Report Overview
Visitedpublic
2025-09-22 09:01:02
Tags
Submit Tags
URL
173.63.31.85:44413/bin.sh
Finishing URL
about:privatebrowsing
IP / ASN
173.63.31.85
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
6
Threat Detection Systems
6
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
173.63.31.85 9 alert(s) on this Host | unknown | unknown | No data | No data | 409 B | 308 kB | 173.63.31.85 |  |
Nginx (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| high | 173.63.31.85 | Client IP | ET POLICY Executable and linking format (ELF) file download | |
| high | 173.63.31.85 | Client IP | ET POLICY Executable and linking format (ELF) file download | |
| high | 173.63.31.85 | Client IP | ET POLICY Executable and linking format (ELF) file download | |
| high | 173.63.31.85 | Client IP | ET POLICY Executable and linking format (ELF) file download | |
| high | 173.63.31.85 | Client IP | ET POLICY Executable and linking format (ELF) file download | |
| high | 173.63.31.85 | Client IP | ET POLICY Executable and linking format (ELF) file download |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Nextron YARA rules | 173.63.31.85:44413/bin.sh | malware | Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. |
| YARAhub by abuse.ch | 173.63.31.85:44413/bin.sh | malware | Detects multiple Mirai variants |
| YARAhub by abuse.ch | 173.63.31.85:44413/bin.sh | malware | Detects Generic ShellScript Downloader |
| Elastic Security YARA rules | 173.63.31.85:44413/bin.sh | malware | Linux.Trojan.Mirai |
| DNS0 Zero | 173.63.31.85 | malicious | Sinkholed |
| Quad9 DNS | 173.63.31.85 | malicious | Sinkholed |
File detected
URL
173.63.31.85:44413/bin.sh
IP / ASN
173.63.31.85
File Overview
File TypeELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV)
Size308 kB (307960 bytes)
MD5eec5c6c219535fba3a0492ea8118b397
SHA1292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. |
| YARAhub by abuse.ch | malware | Detects multiple Mirai variants |
| YARAhub by abuse.ch | malware | Detects Generic ShellScript Downloader |
| Elastic Security YARA Rules | malware | Linux.Trojan.Mirai |
| Elastic Security YARA Rules | malware | Linux.Trojan.Mirai |
| Elastic Security YARA Rules | malware | Linux.Trojan.Mirai |
| VirusTotal | malicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (1)
| URL | IP | Response | Size |
|---|