Report - 103.24.127.105:43267/mozi.m

Report Overview

Visitedpublic

2024-08-07 14:21:21

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown				2.3 kB	6.2 kB	23.36.76.226
103.24.127.105:43267	unknown				399 B	97 kB	103.24.127.105

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-07 14:20:56	high	103.24.127.105	Client IP	ET POLICY Executable and linking format (ELF) file download

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-07	medium	103.24.127.105:43267/mozi.m	Linux.Packer.Patched_UPX

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-07	medium	103.24.127.105	Sinkholed

ThreatFox

No alerts detected

File detected

URL

103.24.127.105:43267/mozi.m

IP / ASN

103.24.127.105

#150008 Pioneer Elabs Ltd.

File Overview

File TypeELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)

Size97 kB (96788 bytes)

MD5a4373db27d39dddfc3f2ef99013e49d7

SHA106659e8edf0365d1d75ae8a1dbaf6c925e717d4a

SHA256ddc6f883ce5e5e1bd56bc5ac144883e4b310203120c900cfcda223027003563f

Detections

Analyzer	Verdict	Alert
Elastic Security YARA Rules	malware	Linux.Packer.Patched_UPX

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen26925

Size504 B (504 bytes)

MD5361994b45d17874f3d57044be82a542d

SHA1ddad8ebd0d7ecdc2c9d07245d5aff4df9e3e0a56

SHA256bf3643f753112c9f8fa5204e8ee172a6e0374d160407b7f14e2c0708aa0daad5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BF3643F753112C9F8FA5204E8EE172A6E0374D160407B7F14E2C0708AA0DAAD5"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14227
Expires: Wed, 07 Aug 2024 18:18:02 GMT
Date: Wed, 07 Aug 2024 14:20:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen21118

Size504 B (504 bytes)

MD575efd2f3585f3075b07d7001e610bf02

SHA1afeabc51586d1efe3d02337b8a43741c0d5a79b5

SHA25626b1b697a9cff033ffa5ef52c9261a48313b206b2093d4d0aa6a9d3e9d24ab15

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26B1B697A9CFF033FFA5EF52C9261A48313B206B2093D4D0AA6A9D3E9D24AB15"
Last-Modified: Tue, 06 Aug 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8054
Expires: Wed, 07 Aug 2024 16:35:09 GMT
Date: Wed, 07 Aug 2024 14:20:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen21072

Size504 B (504 bytes)

MD59a041998a7f05a3597d12c78ad418ec6

SHA147926457fcb7a088f9c31d2873ef6d0fcad216e9

SHA2561b7a83f4e52229b23ed8f2831f0b93cfe270359192b0efb4fefde3225c1c844b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1B7A83F4E52229B23ED8F2831F0B93CFE270359192B0EFB4FEFDE3225C1C844B"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7552
Expires: Wed, 07 Aug 2024 16:26:47 GMT
Date: Wed, 07 Aug 2024 14:20:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen20403

Size504 B (504 bytes)

MD55aa0870760a323e0c76c1574633ed6e1

SHA15ba6f90abf50092defc125757aef5f3775353f40

SHA256485adde6605f8d46bbb24f1ce8fbdeba81d44f09b75600300584d408aa9f3ce1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "485ADDE6605F8D46BBB24F1CE8FBDEBA81D44F09B75600300584D408AA9F3CE1"
Last-Modified: Tue, 06 Aug 2024 06:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4574
Expires: Wed, 07 Aug 2024 15:37:10 GMT
Date: Wed, 07 Aug 2024 14:20:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen25615

Size504 B (504 bytes)

MD5327bc43a00e425dc5af5df4efab2ceaf

SHA1963d56a3437b86a9a87eb2aa01094b76a1b68fbb

SHA256e356c1bd222eb19ffd721062bca611a3791985070895ed0bd5f91382970e7bf9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E356C1BD222EB19FFD721062BCA611A3791985070895ED0BD5F91382970E7BF9"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5344
Expires: Wed, 07 Aug 2024 15:50:01 GMT
Date: Wed, 07 Aug 2024 14:20:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen25615

Size504 B (504 bytes)

MD5327bc43a00e425dc5af5df4efab2ceaf

SHA1963d56a3437b86a9a87eb2aa01094b76a1b68fbb

SHA256e356c1bd222eb19ffd721062bca611a3791985070895ed0bd5f91382970e7bf9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E356C1BD222EB19FFD721062BCA611A3791985070895ED0BD5F91382970E7BF9"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5344
Expires: Wed, 07 Aug 2024 15:50:01 GMT
Date: Wed, 07 Aug 2024 14:20:57 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-06

Last Seen2024-08-19

Times Seen25615

Size504 B (504 bytes)

MD5327bc43a00e425dc5af5df4efab2ceaf

SHA1963d56a3437b86a9a87eb2aa01094b76a1b68fbb

SHA256e356c1bd222eb19ffd721062bca611a3791985070895ed0bd5f91382970e7bf9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E356C1BD222EB19FFD721062BCA611A3791985070895ED0BD5F91382970E7BF9"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5283
Expires: Wed, 07 Aug 2024 15:49:00 GMT
Date: Wed, 07 Aug 2024 14:20:57 GMT
Connection: keep-alive

GET 103.24.127.105:43267/mozi.m

103.24.127.105

200 OK

97 kB

URL User Request GET HTTP

103.24.127.105:43267/mozi.m

IP / ASN

103.24.127.105

#150008 Pioneer Elabs Ltd.

Requested byN/A

Resource Info

File typeELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size97 kB (96788 bytes)

MD5a4373db27d39dddfc3f2ef99013e49d7

SHA106659e8edf0365d1d75ae8a1dbaf6c925e717d4a

SHA256ddc6f883ce5e5e1bd56bc5ac144883e4b310203120c900cfcda223027003563f

Detections

Analyzer	Verdict	Alert
Elastic Security YARA Rules	malware	Linux.Packer.Patched_UPX
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mozi.m HTTP/1.1
Host: 103.24.127.105:43267
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 135784
Connection: close
Content-Type: application/zip