Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| 2no.co | 88.99.66.31 |
- TCP Requests
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://2no.co/SVK43
REQUEST
RESPONSE
BODY
GET /SVK43 HTTP/1.1
Host: 2no.co
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Jul 2021 01:58:07 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=vctsfrnkave18cbpt03tuqc4c4; path=/; HttpOnly
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=251437904; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Answers:
whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49201 -> 88.99.66.31:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49201 88.99.66.31:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=iplogger.com | b7:20:6e:d3:e1:a5:09:a7:c9:50:32:85:ae:77:62:e4:85:33:3e:58 |
Snort Alerts
No Snort Alerts