Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
cajgtus.com | 181.123.219.23 | |
api.2ip.ua | 172.67.139.220 |
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Mon, 15 Jul 2024 07:38:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXdyjGGfXsCmlBIlscfko3r2k%2FX8cWJeYcg7jdmVmOth1j8l%2Fzw5Yuaxu8LAb7wr6%2Bv02sVuV1l%2BBnZ0Wf5W512c6DfmXyOWWS%2FnOi8RcbHiLq77g53tJ9aVzJ2%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8a3817546e697c4d-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Mon, 15 Jul 2024 07:38:26 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QNvevwH59%2F5kAN3OCQ18LzhMQD1eZmAms7%2FjGHB0tL8P4%2BKv0hk0VXQwupzkHZC7ZKHTOdNu%2FpxfT81LlR7ItmoClOb1iuVQzANY5zn3CJ4pnO8SX185CYzos%2Bql"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8a3817c7498108dc-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://cajgtus.com/lancer/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true
REQUEST
RESPONSE
BODY
GET /lancer/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: cajgtus.com
HTTP/1.1 200 OK
Date: Mon, 15 Jul 2024 07:38:43 GMT
Server: Apache/2.4.37 (Win64) PHP/5.6.40
X-Powered-By: PHP/5.6.40
Content-Length: 556
Connection: close
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49171 172.67.139.220:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
TLSv1 192.168.56.103:49164 172.67.139.220:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
Snort Alerts
No Snort Alerts