Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
api.ip.sb | 104.26.12.31 |
GET
200
https://api.ip.sb/ip
REQUEST
RESPONSE
BODY
GET /ip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 06 Sep 2024 01:37:57 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
Cache-Control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mRVBweowD0GKO8HAIdwMYxrb2c3pFE6TIjHqRuEDl21hlgewl%2B%2Fxs%2FeKOXHw30MRvXSBlZ1lJX5nFE%2BcKKMcfRWrJ9VP4tNXrRXdoMiHf%2BMpuvANCf8nMcbsnw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8beabc993c4229e5-FUK
alt-svc: h3=":443"; ma=86400
GET
200
http://147.45.47.81/conhost.exe
REQUEST
RESPONSE
BODY
GET /conhost.exe HTTP/1.1
Host: 147.45.47.81
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 06 Sep 2024 01:38:18 GMT
Content-Type: application/octet-stream
Content-Length: 3125704
Last-Modified: Tue, 20 Aug 2024 12:02:17 GMT
Connection: keep-alive
ETag: "66c485c9-2fb1c8"
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49167 104.26.12.31:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=api.ip.sb | 67:55:9d:38:46:36:29:e0:23:80:8c:58:24:25:99:c3:60:63:b7:0f |
Snort Alerts
No Snort Alerts