urlquery - report: 115.207.84.30:56601/bin.sh

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP	Comment
115.207.84.30:56601 (1)	0	No data	No data	400	108	0.0.0.0

Fully Qualifying Domain Name

Rank

First Seen

Last Seen

Sent bytes

Received bytes

Comment

115.207.84.30:56601 (1)

No data

400

108

0.0.0.0

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-26 15:01:32 UTC	high	115.207.84.30	Client IP	ET POLICY Executable and linking format (ELF) file download

Timestamp

Severity

Source IP

Destination IP

Alert

2023-05-26 15:01:32 UTC

high

115.207.84.30

Client IP

ET POLICY Executable and linking format (ELF) file download

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	115.207.84.30	Sinkholed

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

115.207.84.30

Sinkholed

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 115.207.84.30

Date	UQ / IDS / BL	URL	IP
2023-05-26 15:01:44 UTC	0 - 1 - 1	115.207.84.30:56601/bin.sh	115.207.84.30

Last 5 reports on ASN: Chinanet

Date	UQ / IDS / BL	URL	IP
2023-06-03 23:01:28 UTC	0 - 1 - 0	mo.l5645.net/mo/setup.0.138722.exe	218.92.216.77
2023-06-03 22:54:18 UTC	0 - 4 - 0	dl.ikiki.cn/dl/newpck55/iall3550004.exe	218.92.216.53
2023-06-03 21:44:28 UTC	0 - 2 - 1	121.12.174.215/dlied6.qq.com/invc/win10/data/ (...)	121.12.174.215
2023-06-03 21:09:36 UTC	0 - 1 - 0	mo.l5645.net/mo/setup.cr173.386472.exe	218.92.216.77
2023-06-03 21:06:21 UTC	0 - 1 - 2	61.160.224.34/softdl.360tpcdn.com/Feeding2/Fe (...)	61.160.224.34

Last 1 reports on domain: 115.207.84.30

Date	UQ / IDS / BL	URL	IP
2023-05-26 15:01:44 UTC	0 - 1 - 1	115.207.84.30:56601/bin.sh	115.207.84.30

Last 5 reports with similar screenshot

Date	UQ / IDS / BL	URL	IP
2023-06-03 23:43:23 UTC	0 - 0 - 1	194.36.88.63/uuu.sh	194.36.88.63
2023-06-03 23:41:09 UTC	0 - 3 - 1	5.181.159.147/bins/phantom.x86	5.181.159.147
2023-06-03 23:40:26 UTC	0 - 19 - 0	drivers.drp.su/CardReader/Duolabs/WinAll/x64/ (...)	87.117.231.157
2023-06-03 23:36:27 UTC	0 - 2 - 1	addhun.ml/	195.20.53.230
2023-06-03 23:30:36 UTC	0 - 7 - 1	91.239.77.159:45827/mozi.a/	91.239.77.159

Request	Response
GET /bin.sh HTTP/1.1 Host: 115.207.84.30:56601 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	0.0.0.0 HTTP/1.1 200 OK Content-Type: application/zip Server: nginx Content-Length: 307960 Connection: close --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Blocklists: - quad9: Sinkholed

Request

Response

                                        
                                            GET /bin.sh HTTP/1.1 

                                        
                                            
Host: 115.207.84.30:56601

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             0.0.0.0

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/zip

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 307960 

                                            
                                                
Connection: close 

                                            
                                                
 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - quad9: Sinkholed

URL	115.207.84.30:56601/bin.sh
IP	115.207.84.30 (China)
ASN	#4134 Chinanet
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 15:01:44 UTC
Status	Loading report..
IDS alerts	1
Blocklist alert	1
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (1)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 115.207.84.30

Last 5 reports on ASN: Chinanet

Last 1 reports on domain: 115.207.84.30

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Overview

Domain Summary (1)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 115.207.84.30

Last 5 reports on ASN: Chinanet

Last 1 reports on domain: 115.207.84.30

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Network Intrusion Detection Systems