Report - 6c54-2-229-167-72.ngrok.io/nano.exe

Report Overview

Visited public
2023-11-29 12:30:15
Tags
URL
6c54-2-229-167-72.ngrok.io/nano.exe
Finishing URL
6c54-2-229-167-72.ngrok.io/nano.exe
IP / ASN
18.158.249.75
#16509 AMAZON-02
Title
ERR_NGROK_3200 - Tunnel 6c54-2-229-167-72.ngrok.io not found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
6c54-2-229-167-72.ngrok.io	unknown	unknown	No data	No data	1.8 kB	3.7 kB	3.124.142.205
cdn.ngrok.com	unknown	2013-03-18	2022-04-29 09:26:26	2023-11-28 08:08:58	1.6 kB	74 kB	3.125.102.39

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-29 12:30:01	low	Client IP	Internal IP	ET INFO DNS Query to a *.ngrok domain (ngrok.io)
2023-11-29 12:30:01	low	Client IP	Internal IP	ET INFO DNS Query to a *.ngrok domain (ngrok.io)
2023-11-29 12:30:02	high	Client IP	3.125.102.39	ET POLICY Possible EXE Download Request to ngrok
2023-11-29 12:30:02	high	Client IP	Internal IP	ET POLICY DNS Query to a *.ngrok domain (ngrok.com)
2023-11-29 12:30:02	high	Client IP	Internal IP	ET POLICY DNS Query to a *.ngrok domain (ngrok.com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	cdn.ngrok.com/static/compiled/js/allerrors.js	ScriptElement	199 kB	2023-11-22	2023-12-13
Pretty URL cdn.ngrok.com/static/compiled/js/allerrors.js IP 3.125.102.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 22:09 Last Seen2023-12-13 09:05 Times Seen42 Hash 40563b67951e7c208a0a9698b2867337 991d669455eae256ddccfab7b484d6d95e29477a e3b8d1e9fec3bec3475310df9e77a246ca391fe2049b1d8e1b846094a4dc7454 Loading...

	cdn.ngrok.com/static/js/error.js	ScriptElement	860 B	2023-03-13	2025-03-25
Pretty URL cdn.ngrok.com/static/js/error.js IP 3.125.102.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:49 Last Seen2025-03-25 09:33 Times Seen360 Hash 5c5d834212dd9658a5c60841108c341d 7406c215e471451606f466f7b962146d9c057204 df31e9909c53fcd8083d9476b265df58848ba92ce857be821d2766bd660992c6 Loading...

HTTP Transactions (8)

URL IP Response Size

6c54-2-229-167-72.ngrok.io/nano.exe

3.124.142.205

307 Temporary Redirect

896 B

URL User Request GET HTTP/1.1
6c54-2-229-167-72.ngrok.io/nano.exe
IP
3.124.142.205:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
896 B (896 bytes)
Hash
e450c31a6ee6e829b3e5f6a99f4e4ae4
b81f8b48d181ac54edbff49daf8ede2b9cbed63b
30c5ca85f9db4037d5a9d08f3496c58dcc54fd7f27646025696342cf61df8f0a

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /nano.exe HTTP/1.1
Host: 6c54-2-229-167-72.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: fc0051a5ba33482c7205db60ed2d8b50
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:29:57 GMT
Content-Length: 896

6c54-2-229-167-72.ngrok.io/nano.exe

3.125.102.39

307 Temporary Redirect

79 B

URL User Request GET HTTP/1.1
6c54-2-229-167-72.ngrok.io/nano.exe
IP
3.125.102.39:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
79 B (79 bytes)
Hash
1c2d3d3d2f4b5f7cabe0495e929c7356
253385e3ab19d8a917601d0fdcfaa07c7170ca8f
08d1a802b7d76a0f6d9f7300286984470341ffac9fb893b19c7dda802b16885a

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /nano.exe HTTP/1.1
Host: 6c54-2-229-167-72.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=utf-8
Location: https://6c54-2-229-167-72.ngrok.io/nano.exe
Ngrok-Trace-Id: 85e1c9f2c067d8810c50f268f0df5614
Date: Wed, 29 Nov 2023 12:29:58 GMT
Content-Length: 79

6c54-2-229-167-72.ngrok.io/nano.exe

18.158.249.75

307 Temporary Redirect

896 B

URL User Request GET HTTP/1.1
6c54-2-229-167-72.ngrok.io/nano.exe
IP
18.158.249.75:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
896 B (896 bytes)
Hash
e450c31a6ee6e829b3e5f6a99f4e4ae4
b81f8b48d181ac54edbff49daf8ede2b9cbed63b
30c5ca85f9db4037d5a9d08f3496c58dcc54fd7f27646025696342cf61df8f0a

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /nano.exe HTTP/1.1
Host: 6c54-2-229-167-72.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: a29f036c5327eaa7d93526a5561fa304
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:29:58 GMT
Content-Length: 896

cdn.ngrok.com/static/js/error.js

3.125.102.39

200 OK

459 B

URL GET HTTP/1.1
cdn.ngrok.com/static/js/error.js
IP
3.125.102.39:443
ASN
#16509 AMAZON-02

Requested by
https://6c54-2-229-167-72.ngrok.io/nano.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text, with very long lines (860), with no line terminators
Size
459 B (459 bytes)
Hash
5c5d834212dd9658a5c60841108c341d
7406c215e471451606f466f7b962146d9c057204
df31e9909c53fcd8083d9476b265df58848ba92ce857be821d2766bd660992c6

HTTP Headers

GET /static/js/error.js HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 459
Content-Type: text/javascript; charset=utf-8
Date: Wed, 29 Nov 2023 12:29:58 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: 5f847ee3452e0893ce66e04a77ec6070, 8606ff7cdc014f3ff762225ee357ba29
Vary: Accept-Encoding

cdn.ngrok.com/static/css/error.css

3.125.102.39

200 OK

252 B

URL GET HTTP/1.1
cdn.ngrok.com/static/css/error.css
IP
3.125.102.39:443
ASN
#16509 AMAZON-02

Requested by
https://6c54-2-229-167-72.ngrok.io/nano.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text
Size
252 B (252 bytes)
Hash
c42c716b376ded94dd03e8e44bda5ee8
ba852d2180f54fcfa7d653013380bf646a936852
6869ce451f90fc72b2858532067907958da651c540d216315984c60fc2ad5fc4

HTTP Headers

GET /static/css/error.css HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 252
Content-Type: text/css; charset=utf-8
Date: Wed, 29 Nov 2023 12:29:58 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: a7a7751096865f5e082e5bfc76e71ba6, 997a88ea312527e7c4783769ed30d440
Vary: Accept-Encoding

cdn.ngrok.com/static/compiled/css/allerrors.css

3.125.102.39

200 OK

6.7 kB

URL GET HTTP/1.1
cdn.ngrok.com/static/compiled/css/allerrors.css
IP
3.125.102.39:443
ASN
#16509 AMAZON-02

Requested by
https://6c54-2-229-167-72.ngrok.io/nano.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text
Size
6.7 kB (6678 bytes)
Hash
a7f82ceb0d131b31281afc750a42ef8c
295b944eeb07f5d5debe984341cac59504678820
cb2b0da76a703a8088f429132b2501c1ef76ef0bbbff0efb12e5b581ca501110

HTTP Headers

GET /static/compiled/css/allerrors.css HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Date: Wed, 29 Nov 2023 12:29:58 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: b608c98dff6dc6fdcb25d03403a32d2f, a3cc2061fff0b3f5bab45b273487950f
Vary: Accept-Encoding
Transfer-Encoding: chunked

6c54-2-229-167-72.ngrok.io/favicon.ico

18.158.249.75

404 Not Found

896 B

URL GET HTTP/1.1
6c54-2-229-167-72.ngrok.io/favicon.ico
IP
18.158.249.75:443
ASN
#16509 AMAZON-02

Requested by
https://6c54-2-229-167-72.ngrok.io/nano.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.io
Fingerprint5D:F8:62:7E:CD:02:01:A5:6E:EE:97:43:00:05:26:CC:17:5B:92:CA
ValidityTue, 24 Oct 2023 00:01:11 GMT - Mon, 22 Jan 2024 00:01:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
896 B (896 bytes)
Hash
e450c31a6ee6e829b3e5f6a99f4e4ae4
b81f8b48d181ac54edbff49daf8ede2b9cbed63b
30c5ca85f9db4037d5a9d08f3496c58dcc54fd7f27646025696342cf61df8f0a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 6c54-2-229-167-72.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: 37e0c032597205222cb96cc1ec11e3e6
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:29:58 GMT
Content-Length: 896

cdn.ngrok.com/static/compiled/js/allerrors.js

3.125.102.39

200 OK

65 kB

URL GET HTTP/1.1
cdn.ngrok.com/static/compiled/js/allerrors.js
IP
3.125.102.39:443
ASN
#16509 AMAZON-02

Requested by
https://6c54-2-229-167-72.ngrok.io/nano.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text, with very long lines (63458)
Size
65 kB (65004 bytes)
Hash
40563b67951e7c208a0a9698b2867337
991d669455eae256ddccfab7b484d6d95e29477a
e3b8d1e9fec3bec3475310df9e77a246ca391fe2049b1d8e1b846094a4dc7454

HTTP Headers

GET /static/compiled/js/allerrors.js HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
Date: Wed, 29 Nov 2023 12:29:58 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: 1b044852b136c5bf1acb0fac48741637, 9fd0c6e827880383c0799bd09c5d53a9
Vary: Accept-Encoding
Transfer-Encoding: chunked

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1