Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
POST
200
https://update.googleapis.com/service/update2
REQUEST
RESPONSE
BODY
POST /service/update2 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Google Update/1.3.36.372;winhttp
X-Old-UID: age=-1; cnt=1
X-Goog-Update-Updater: Omaha-1.3.36.372
X-Goog-Update-Interactivity: bg
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Content-Length: 786
Host: update.googleapis.com
HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-ZW94yuYpo7GY0M3DsFVOzw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 06 Aug 2024 00:50:25 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6426
X-Daystart: 64225
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49246 -> 142.250.71.195:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49246 142.250.71.195:443 |
C=US, O=Google Trust Services, CN=WR2 | CN=upload.video.google.com | c4:3f:12:39:d2:ec:4c:2c:1c:0a:a6:18:8e:2a:97:2c:d8:c2:7e:af |
Snort Alerts
No Snort Alerts