{"report_id":"ad819f76-0bba-4b41-bd91-c29ae8e3505f","version":0,"status":"done","tags":[],"date":"2026-07-03T17:06:26Z","url":{"schema":"http","addr":"106.13.137.229:7888/9elR","fqdn":"106.13.137.229","domain":"106.13.137.229","tld":""},"ip":{"addr":"106.13.137.229","port":0,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"New Private Tab","dom":{"size":4247,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"81761b04e337c9f9124c826a48e3ae57","sha1":"cf8c27a9578676f134dd7a6a18a8602a3ea8dbf5","sha256":"db0a824b1e154d46e94db26405c07bb747488334262d95c80c3debadb8ff12f1","sha512":"f1f773972cbca8871326a24468c8b8481ef60635f3ad4c4771b580d8b0e2b154cbc9980785af6747c559170c5592c5117fefeb83e5a27b2ae3014d7873c20525","ssdeep":"96:DJFs1Bx13gb61j1l0pG7gx10UFZV4jl22D+i8kDNLeOl:H61rpomULV4jM2D+z0sI","tlshash":"539152a544f5663b18a386a9e9d17f47af817607ce8d29417baf00e31f87d54886f20c","dom_hash":"domhashe55c5b0a9b0c37e90d2a11b31f2bc448","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"106.13.137.229:7888/9elR","fqdn":"106.13.137.229","domain":"106.13.137.229","tld":""},"ip":{"addr":"106.13.137.229","port":0,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-07T17:06:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-07-03","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"106.13.137.229:7888/9elR","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Google GCTI YARA rules","description":"Google GCTI YARA rules","scan_date":"2026-07-03","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"106.13.137.229:7888/9elR","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/chronicle/GCTI","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}}],"urlquery":null},"summary":[{"fqdn":"106.13.137.229","ip":{"addr":"106.13.137.229","port":7888,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":1,"received_data":248003,"sent_data":408,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"106.13.137.229:7888/9elR","fqdn":"106.13.137.229","domain":"106.13.137.229","tld":""},"ip":{"addr":"106.13.137.229","port":7888,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-03T17:06:03.499Z","timestamp":1783098363499,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /9elR HTTP/1.1\r\nHost: 106.13.137.229:7888\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 3 Jul 2026 17:06:03 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 247884\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":247884,"size_decoded":119,"mime_type":"application/octet-stream","magic":"data","md5":"705ae9efd63847a188841481d171070f","sha1":"9bee4b1d145ddc7dfffb522635145aa9fbced1ad","sha256":"c528696c0224f90100ed19cf6461918ed8592ae49c3a1320f7f87e7049bdcad7","sha512":"ed0536a6aa59d7b6b91eb557c9340b9598d78840248f791168a354869aa113a43665acdd0c55a5096e199d7c6960a562e15210d89048805d9094fcbaac3b5396","ssdeep":"6144:DCLRT1JJIuho4jhypfNOA77icWaddb8u92UnwkJJZE8m:qRHho43lcL8BMjJHE8m","tlshash":"6534f18da12e47f82ca0c1157787764ee3d6a8c8c545c7e763e1218396c3a3add28bd7","first_seen":"2026-03-29T01:38:42.626627Z","last_seen":"2026-07-03T17:06:30.594844Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1518,"timings":{"blocked":-1,"dns":0,"connect":217,"send":0,"wait":219,"receive":1082,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-07-03","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"106.13.137.229:7888/9elR","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Google GCTI YARA rules","description":"Google GCTI YARA rules","scan_date":"2026-07-03","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"106.13.137.229:7888/9elR","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/chronicle/GCTI","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}}],"urlquery":null}}]}
