Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| iplogger.com | 148.251.234.93 | |
| dzen.ru | 62.217.160.2 | |
| tokoi45.beget.tech | 5.101.152.100 | |
| yandex.ru | 77.88.55.88 | |
| entrenaconraulfit.com | 193.84.177.249 | |
| sso.passport.yandex.ru |
CNAME
passport.yandex.ru
|
213.180.204.24 |
- TCP Requests
-
-
192.168.56.103:49185 148.251.234.93:443iplogger.com
-
192.168.56.103:49186 148.251.234.93:443iplogger.com
-
192.168.56.103:49187 148.251.234.93:443iplogger.com
-
192.168.56.103:49169 193.84.177.249:80entrenaconraulfit.com
-
192.168.56.103:49170 193.84.177.249:80entrenaconraulfit.com
-
192.168.56.103:49171 193.84.177.249:80entrenaconraulfit.com
-
192.168.56.103:49173 193.84.177.249:80entrenaconraulfit.com
-
192.168.56.103:49176 193.84.177.249:80entrenaconraulfit.com
-
192.168.56.103:49178 193.84.177.249:80entrenaconraulfit.com
-
192.168.56.103:49180 193.84.177.249:80entrenaconraulfit.com
-
192.168.56.103:49179 213.180.204.24:443sso.passport.yandex.ru
-
192.168.56.103:49165 5.101.152.100:80tokoi45.beget.tech
-
192.168.56.103:49166 5.101.152.100:80tokoi45.beget.tech
-
192.168.56.103:49167 5.101.152.100:80tokoi45.beget.tech
-
192.168.56.103:49175 5.255.255.70:443yandex.ru
-
192.168.56.103:49177 62.217.160.2:443dzen.ru
-
192.168.56.103:49184 94.130.176.65:13400
-
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:62576
-
GET
302
https://yandex.ru/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: yandex.ru
Connection: Keep-Alive
HTTP/1.1 302 Moved temporarily
Accept-CH: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
Cache-Control: max-age=1209600,private
Date: Thu, 15 Jun 2023 22:31:58 GMT
Location: https://dzen.ru/?yredirect=true
NEL: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
Portal: Home
Report-To: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Yandex-Req-Id: 1686868317988463-4025489371563924839-balancer-l7leveler-kubr-yp-vla-94-BAL-6692
set-cookie: is_gdpr=0; Path=/; Domain=.yandex.ru; Expires=Sat, 14 Jun 2025 22:31:57 GMT
set-cookie: is_gdpr_b=CKizaxCxvQEoAg==; Path=/; Domain=.yandex.ru; Expires=Sat, 14 Jun 2025 22:31:57 GMT
set-cookie: _yasc=4Ifsm61kzlyNB2MZCzzxQQRJ04qrfotD3GrBwX2ASiDiUzUZpQA2Wfhehpifyqs=; domain=.yandex.ru; path=/; expires=Sun, 12 Jun 2033 22:31:57 GMT; secure
set-cookie: i=w8kMenvv+qO1ux+keY6pn8kLp2zi6VQL7gyruL+ui7eIq1wQJAl+VO6clmvPknQiaNAlgeLzaEB2HHpFmXwQchOAslU=; Expires=Sat, 14-Jun-2025 22:31:57 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
set-cookie: yandexuid=4639248391686868317; Expires=Sat, 14-Jun-2025 22:31:57 GMT; Domain=.yandex.ru; Path=/; Secure
GET
302
https://dzen.ru/?yredirect=true
REQUEST
RESPONSE
BODY
GET /?yredirect=true HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: dzen.ru
Connection: Keep-Alive
HTTP/1.1 302 Found
Content-Length: 0
Content-Type: application/json;charset=utf-8
Date: Thu, 15 Jun 2023 22:31:59 GMT
Location: https://sso.passport.yandex.ru/push?uuid=e9bbb019-fb63-4232-9882-448d38c720b2&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
Set-Cookie: zen_sso_checked=1; Path=/; Domain=.dzen.ru; Expires=Fri, 16-Jun-2023 10:31:59 GMT; Max-Age=43200; Secure; HttpOnly
Set-Cookie: _yasc=H69R6sepHiUdBYteNYaBVrC4dMT1u4pLNh0m6zMvqqp5FPv8zH9HY6kyzl8=; domain=.dzen.ru; path=/; expires=Sun, 12 Jun 2033 22:31:59 GMT; secure
GET
200
https://sso.passport.yandex.ru/push?uuid=e9bbb019-fb63-4232-9882-448d38c720b2&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
REQUEST
RESPONSE
BODY
GET /push?uuid=e9bbb019-fb63-4232-9882-448d38c720b2&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Host: sso.passport.yandex.ru
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Jun 2023 22:32:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1958
Connection: close
Vary: Accept-Encoding
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
X-DNS-Prefetch-Control: off
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'none'; frame-ancestors https://*.dzen.ru https://dzen.ru; connect-src 'self'; script-src 'nonce-1b3ab735e8a5bfc88ace717f5f1db534' 'self'; img-src 'self'
Set-Cookie: mda2_beacon=1686868321112; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/
Set-Cookie: ys=c_chck.2522387729; Domain=.yandex.ru; Secure; Path=/
Set-Cookie: i=+TEvBUN6bS9UM3lg15dJK7aqb5I/PM5RtCj0017FYymMhZWJXLqpY+EBlIaJzAU7KuJec3LQhuKuPnp7IzhAJoGRIFk=; Domain=.yandex.ru; Expires=Sun, 12 Jun 2033 22:32:01 GMT; Secure; HttpOnly; Path=/
Set-Cookie: yandexuid=6304018871686868321; Domain=.yandex.ru; Expires=Sun, 12 Jun 2033 22:32:01 GMT; Secure; Path=/
Set-Cookie: mda2_domains=dzen.ru; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/
Referrer-Policy: origin
ETag: W/"7a6-9il9uMpho+k0gtZLT2duLIQ+QeM"
Strict-Transport-Security: max-age=315360000; includeSubDomains
GET
200
http://tokoi45.beget.tech/server.txt
REQUEST
RESPONSE
BODY
GET /server.txt HTTP/1.0
Host: tokoi45.beget.tech
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Thu, 15 Jun 2023 22:31:45 GMT
Content-Type: text/plain
Content-Length: 21
Last-Modified: Mon, 12 Jun 2023 06:25:15 GMT
Connection: close
ETag: "6486ba4b-15"
Expires: Thu, 22 Jun 2023 22:31:45 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
GET
200
http://tokoi45.beget.tech/server1.txt
REQUEST
RESPONSE
BODY
GET /server1.txt HTTP/1.0
Host: tokoi45.beget.tech
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Thu, 15 Jun 2023 22:31:46 GMT
Content-Type: text/plain
Content-Length: 0
Last-Modified: Mon, 12 Jun 2023 05:54:23 GMT
Connection: close
ETag: "6486b30f-0"
Expires: Thu, 22 Jun 2023 22:31:46 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
GET
200
http://tokoi45.beget.tech/server2.txt
REQUEST
RESPONSE
BODY
GET /server2.txt HTTP/1.0
Host: tokoi45.beget.tech
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Thu, 15 Jun 2023 22:31:46 GMT
Content-Type: text/plain
Content-Length: 0
Last-Modified: Mon, 29 May 2023 17:28:07 GMT
Connection: close
ETag: "6474e0a7-0"
Expires: Thu, 22 Jun 2023 22:31:46 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
GET
404
http://entrenaconraulfit.com/1/data64_1.exe
REQUEST
RESPONSE
BODY
GET /1/data64_1.exe HTTP/1.0
Host: entrenaconraulfit.com
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.0 404 Not Found
Connection: close
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://entrenaconraulfit.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
date: Thu, 15 Jun 2023 22:31:48 GMT
server: LiteSpeed
vary: User-Agent
GET
200
http://entrenaconraulfit.com/1/data64_2.exe
REQUEST
RESPONSE
BODY
GET /1/data64_2.exe HTTP/1.0
Host: entrenaconraulfit.com
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.0 200 OK
Connection: close
content-type: application/x-msdownload
last-modified: Thu, 15 Jun 2023 17:42:18 GMT
accept-ranges: bytes
content-length: 1249976
date: Thu, 15 Jun 2023 22:31:49 GMT
server: LiteSpeed
vary: User-Agent
GET
200
http://entrenaconraulfit.com/1/data64_3.exe
REQUEST
RESPONSE
BODY
GET /1/data64_3.exe HTTP/1.0
Host: entrenaconraulfit.com
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.0 200 OK
Connection: close
content-type: application/x-msdownload
last-modified: Thu, 15 Jun 2023 17:43:37 GMT
accept-ranges: bytes
content-length: 2558464
date: Thu, 15 Jun 2023 22:31:52 GMT
server: LiteSpeed
vary: User-Agent
GET
404
http://entrenaconraulfit.com/1/data64_4.exe
REQUEST
RESPONSE
BODY
GET /1/data64_4.exe HTTP/1.0
Host: entrenaconraulfit.com
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.0 404 Not Found
Connection: close
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://entrenaconraulfit.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-length: 103173
date: Thu, 15 Jun 2023 22:31:55 GMT
server: LiteSpeed
vary: User-Agent
GET
404
http://entrenaconraulfit.com/1/data64_5.exe
REQUEST
RESPONSE
BODY
GET /1/data64_5.exe HTTP/1.0
Host: entrenaconraulfit.com
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.0 404 Not Found
Connection: close
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://entrenaconraulfit.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-length: 103173
date: Thu, 15 Jun 2023 22:31:57 GMT
server: LiteSpeed
vary: User-Agent
GET
404
http://entrenaconraulfit.com/1/data64_6.exe
REQUEST
RESPONSE
BODY
GET /1/data64_6.exe HTTP/1.0
Host: entrenaconraulfit.com
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.0 404 Not Found
Connection: close
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://entrenaconraulfit.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-length: 103173
date: Thu, 15 Jun 2023 22:31:59 GMT
server: LiteSpeed
vary: User-Agent
GET
200
http://entrenaconraulfit.com/webArg1.txt
REQUEST
RESPONSE
BODY
GET /webArg1.txt HTTP/1.0
Host: entrenaconraulfit.com
*Accept: */*
*Connection: close
User-Agent: Firefox-6.0
HTTP/1.0 200 OK
Connection: close
content-type: text/plain
last-modified: Thu, 15 Jun 2023 18:40:38 GMT
accept-ranges: bytes
content-length: 27
date: Thu, 15 Jun 2023 22:32:01 GMT
server: LiteSpeed
vary: User-Agent
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49175 5.255.255.70:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai | 7a:e6:ff:bb:19:79:e4:52:b5:47:97:69:f8:78:1c:38:bd:e6:2f:c2 |
|
TLSv1 192.168.56.103:49177 62.217.160.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru | 6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2 |
|
TLSv1 192.168.56.103:49179 213.180.204.24:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru | f0:52:26:54:41:65:2b:6a:37:7b:c1:5b:de:9c:e9:d4:41:c6:81:2d |
Snort Alerts
No Snort Alerts