Report - best.obs.cn-sz1.ctyun.cn/cn/sysnew.x86

Report Overview

Visited public
2024-05-22 19:40:25
Tags
URL
best.obs.cn-sz1.ctyun.cn/cn/sysnew.x86
Finishing URL
about:privatebrowsing
IP / ASN
113.108.66.99
#4134 Chinanet
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.global.sheca.com	unknown	1998-12-25	2022-06-20 14:45:50	2023-12-18 13:10:26	680 B	4.5 kB	47.246.3.231
best.obs.cn-sz1.ctyun.cn	unknown	2012-06-20	2024-02-01 11:51:33	2024-04-17 15:08:36	492 B	45 kB	113.108.66.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-22	medium	best.obs.cn-sz1.ctyun.cn/cn/sysnew.x86	Detects a suspicious ELF binary with UPX compression
2024-05-22	medium	best.obs.cn-sz1.ctyun.cn/cn/sysnew.x86	Linux.Trojan.Mirai

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
best.obs.cn-sz1.ctyun.cn/cn/sysnew.x86
IP
113.108.66.99
ASN
#4134 Chinanet

File type
ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux)
Size
44 kB (44268 bytes)
Hash
18e8d2cfe50367e511b243803d299b57
8a768b6fdf380a8d40ff424ef757ad3394261d0e
31b184c9ba6420e9d37d619e584d134c36d401f09ccf2284a09bbaf8810b2137

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects a suspicious ELF binary with UPX compression
Elastic Security YARA Rules	malware	Linux.Trojan.Mirai
VirusTotal	malicious	VirusTotal - Scan result 40/65

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.global.sheca.com/ovscag5

47.246.3.231

1.5 kB

URL
ocsp.global.sheca.com/ovscag5
IP
47.246.3.231:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
1.5 kB (1492 bytes)
Hash
53f67bd96a14c24af5b019ffa48e9fb5
2162cc60b913d250667b320139fc256c7b43ff3b
6cd2d437071ae841ef27d251851804a68d0626a05c0fa7e05e59cde8deec6e4b

HTTP Headers

POST /ovscag5 HTTP/1.1
Host: ocsp.global.sheca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 1492
Connection: keep-alive
Date: Wed, 22 May 2024 17:08:21 GMT
Cache-Control: max-age=86400, public, no-transform, must-revalidate
Etag: "053f67bd96a14c24af5b019ffa48e9fb5"
Expires: Mon, 27 May 2024 16:22:59 GMT
Last-Modified: Wed, 22 May 2024 16:22:59 GMT
Ali-Swift-Global-Savetime: 1716397701
Via: cache14.l2de2[0,0,200-0,H], cache16.l2de2[1,0], cache8.ru4[806,806,200-0,M], cache8.ru4[808,0]
Age: 9100
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Wed, 22 May 2024 19:40:01 GMT
X-Swift-CacheTime: 77300
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Timing-Allow-Origin: *
EagleId: 2ff6039c17164068005902168e

ocsp.global.sheca.com/ovscag5

47.246.3.233

1.5 kB

URL
ocsp.global.sheca.com/ovscag5
IP
47.246.3.233:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
1.5 kB (1492 bytes)
Hash
53f67bd96a14c24af5b019ffa48e9fb5
2162cc60b913d250667b320139fc256c7b43ff3b
6cd2d437071ae841ef27d251851804a68d0626a05c0fa7e05e59cde8deec6e4b

HTTP Headers

POST /ovscag5 HTTP/1.1
Host: ocsp.global.sheca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 1492
Connection: keep-alive
Date: Wed, 22 May 2024 17:08:21 GMT
Cache-Control: max-age=86400, public, no-transform, must-revalidate
Etag: "053f67bd96a14c24af5b019ffa48e9fb5"
Expires: Mon, 27 May 2024 16:22:59 GMT
Last-Modified: Wed, 22 May 2024 16:22:59 GMT
Ali-Swift-Global-Savetime: 1716397701
Via: cache14.l2de2[0,0,200-0,H], cache23.l2de2[1,0], cache6.ru4[565,564,200-0,M], cache6.ru4[565,0]
Age: 9100
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Wed, 22 May 2024 19:40:01 GMT
X-Swift-CacheTime: 77300
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Timing-Allow-Origin: *
EagleId: 2ff6039a17164068008307150e

best.obs.cn-sz1.ctyun.cn/cn/sysnew.x86

113.108.66.99

200 OK

44 kB

URL User Request GET HTTP/1.1
best.obs.cn-sz1.ctyun.cn/cn/sysnew.x86
IP
113.108.66.99:443
ASN
#4134 Chinanet

Certificate
IssuerUniTrust
Subject*.ctyun.cn
FingerprintE1:76:B2:49:B2:6F:6D:91:E2:41:80:B1:F3:53:F6:88:03:F7:DD:D1
ValidityFri, 01 Sep 2023 02:08:59 GMT - Tue, 01 Oct 2024 15:59:59 GMT

File type
ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux)
Size
44 kB (44268 bytes)
Hash
18e8d2cfe50367e511b243803d299b57
8a768b6fdf380a8d40ff424ef757ad3394261d0e
31b184c9ba6420e9d37d619e584d134c36d401f09ccf2284a09bbaf8810b2137

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects a suspicious ELF binary with UPX compression
Elastic Security YARA Rules	malware	Linux.Trojan.Mirai
VirusTotal	malicious	VirusTotal - Scan result 40/65

HTTP Headers

GET /cn/sysnew.x86 HTTP/1.1
Host: best.obs.cn-sz1.ctyun.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 0000018FA1D1546A901697CF21C8434F
x-reserved-indicator: 372
Accept-Ranges: bytes
ETag: "18e8d2cfe50367e511b243803d299b57"
Last-Modified: Fri, 27 Jan 2023 14:20:21 GMT
Content-Disposition: attachment
Content-Type: binary/octet-stream
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSveowmB5WwpJbdwFuS2JsR6QRWfAkbZ
Date: Wed, 22 May 2024 19:40:01 GMT
Content-Length: 44268

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers