Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| _googlecast._tcp.local | ||
| translate.googleapis.com | 142.250.207.106 | |
| www.gstatic.com | 142.250.206.227 | |
| clientservices.googleapis.com | 172.217.161.195 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:5353 224.0.0.251:5353
-
192.168.56.101:54149 239.255.255.250:1900
-
192.168.56.101:54153 239.255.255.250:1900
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49165 -> 142.250.71.163:443 | 906200038 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware) | undefined |
| TCP 192.168.56.101:49164 -> 142.250.199.202:443 | 906200038 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware) | undefined |
| TCP 192.168.56.101:49171 -> 142.250.198.131:443 | 906200038 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49165 142.250.71.163:443 |
C=US, O=Google Trust Services, CN=WE2 | CN=upload.video.google.com | 62:3a:f6:bd:3a:0b:ed:3b:16:28:ba:75:d2:00:cf:50:37:6c:20:50 |
|
TLS 1.2 192.168.56.101:49164 142.250.199.202:443 |
C=US, O=Google Trust Services, CN=WE2 | CN=upload.video.google.com | 62:3a:f6:bd:3a:0b:ed:3b:16:28:ba:75:d2:00:cf:50:37:6c:20:50 |
|
TLS 1.2 192.168.56.101:49171 142.250.198.131:443 |
C=US, O=Google Trust Services, CN=WE2 | CN=*.gstatic.com | 2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1 |
Snort Alerts
No Snort Alerts