQUEST
RESPONSE
BODY
GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
Cookie: NID=516=CoLzxBl8Kz9cOq9tI5mVXO42oPZsBqY3T-cNaPgQaB56aSYYEP2e7QUhZszPR_K6faeofIbtttX4WUPZsy96QhBm-lmpo-72B-8flQQEjAloX-ilYPHQADRI212sAHo_3edDjWZqx8hAsFAQBxvS5UzSb8NnaNBiHT9nvoLydrs
HTTP/1.1 303 See Other
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:48:02 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Content-Security-Policy: script-src 'report-sample' 'nonce-sl7NkesCyP2AVr7Yt-vPKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Cross-Origin-Opener-Policy: same-origin
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET
404
https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
REQUEST
RESPONSE
BODY
GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: drive.usercontent.google.com
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: NID=516=CoLzxBl8Kz9cOq9tI5mVXO42oPZsBqY3T-cNaPgQaB56aSYYEP2e7QUhZszPR_K6faeofIbtttX4WUPZsy96QhBm-lmpo-72B-8flQQEjAloX-ilYPHQADRI212sAHo_3edDjWZqx8hAsFAQBxvS5UzSb8NnaNBiHT9nvoLydrs
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 29 Jul 2024 04:48:03 GMT
Cross-Origin-Opener-Policy: same-origin
Content-Security-Policy: script-src 'report-sample' 'nonce-ZN2X-3m_5IJ-L1jVThyZsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Length: 1642
X-GUploader-UploadID: AHxI1nPX0ok3NH68AUxWgdOZPjFGehf6rUP0vA3eiJJtKa3fJdZhCQNxuSmepQCvH30GM8fxo8Q
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
GET
200
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
REQUEST
RESPONSE
BODY
GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
User-Agent: MyApp
Host: freedns.afraid.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 04:47:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Cache: MISS
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 103.129.252.45:25 -> 192.168.56.101:49163 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
| TCP 192.168.56.101:49172 -> 142.250.196.238:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2015633 | ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com | Misc activity |
| TCP 192.168.56.101:49174 -> 162.125.80.18:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49175 -> 162.125.80.18:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49173 -> 142.250.71.225:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49172 142.250.196.238:443 |
C=US, O=Google Trust Services, CN=WR2 | CN=*.google.com | 0e:b6:5c:7b:0b:ac:b5:af:1f:df:47:14:61:b7:0d:4c:41:6f:47:53 |
|
TLSv1 192.168.56.101:49173 142.250.71.225:443 |
C=US, O=Google Trust Services, CN=WR2 | CN=*.usercontent.google.com | 02:88:52:bb:1a:d8:e4:3d:9f:a8:8f:00:8d:5c:55:f5:c4:ba:59:0d |
Snort Alerts
No Snort Alerts