Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ipINFO.io | 34.117.59.81 | |
| api.telegram.org | 149.154.167.220 |
GET
200
http://ipINFO.io/Ip
REQUEST
RESPONSE
BODY
GET /Ip HTTP/1.1
Host: ipINFO.io
User-Agent: curl/7.85.0
Accept: */*
HTTP/1.1 200 OK
access-control-allow-origin: *
Content-Length: 13
content-type: text/html; charset=utf-8
date: Fri, 21 Feb 2025 00:37:19 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
GET
200
http://IPINfo.Io/city
REQUEST
RESPONSE
BODY
GET /city HTTP/1.1
Host: IPINfo.Io
User-Agent: curl/7.85.0
Accept: */*
HTTP/1.1 200 OK
access-control-allow-origin: *
Content-Length: 6
content-type: text/html; charset=utf-8
date: Fri, 21 Feb 2025 00:37:19 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
GET
200
http://IPiNfo.io/country
REQUEST
RESPONSE
BODY
GET /country HTTP/1.1
Host: IPiNfo.io
User-Agent: curl/7.85.0
Accept: */*
HTTP/1.1 200 OK
access-control-allow-origin: *
Content-Length: 3
content-type: text/html; charset=utf-8
date: Fri, 21 Feb 2025 00:37:19 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49179 -> 149.154.167.220:443 | 2033967 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) | Misc activity |
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2054168 | ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49173 -> 34.117.59.81:80 | 2020716 | ET POLICY External IP Lookup ipinfo.io | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49167 -> 34.117.59.81:80 | 2020716 | ET POLICY External IP Lookup ipinfo.io | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49170 -> 34.117.59.81:80 | 2020716 | ET POLICY External IP Lookup ipinfo.io | Device Retrieving External IP Address Detected |
| UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2033966 | ET HUNTING Telegram API Domain in DNS Lookup | Misc activity |
| TCP 192.168.56.101:49176 -> 149.154.167.220:443 | 2033967 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) | Misc activity |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.3 192.168.56.101:49179 149.154.167.220:443 |
None | None | None |
|
TLS 1.3 192.168.56.101:49176 149.154.167.220:443 |
None | None | None |
Snort Alerts
No Snort Alerts