Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| download.ebz.epson.net |
CNAME
e3374.b.akamaiedge.net
|
23.210.36.144 |
| files.support.epson.com | 45.60.49.158 | |
| plg3-research.epson.biz | 54.192.175.72 |
- TCP Requests
-
-
192.168.56.102:49175 104.94.216.97:443download.ebz.epson.net
-
192.168.56.102:49179 45.60.49.158:443files.support.epson.com
-
192.168.56.102:49180 45.60.49.158:443files.support.epson.com
-
192.168.56.102:49181 45.60.49.158:443files.support.epson.com
-
192.168.56.102:49178 54.192.175.24:443plg3-research.epson.biz
-
- UDP Requests
-
-
192.168.56.102:56630 164.124.101.2:53
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.103:137
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56633 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
https://download.ebz.epson.net/dsc/du/01/DriverUpdateInfo?PR=SW&CTI=61&LG2=E2
REQUEST
RESPONSE
BODY
GET /dsc/du/01/DriverUpdateInfo?PR=SW&CTI=61&LG2=E2 HTTP/1.1
Accept-Encoding: gzip
Host: download.ebz.epson.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Server: Apache
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 17 Aug 2024 23:39:54 GMT
Content-Encoding: gzip
Content-Length: 46981
Date: Sun, 18 Aug 2024 01:01:18 GMT
Connection: keep-alive
Vary: Accept-Encoding
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 45.60.49.158:443 -> 192.168.56.102:49181 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.102:49179 -> 45.60.49.158:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49180 -> 45.60.49.158:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| UDP 192.168.56.102:62846 -> 164.124.101.2:53 | 2027863 | ET INFO Observed DNS Query to .biz TLD | Potentially Bad Traffic |
| TCP 192.168.56.102:49175 -> 104.94.216.97:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49178 -> 54.192.175.24:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49175 104.94.216.97:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | C=JP, ST=Nagano, L=Suwa-shi, O=SEIKO EPSON Corporation, CN=download2.ebz.epson.net | 5f:21:3f:89:09:9a:3e:94:64:f2:15:11:4b:cf:84:f8:88:26:07:a1 |
|
TLSv1 192.168.56.102:49178 54.192.175.24:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1 | C=JP, ST=Nagano, L=Suwa-Shi, O=SEIKO EPSON CORPORATION, CN=*.epson.biz | 0c:c6:28:da:67:4b:c2:71:6d:e2:61:72:7d:82:d0:77:ea:bf:20:af |
Snort Alerts
No Snort Alerts