Report - 143.110.227.164/mirai.sh4

Report Overview

Visitedpublic

2025-01-14 09:49:09

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
143.110.227.164	unknown	unknown	No data	No data	2.2 kB	26 kB	143.110.227.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-14 09:48:45	medium	Client IP	143.110.227.164	ET HUNTING Suspicious GET Request for .sh4 File

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-14	medium	143.110.227.164	Sinkholed
2025-01-14	medium	143.110.227.164	Sinkholed
2025-01-14	medium	143.110.227.164	Sinkholed
2025-01-14	medium	143.110.227.164	Sinkholed
2025-01-14	medium	143.110.227.164	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

GET 143.110.227.164/mirai.sh4

143.110.227.164

301 Moved Permanently

166 B

URL

143.110.227.164/mirai.sh4

IP / ASN

143.110.227.164

#14061 DIGITALOCEAN-ASN

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-05

Last Seen2025-06-27

Times Seen17631

Size166 B (166 bytes)

MD53ea1c8d079b38532a6e01a96216ba5e2

SHA1598d3ff91d3e252f1e13df8cf0348b270ff2da3f

SHA25687a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691

Certificate Info

IssuerSectigo Limited

Subjectunmsapp.com

Fingerprint8E:1C:AF:62:A9:34:13:06:73:BA:96:0C:75:92:A8:0B:07:42:AD:AF

ValidityThu, 30 May 2024 00:00:00 GMT - Sat, 28 Jun 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
suricata	medium	ET HUNTING Suspicious GET Request for .sh4 File

HTTP Headers

GET /mirai.sh4 HTTP/1.1
Host: 143.110.227.164
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 14 Jan 2025 09:48:45 GMT
Content-Type: text/html
Content-Length: 166
Connection: keep-alive
Location: https://143.110.227.164:443/mirai.sh4

GET 143.110.227.164/mirai.sh4

143.110.227.164

404 Not Found

3.3 kB

URL

143.110.227.164/mirai.sh4

IP / ASN

143.110.227.164

#14061 DIGITALOCEAN-ASN

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2023-12-04

Last Seen2025-05-14

Times Seen207

Size3.3 kB (3261 bytes)

MD585160156abbb6a5fc3d66bd02f15ddf1

SHA1e2d1826421eeef092c5ce6b8a1e013095cf5d308

SHA256eeb6cf39c41b353709df17f94cff47f91d5839a910ce012180d5edc769816adb

Certificate Info

IssuerSectigo Limited

Subjectunmsapp.com

Fingerprint8E:1C:AF:62:A9:34:13:06:73:BA:96:0C:75:92:A8:0B:07:42:AD:AF

ValidityThu, 30 May 2024 00:00:00 GMT - Sat, 28 Jun 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
suricata	medium	ET HUNTING Suspicious GET Request for .sh4 File

HTTP Headers

GET /mirai.sh4 HTTP/1.1
Host: 143.110.227.164
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 14 Jan 2025 09:48:47 GMT
Content-Type: text/html
Content-Length: 3261
Connection: keep-alive
ETag: "66e82c9c-cbd"
x-frame-options: SAMEORIGIN

GET 143.110.227.164/public/uispLogo.svg

143.110.227.164

200 OK

3.1 kB

URL

143.110.227.164/public/uispLogo.svg

IP / ASN

143.110.227.164

#14061 DIGITALOCEAN-ASN

Requested byhttps://143.110.227.164/mirai.sh4

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-12-04

Last Seen2025-05-14

Times Seen206

Size3.1 kB (3091 bytes)

MD5457fd71a05e3cd1e9ea3a0ddf0ee05f0

SHA1d9fba7b97ff621a33aec88821c7251fd82d421df

SHA2564fc412a82003feaa052a212e9b45be190d4a8cdec3074ead57096bd52c621703

Certificate Info

IssuerSectigo Limited

Subjectunmsapp.com

Fingerprint8E:1C:AF:62:A9:34:13:06:73:BA:96:0C:75:92:A8:0B:07:42:AD:AF

ValidityThu, 30 May 2024 00:00:00 GMT - Sat, 28 Jun 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/uispLogo.svg HTTP/1.1
Host: 143.110.227.164
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://143.110.227.164/mirai.sh4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 14 Jan 2025 09:48:47 GMT
Content-Type: image/svg+xml
Content-Length: 3091
Last-Modified: Mon, 16 Sep 2024 13:03:25 GMT
Connection: keep-alive
ETag: "66e82c9d-c13"
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block
feature-policy: camera 'none'; microphone 'none'; magnetometer 'none'; gyroscope 'none'; midi 'none'; payment 'none'
Referrer-Policy: same-origin
Content-Security-Policy: default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com web.delighted.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com *.svc.ui.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: wss: www.youtube.com *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org d2yyd1h5u9mauk.cloudfront.net sp-dir.uwn.com; frame-src 'self' www.youtube.com
x-frame-options: SAMEORIGIN
Accept-Ranges: bytes

GET 143.110.227.164/public/sleepingCat.svg

143.110.227.164

200 OK

13 kB

URL

143.110.227.164/public/sleepingCat.svg

IP / ASN

143.110.227.164

#14061 DIGITALOCEAN-ASN

Requested byhttps://143.110.227.164/mirai.sh4

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2024-08-19

Last Seen2025-05-14

Times Seen220

Size13 kB (13052 bytes)

MD5fa3bdbd4f4e2e7edff097268a8207174

SHA1b9457b87fbb441f06050fa33b17314db43ebfc0a

SHA2562cbaa6ac8a74ce6c680c7573936de816021aa61bc814a55d90d51780a84348c0

Certificate Info

IssuerSectigo Limited

Subjectunmsapp.com

Fingerprint8E:1C:AF:62:A9:34:13:06:73:BA:96:0C:75:92:A8:0B:07:42:AD:AF

ValidityThu, 30 May 2024 00:00:00 GMT - Sat, 28 Jun 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/sleepingCat.svg HTTP/1.1
Host: 143.110.227.164
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://143.110.227.164/mirai.sh4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 14 Jan 2025 09:48:47 GMT
Content-Type: image/svg+xml
Content-Length: 13052
Last-Modified: Mon, 16 Sep 2024 13:03:24 GMT
Connection: keep-alive
ETag: "66e82c9c-32fc"
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block
feature-policy: camera 'none'; microphone 'none'; magnetometer 'none'; gyroscope 'none'; midi 'none'; payment 'none'
Referrer-Policy: same-origin
Content-Security-Policy: default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com web.delighted.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com *.svc.ui.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: wss: www.youtube.com *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org d2yyd1h5u9mauk.cloudfront.net sp-dir.uwn.com; frame-src 'self' www.youtube.com
x-frame-options: SAMEORIGIN
Accept-Ranges: bytes

GET 143.110.227.164/favicon.ico

143.110.227.164

404 Not Found

3.3 kB

URL

143.110.227.164/favicon.ico

IP / ASN

143.110.227.164

#14061 DIGITALOCEAN-ASN

Requested byhttps://143.110.227.164/mirai.sh4

Resource Info

File typeHTML document, ASCII text

First Seen2023-12-04

Last Seen2025-05-14

Times Seen207

Size3.3 kB (3261 bytes)

MD585160156abbb6a5fc3d66bd02f15ddf1

SHA1e2d1826421eeef092c5ce6b8a1e013095cf5d308

SHA256eeb6cf39c41b353709df17f94cff47f91d5839a910ce012180d5edc769816adb

Certificate Info

IssuerSectigo Limited

Subjectunmsapp.com

Fingerprint8E:1C:AF:62:A9:34:13:06:73:BA:96:0C:75:92:A8:0B:07:42:AD:AF

ValidityThu, 30 May 2024 00:00:00 GMT - Sat, 28 Jun 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 143.110.227.164
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://143.110.227.164/mirai.sh4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 14 Jan 2025 09:48:47 GMT
Content-Type: text/html
Content-Length: 3261
Connection: keep-alive
ETag: "66e82c9c-cbd"
x-frame-options: SAMEORIGIN