Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
cajgtus.com | 200.63.106.141 | |
api.2ip.ua | 104.21.65.24 |
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 22:50:53 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTTav%2FO6nRKlgbUqzcwjG9LvBp6l1lCLJcBzXRqC2ze6ynamtDJ4z08amI8FMQMjp%2Fdu5tqZ4%2BlsiIDOCDZK7xVIZkRFS6ZCPg6sOA%2B4QZJa3%2B1DP3Hs7naxsSFa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b0311624bfd2f3f-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 22:51:16 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Cc3nnM8ldgGp%2FZXO2LWIYImAoQb%2B9xE1Yc9TPCMYxVUN81UD9BMHiCj91MLsrshbeuEPkqbE17l0jCiFCW2%2BQMiy48oRBQX7%2BmH4ByqczArE4HmtHalhPkqT51P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b0311efe96f7bcb-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://cajgtus.com/lancer/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true
REQUEST
RESPONSE
BODY
GET /lancer/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: cajgtus.com
HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 22:51:29 GMT
Server: Apache/2.4.37 (Win64) PHP/5.6.40
X-Powered-By: PHP/5.6.40
Content-Length: 556
Connection: close
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49165 104.21.65.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
TLSv1 192.168.56.103:49171 104.21.65.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
Snort Alerts
No Snort Alerts