Report - 167.99.129.68/gmbot/gmbot.mips

Report Overview

Visitedpublic

2024-08-29 04:18:41

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-28 18:12:05	1.6 kB	4.4 kB	23.36.77.32
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-28 18:12:07	981 B	2.7 kB	23.33.119.27
167.99.129.68	unknown	unknown	2022-06-16 16:46:49	2024-04-14 15:55:29	400 B	89 kB	167.99.129.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-29 04:18:16	medium	Client IP	167.99.129.68	ET INFO MIPS File Download Request from IP Address
2024-08-29 04:18:16	high	167.99.129.68	Client IP	ET POLICY Executable and linking format (ELF) file download Over HTTP

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-29	medium	167.99.129.68/gmbot/gmbot.mips	Detects Mirai Botnet Malware
2024-08-29	medium	167.99.129.68/gmbot/gmbot.mips	Linux.Trojan.Mirai

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-29	medium	167.99.129.68	Sinkholed

ThreatFox

No alerts detected

File detected

URL

167.99.129.68/gmbot/gmbot.mips

IP / ASN

167.99.129.68

#14061 DIGITALOCEAN-ASN

File Overview

File TypeELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)

Size89 kB (88820 bytes)

MD5bb95dd800eb845143540fea8f034dfae

SHA1b4c29a1573a69500b7cab8f4d8e1f7b1398aa084

SHA25658a5e94649a467357f519d12f6b80fb6e3cb14f75bc5c1000be2235c5f31b707

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Mirai Botnet Malware
Elastic Security YARA Rules	malware	Linux.Trojan.Mirai

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-29

Times Seen11048

Size504 B (504 bytes)

MD538cbe2bf8b6d9ff466a715bd835ea451

SHA134536bdff6310a8b4ccb1bee5eb1ddd98ed57a0f

SHA2561ae38d2373eb268f96ff536531fdc13ba00a9c4bd66496cd7e434e0d2e68a02f

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1AE38D2373EB268F96FF536531FDC13BA00A9C4BD66496CD7E434E0D2E68A02F"
Last-Modified: Wed, 28 Aug 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6937
Expires: Thu, 29 Aug 2024 06:13:52 GMT
Date: Thu, 29 Aug 2024 04:18:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen15665

Size504 B (504 bytes)

MD5e39dce5ea747184cd9620a6a6cb8835f

SHA1bbc61ed7858f2eb5554561ba25639c1fbe6898f4

SHA2562a600466bc852e883cba5f66b9179846ba7263ea2ef806f62666923a82bb7e8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2A600466BC852E883CBA5F66B9179846BA7263EA2EF806F62666923A82BB7E8D"
Last-Modified: Wed, 28 Aug 2024 14:36:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8413
Expires: Thu, 29 Aug 2024 06:38:28 GMT
Date: Thu, 29 Aug 2024 04:18:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-29

Last Seen2024-08-31

Times Seen14619

Size504 B (504 bytes)

MD5394892113e0ffb33f2ffdbe727637967

SHA16356e0f13c62b88d4f8a3a20336c86b21b9e7b43

SHA2567bfca20b125a7ca370d17340cd1425663c1c6e81f8a0c42aa9703e88e2fa5ebd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7BFCA20B125A7CA370D17340CD1425663C1C6E81F8A0C42AA9703E88E2FA5EBD"
Last-Modified: Wed, 28 Aug 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9777
Expires: Thu, 29 Aug 2024 07:01:13 GMT
Date: Thu, 29 Aug 2024 04:18:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen18617

Size504 B (504 bytes)

MD5fdbea8492a4c466e40797f5c241f80c0

SHA15b54da6a3949155c0e32e21a9c438e255ad71720

SHA256965090df69898508429e57657077a1625c55dd348039f37cbb2451d9460886a0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "965090DF69898508429E57657077A1625C55DD348039F37CBB2451D9460886A0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6191
Expires: Thu, 29 Aug 2024 06:01:27 GMT
Date: Thu, 29 Aug 2024 04:18:16 GMT
Connection: keep-alive

GET 167.99.129.68/gmbot/gmbot.mips

167.99.129.68

200 OK

89 kB

URL

167.99.129.68/gmbot/gmbot.mips

IP / ASN

167.99.129.68

#14061 DIGITALOCEAN-ASN

Requested byN/A

Resource Info

File typeELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)

First Seen2024-08-29

Last Seen2024-08-29

Times Seen1

Size89 kB (88820 bytes)

MD5bb95dd800eb845143540fea8f034dfae

SHA1b4c29a1573a69500b7cab8f4d8e1f7b1398aa084

SHA25658a5e94649a467357f519d12f6b80fb6e3cb14f75bc5c1000be2235c5f31b707

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Mirai Botnet Malware
Elastic Security YARA Rules	malware	Linux.Trojan.Mirai
Quad9 DNS	malicious	Sinkholed
suricata	medium	ET INFO MIPS File Download Request from IP Address
suricata	high	ET POLICY Executable and linking format (ELF) file download Over HTTP

HTTP Headers

GET /gmbot/gmbot.mips HTTP/1.1
Host: 167.99.129.68
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 29 Aug 2024 04:18:16 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 23 Aug 2024 14:27:15 GMT
ETag: "15af4-6205a925d56c0"
Accept-Ranges: bytes
Content-Length: 88820
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6477
Expires: Thu, 29 Aug 2024 06:06:15 GMT
Date: Thu, 29 Aug 2024 04:18:18 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6477
Expires: Thu, 29 Aug 2024 06:06:15 GMT
Date: Thu, 29 Aug 2024 04:18:18 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6477
Expires: Thu, 29 Aug 2024 06:06:15 GMT
Date: Thu, 29 Aug 2024 04:18:18 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-28

Last Seen2024-08-31

Times Seen19640

Size504 B (504 bytes)

MD5bb5e9405671b53b4e83ea35107d596c2

SHA10137160e22736d3b47d6d0a8e4c0c6745547e822

SHA2562acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6477
Expires: Thu, 29 Aug 2024 06:06:15 GMT
Date: Thu, 29 Aug 2024 04:18:18 GMT
Connection: keep-alive