Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| cajgtus.com | 190.220.21.28 | |
| api.2ip.ua | 104.21.65.24 |
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 07:42:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2BniS5NrrU%2Fb8qx1LBIuHuFB0YJjBc1JSAYibWhnpUUMWmSufesGCbb2z1avzrxg7xxAB3rLAL%2BfiuoNbSYMbYLHD7KDfMgu9UnjEseWX8YGTv3FRBnzhS0M%2F5JE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b061bdaaa89db7a-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 07:42:29 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0vAsiAcjDTji70IBSdMmFZ0SEwJMqM5mXiNO8HSNuQhdA73njdGD7wgKmc42x2Zi4O5MyrWTs%2F1EOIJywWsxd1%2BBVtLHUgsTc%2BXMc%2BD3HBjF7Um%2FZGnLrCvq9x%2B%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b061c15ccce7bcb-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://cajgtus.com/test1/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true
REQUEST
RESPONSE
BODY
GET /test1/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: cajgtus.com
HTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 07:42:41 GMT
Server: Apache/2.4.37 (Win64) PHP/5.6.40
X-Powered-By: PHP/5.6.40
Content-Length: 558
Connection: close
Content-Type: text/html; charset=UTF-8
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49165 104.21.65.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
|
TLSv1 192.168.56.101:49171 104.21.65.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
Snort Alerts
No Snort Alerts