Report - 2a70-185-147-214-20.ngrok.io/identified/agent.exe

Report Overview

Visited public
2023-11-29 12:08:06
Tags
URL
2a70-185-147-214-20.ngrok.io/identified/agent.exe
Finishing URL
2a70-185-147-214-20.ngrok.io/identified/agent.exe
IP / ASN
3.125.223.134
#16509 AMAZON-02
Title
ERR_NGROK_3200 - Tunnel 2a70-185-147-214-20.ngrok.io not found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
2a70-185-147-214-20.ngrok.io	unknown	unknown	2021-09-30 18:40:06	2023-03-10 06:20:45	1.9 kB	3.8 kB	18.158.249.75
cdn.ngrok.com	unknown	2013-03-18	2022-04-29 09:26:26	2023-11-28 08:08:58	1.6 kB	74 kB	3.125.223.134

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-29 12:07:53	low	Client IP	Internal IP	ET INFO DNS Query to a *.ngrok domain (ngrok.io)
2023-11-29 12:07:53	low	Client IP	Internal IP	ET INFO DNS Query to a *.ngrok domain (ngrok.io)
2023-11-29 12:07:53	high	Client IP	18.192.31.165	ET POLICY Possible EXE Download Request to ngrok
2023-11-29 12:07:53	high	Client IP	Internal IP	ET POLICY DNS Query to a *.ngrok domain (ngrok.com)
2023-11-29 12:07:53	high	Client IP	Internal IP	ET POLICY DNS Query to a *.ngrok domain (ngrok.com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	cdn.ngrok.com/static/js/error.js	ScriptElement	860 B	2023-03-13	2025-03-25
Pretty URL cdn.ngrok.com/static/js/error.js IP 3.125.223.134 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:49 Last Seen2025-03-25 09:33 Times Seen360 Hash 5c5d834212dd9658a5c60841108c341d 7406c215e471451606f466f7b962146d9c057204 df31e9909c53fcd8083d9476b265df58848ba92ce857be821d2766bd660992c6 Loading...

	cdn.ngrok.com/static/compiled/js/allerrors.js	ScriptElement	199 kB	2023-11-22	2023-12-13
Pretty URL cdn.ngrok.com/static/compiled/js/allerrors.js IP 3.125.223.134 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 22:09 Last Seen2023-12-13 09:05 Times Seen42 Hash 40563b67951e7c208a0a9698b2867337 991d669455eae256ddccfab7b484d6d95e29477a e3b8d1e9fec3bec3475310df9e77a246ca391fe2049b1d8e1b846094a4dc7454 Loading...

HTTP Transactions (8)

URL IP Response Size

2a70-185-147-214-20.ngrok.io/identified/agent.exe

18.158.249.75

307 Temporary Redirect

902 B

URL User Request GET HTTP/1.1
2a70-185-147-214-20.ngrok.io/identified/agent.exe
IP
18.158.249.75:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
902 B (902 bytes)
Hash
2679b5053b7f885127e392b22a0e744e
50bff11d389caf3afce1ee60c89e9e4d0d7c939f
e973f163a21b6ab1a181e6ee83c5302f5bcc8337a81952898768ae07ab423781

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /identified/agent.exe HTTP/1.1
Host: 2a70-185-147-214-20.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: 4dee1eb1fd80508a5184600883a92898
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:07:49 GMT
Content-Length: 902

2a70-185-147-214-20.ngrok.io/identified/agent.exe

18.192.31.165

307 Temporary Redirect

93 B

URL User Request GET HTTP/1.1
2a70-185-147-214-20.ngrok.io/identified/agent.exe
IP
18.192.31.165:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
93 B (93 bytes)
Hash
803245033c4dfe3d01393c72e09e393c
ee32b7fc520782ff7b9931e52b05f9864b09f7c2
52b01e5b37a02f7e97a561a00dcac808fd0ea022c27bc8bfb68030fb61fcc71c

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /identified/agent.exe HTTP/1.1
Host: 2a70-185-147-214-20.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=utf-8
Location: https://2a70-185-147-214-20.ngrok.io/identified/agent.exe
Ngrok-Trace-Id: c6e617d85f6177b95d741c6f9ae41161
Date: Wed, 29 Nov 2023 12:07:49 GMT
Content-Length: 93

2a70-185-147-214-20.ngrok.io/identified/agent.exe

18.158.249.75

307 Temporary Redirect

902 B

URL User Request GET HTTP/1.1
2a70-185-147-214-20.ngrok.io/identified/agent.exe
IP
18.158.249.75:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
902 B (902 bytes)
Hash
2679b5053b7f885127e392b22a0e744e
50bff11d389caf3afce1ee60c89e9e4d0d7c939f
e973f163a21b6ab1a181e6ee83c5302f5bcc8337a81952898768ae07ab423781

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /identified/agent.exe HTTP/1.1
Host: 2a70-185-147-214-20.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: 53059ef3bf47b7caf85698c10936470b
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:07:49 GMT
Content-Length: 902

cdn.ngrok.com/static/js/error.js

3.125.223.134

200 OK

459 B

URL GET HTTP/1.1
cdn.ngrok.com/static/js/error.js
IP
3.125.223.134:443
ASN
#16509 AMAZON-02

Requested by
https://2a70-185-147-214-20.ngrok.io/identified/agent.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text, with very long lines (860), with no line terminators
Size
459 B (459 bytes)
Hash
5c5d834212dd9658a5c60841108c341d
7406c215e471451606f466f7b962146d9c057204
df31e9909c53fcd8083d9476b265df58848ba92ce857be821d2766bd660992c6

HTTP Headers

GET /static/js/error.js HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 459
Content-Type: text/javascript; charset=utf-8
Date: Wed, 29 Nov 2023 12:07:49 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: 3b242e74ec02bd38e4438aacfd90e464, 7d56ca72b17a7f8428a6c738e8cf9875
Vary: Accept-Encoding

cdn.ngrok.com/static/css/error.css

3.125.223.134

200 OK

252 B

URL GET HTTP/1.1
cdn.ngrok.com/static/css/error.css
IP
3.125.223.134:443
ASN
#16509 AMAZON-02

Requested by
https://2a70-185-147-214-20.ngrok.io/identified/agent.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text
Size
252 B (252 bytes)
Hash
c42c716b376ded94dd03e8e44bda5ee8
ba852d2180f54fcfa7d653013380bf646a936852
6869ce451f90fc72b2858532067907958da651c540d216315984c60fc2ad5fc4

HTTP Headers

GET /static/css/error.css HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 252
Content-Type: text/css; charset=utf-8
Date: Wed, 29 Nov 2023 12:07:49 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:37 GMT
Ngrok-Trace-Id: a47b428c677b7e42784e435463e9df96, 575b560c28b2f9e5858495bf35954c74
Vary: Accept-Encoding

cdn.ngrok.com/static/compiled/css/allerrors.css

3.125.223.134

200 OK

6.7 kB

URL GET HTTP/1.1
cdn.ngrok.com/static/compiled/css/allerrors.css
IP
3.125.223.134:443
ASN
#16509 AMAZON-02

Requested by
https://2a70-185-147-214-20.ngrok.io/identified/agent.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text
Size
6.7 kB (6678 bytes)
Hash
a7f82ceb0d131b31281afc750a42ef8c
295b944eeb07f5d5debe984341cac59504678820
cb2b0da76a703a8088f429132b2501c1ef76ef0bbbff0efb12e5b581ca501110

HTTP Headers

GET /static/compiled/css/allerrors.css HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Date: Wed, 29 Nov 2023 12:07:49 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:37 GMT
Ngrok-Trace-Id: e023cf9744704b760166f2b3eaf2e386, 0308335d2e31963ff62b1f1882051413
Vary: Accept-Encoding
Transfer-Encoding: chunked

2a70-185-147-214-20.ngrok.io/favicon.ico

18.158.249.75

404 Not Found

902 B

URL GET HTTP/1.1
2a70-185-147-214-20.ngrok.io/favicon.ico
IP
18.158.249.75:443
ASN
#16509 AMAZON-02

Requested by
https://2a70-185-147-214-20.ngrok.io/identified/agent.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.io
Fingerprint5D:F8:62:7E:CD:02:01:A5:6E:EE:97:43:00:05:26:CC:17:5B:92:CA
ValidityTue, 24 Oct 2023 00:01:11 GMT - Mon, 22 Jan 2024 00:01:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
902 B (902 bytes)
Hash
2679b5053b7f885127e392b22a0e744e
50bff11d389caf3afce1ee60c89e9e4d0d7c939f
e973f163a21b6ab1a181e6ee83c5302f5bcc8337a81952898768ae07ab423781

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 2a70-185-147-214-20.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: e6cd74c949673a1545e195326da8fe65
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:07:49 GMT
Content-Length: 902

cdn.ngrok.com/static/compiled/js/allerrors.js

3.125.223.134

200 OK

65 kB

URL GET HTTP/1.1
cdn.ngrok.com/static/compiled/js/allerrors.js
IP
3.125.223.134:443
ASN
#16509 AMAZON-02

Requested by
https://2a70-185-147-214-20.ngrok.io/identified/agent.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text, with very long lines (63458)
Size
65 kB (65004 bytes)
Hash
40563b67951e7c208a0a9698b2867337
991d669455eae256ddccfab7b484d6d95e29477a
e3b8d1e9fec3bec3475310df9e77a246ca391fe2049b1d8e1b846094a4dc7454

HTTP Headers

GET /static/compiled/js/allerrors.js HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
Date: Wed, 29 Nov 2023 12:07:49 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: 6d6ebc2eb087c7e3f60f53806bbf9f55, f9739a4bd6b8d3d96f34356753376c20
Vary: Accept-Encoding
Transfer-Encoding: chunked

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1