Report - 9a9d5913de8a.ngrok.io/testtest/sometests1.exe

Report Overview

Visited public
2023-11-29 12:34:12
Tags
URL
9a9d5913de8a.ngrok.io/testtest/sometests1.exe
Finishing URL
9a9d5913de8a.ngrok.io/testtest/sometests1.exe
IP / ASN
3.125.209.94
#16509 AMAZON-02
Title
ERR_NGROK_3200 - Tunnel 9a9d5913de8a.ngrok.io not found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.ngrok.com	unknown	2013-03-18	2022-04-29 09:26:26	2023-11-28 08:08:58	1.6 kB	74 kB	18.192.31.165
9a9d5913de8a.ngrok.io	unknown	unknown	No data	No data	1.9 kB	3.7 kB	3.125.209.94

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-29 12:33:59	low	Client IP	Internal IP	ET INFO DNS Query to a *.ngrok domain (ngrok.io)
2023-11-29 12:33:59	low	Client IP	Internal IP	ET INFO DNS Query to a *.ngrok domain (ngrok.io)
2023-11-29 12:33:59	high	Client IP	3.125.209.94	ET POLICY Possible EXE Download Request to ngrok
2023-11-29 12:34:00	high	Client IP	Internal IP	ET POLICY DNS Query to a *.ngrok domain (ngrok.com)
2023-11-29 12:34:00	high	Client IP	Internal IP	ET POLICY DNS Query to a *.ngrok domain (ngrok.com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	cdn.ngrok.com/static/js/error.js	ScriptElement	860 B	2023-03-13	2025-03-25
Pretty URL cdn.ngrok.com/static/js/error.js IP 18.192.31.165 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:49 Last Seen2025-03-25 09:33 Times Seen360 Hash 5c5d834212dd9658a5c60841108c341d 7406c215e471451606f466f7b962146d9c057204 df31e9909c53fcd8083d9476b265df58848ba92ce857be821d2766bd660992c6 Loading...

	cdn.ngrok.com/static/compiled/js/allerrors.js	ScriptElement	199 kB	2023-11-22	2023-12-13
Pretty URL cdn.ngrok.com/static/compiled/js/allerrors.js IP 18.192.31.165 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 22:09 Last Seen2023-12-13 09:05 Times Seen42 Hash 40563b67951e7c208a0a9698b2867337 991d669455eae256ddccfab7b484d6d95e29477a e3b8d1e9fec3bec3475310df9e77a246ca391fe2049b1d8e1b846094a4dc7454 Loading...

HTTP Transactions (8)

URL IP Response Size

9a9d5913de8a.ngrok.io/testtest/sometests1.exe

3.125.209.94

307 Temporary Redirect

887 B

URL User Request GET HTTP/1.1
9a9d5913de8a.ngrok.io/testtest/sometests1.exe
IP
3.125.209.94:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
887 B (887 bytes)
Hash
5a96803a4c6ffa44857160ecf702ac67
6510062e44f9fe580ebaf37c4c634c7aa132c593
7eba51300fb925dadbb5da752395fcdc4c40659612ddbedb810fe16dc7f61ea7

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /testtest/sometests1.exe HTTP/1.1
Host: 9a9d5913de8a.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: 7b93226603877857b152de862b4b5c4f
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:33:55 GMT
Content-Length: 887

9a9d5913de8a.ngrok.io/testtest/sometests1.exe

3.125.209.94

307 Temporary Redirect

89 B

URL User Request GET HTTP/1.1
9a9d5913de8a.ngrok.io/testtest/sometests1.exe
IP
3.125.209.94:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
89 B (89 bytes)
Hash
c4d7bd2e1e9e22bef814cb674eb1d9a1
4d649af9c4cbf891be7bf28c7dbf0c31ead1c28f
ad1cefa3d61f558f48af189af259f2c90f4fb32ff2492b1b20bcbf2297bb0020

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /testtest/sometests1.exe HTTP/1.1
Host: 9a9d5913de8a.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=utf-8
Location: https://9a9d5913de8a.ngrok.io/testtest/sometests1.exe
Ngrok-Trace-Id: e2b8c6b09dd92f8dd976dd3b8f6b0403
Date: Wed, 29 Nov 2023 12:33:55 GMT
Content-Length: 89

9a9d5913de8a.ngrok.io/testtest/sometests1.exe

18.192.31.165

307 Temporary Redirect

887 B

URL User Request GET HTTP/1.1
9a9d5913de8a.ngrok.io/testtest/sometests1.exe
IP
18.192.31.165:80
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
887 B (887 bytes)
Hash
5a96803a4c6ffa44857160ecf702ac67
6510062e44f9fe580ebaf37c4c634c7aa132c593
7eba51300fb925dadbb5da752395fcdc4c40659612ddbedb810fe16dc7f61ea7

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Possible EXE Download Request to ngrok

HTTP Headers

GET /testtest/sometests1.exe HTTP/1.1
Host: 9a9d5913de8a.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: 51c09bd45a9e7e370de0ace2cd794a49
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:33:55 GMT
Content-Length: 887

cdn.ngrok.com/static/css/error.css

18.192.31.165

200 OK

252 B

URL GET HTTP/1.1
cdn.ngrok.com/static/css/error.css
IP
18.192.31.165:443
ASN
#16509 AMAZON-02

Requested by
https://9a9d5913de8a.ngrok.io/testtest/sometests1.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text
Size
252 B (252 bytes)
Hash
c42c716b376ded94dd03e8e44bda5ee8
ba852d2180f54fcfa7d653013380bf646a936852
6869ce451f90fc72b2858532067907958da651c540d216315984c60fc2ad5fc4

HTTP Headers

GET /static/css/error.css HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 252
Content-Type: text/css; charset=utf-8
Date: Wed, 29 Nov 2023 12:33:56 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:37 GMT
Ngrok-Trace-Id: 51a90c23f385d776d521b6a08890a0be, f2b906fe9d56824a0707fcb7780f4df6
Vary: Accept-Encoding

cdn.ngrok.com/static/js/error.js

18.192.31.165

200 OK

459 B

URL GET HTTP/1.1
cdn.ngrok.com/static/js/error.js
IP
18.192.31.165:443
ASN
#16509 AMAZON-02

Requested by
https://9a9d5913de8a.ngrok.io/testtest/sometests1.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text, with very long lines (860), with no line terminators
Size
459 B (459 bytes)
Hash
5c5d834212dd9658a5c60841108c341d
7406c215e471451606f466f7b962146d9c057204
df31e9909c53fcd8083d9476b265df58848ba92ce857be821d2766bd660992c6

HTTP Headers

GET /static/js/error.js HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 459
Content-Type: text/javascript; charset=utf-8
Date: Wed, 29 Nov 2023 12:33:56 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: 3e3562f25b73234a779dc7c6cddaab29, df718fe20252fc7795f62856cb384ba9
Vary: Accept-Encoding

cdn.ngrok.com/static/compiled/css/allerrors.css

18.192.31.165

200 OK

6.7 kB

URL GET HTTP/1.1
cdn.ngrok.com/static/compiled/css/allerrors.css
IP
18.192.31.165:443
ASN
#16509 AMAZON-02

Requested by
https://9a9d5913de8a.ngrok.io/testtest/sometests1.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text
Size
6.7 kB (6678 bytes)
Hash
a7f82ceb0d131b31281afc750a42ef8c
295b944eeb07f5d5debe984341cac59504678820
cb2b0da76a703a8088f429132b2501c1ef76ef0bbbff0efb12e5b581ca501110

HTTP Headers

GET /static/compiled/css/allerrors.css HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Date: Wed, 29 Nov 2023 12:33:56 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:37 GMT
Ngrok-Trace-Id: 61256d03e57c0dd91056be2b1cd50879, a0b1e4863dad0e29d05fb8ed420a5812
Vary: Accept-Encoding
Transfer-Encoding: chunked

9a9d5913de8a.ngrok.io/favicon.ico

18.192.31.165

404 Not Found

887 B

URL GET HTTP/1.1
9a9d5913de8a.ngrok.io/favicon.ico
IP
18.192.31.165:443
ASN
#16509 AMAZON-02

Requested by
https://9a9d5913de8a.ngrok.io/testtest/sometests1.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.io
Fingerprint5D:F8:62:7E:CD:02:01:A5:6E:EE:97:43:00:05:26:CC:17:5B:92:CA
ValidityTue, 24 Oct 2023 00:01:11 GMT - Mon, 22 Jan 2024 00:01:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
887 B (887 bytes)
Hash
5a96803a4c6ffa44857160ecf702ac67
6510062e44f9fe580ebaf37c4c634c7aa132c593
7eba51300fb925dadbb5da752395fcdc4c40659612ddbedb810fe16dc7f61ea7

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 9a9d5913de8a.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Ngrok-Error-Code: ERR_NGROK_3200
Ngrok-Trace-Id: a1a6b9fae2610cc9c0bea7333208b3bf
Referrer-Policy: no-referrer
Date: Wed, 29 Nov 2023 12:33:56 GMT
Content-Length: 887

cdn.ngrok.com/static/compiled/js/allerrors.js

18.192.31.165

200 OK

65 kB

URL GET HTTP/1.1
cdn.ngrok.com/static/compiled/js/allerrors.js
IP
18.192.31.165:443
ASN
#16509 AMAZON-02

Requested by
https://9a9d5913de8a.ngrok.io/testtest/sometests1.exe
Certificate
IssuerLet's Encrypt
Subject*.ngrok.com
Fingerprint04:9D:BF:CD:9A:2D:9B:9B:3E:04:30:A7:B1:A8:7D:AC:D8:01:D2:22
ValidityTue, 17 Oct 2023 00:04:12 GMT - Mon, 15 Jan 2024 00:04:11 GMT

File type
ASCII text, with very long lines (63458)
Size
65 kB (65004 bytes)
Hash
40563b67951e7c208a0a9698b2867337
991d669455eae256ddccfab7b484d6d95e29477a
e3b8d1e9fec3bec3475310df9e77a246ca391fe2049b1d8e1b846094a4dc7454

HTTP Headers

GET /static/compiled/js/allerrors.js HTTP/1.1
Host: cdn.ngrok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
Date: Wed, 29 Nov 2023 12:33:56 GMT
Last-Modified: Tue, 21 Nov 2023 21:34:14 GMT
Ngrok-Trace-Id: 37799372eee056811114d03df2e15f2f, 6e0e22c17fda94a33df3f0ffb36f4bf6
Vary: Accept-Encoding
Transfer-Encoding: chunked

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1