Report Overview
Visitedpublic
2025-11-19 07:33:09
Tags
Submit Tags
URL
kannn.me/tRSgCs
Finishing URL
about:privatebrowsing
IP / ASN
104.21.45.204
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
kannn.me 1 alert(s) on this Host | unknown | 2025-02-14 | 2025-11-19 | 2025-11-19 | 483 B | 52 kB | 104.21.45.204 |   |
192.3.211.118 3 alert(s) on this Host | unknown | unknown | No data | No data | 491 B | 51 kB |  192.3.211.118 |     |
Phusion Passenger (Web servers)
Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.OpenSSL:1.1.1t (Web server extensions)
OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.Windows Server (Operating systems)
Windows Server is a brand name for a group of server operating systems.PHP:8.0.28 (Programming languages)
PHP is a general-purpose scripting language used for web development.Apache HTTP Server:2.4.56 (Web servers)
Apache is a free and open-source cross-platform web server software.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| medium | 172.18.0.3 | 192.3.211.118 | ET INFO Dotted Quad Host DOC Request |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Nextron YARA rules | 192.3.211.118/214/sdss090ds9f/sdf989923998gfd8g98xcv9x8c9v9s9f89dsf9a08098fa90d8f908sdf898sdf898d9f89df.doC | malware | Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents. |
| DNS4EU | kannn.me | malicious | Sinkholed |
File detected
URL
192.3.211.118/214/sdss090ds9f/sdf989923998gfd8g98xcv9x8c9v9s9f89dsf9a08098fa90d8f908sdf898sdf898d9f89df.doC
IP / ASN
192.3.211.118
File Overview
File TypeRich Text Format data, version 1
Size51 kB (50576 bytes)
MD51b457da3296da8c00ffd4f0e8227b11b
SHA19d7ab5c0fdd5780abe737fe79c44f6c05bbe7c29
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents. |
| VirusTotal | malicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (2)
| URL | IP | Response | Size |
|---|