Report Overview

  1. Submitted URL

    91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86

  2. IP

    91.92.244.58

    ASN

    #394711 LIMENET

  3. Submitted

    2024-05-08 17:58:28

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  1. urlquery

    0

  2. Network Intrusion Detection

    0

  3. Threat Detection Systems

    28

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
91.92.244.58unknownunknownNo dataNo data

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86meth_get_eip
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai
medium91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86Linux.Trojan.Mirai

OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
medium91.92.244.58Sinkholed

ThreatFox

No alerts detected


Files detected

  1. URL

    91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86

  2. IP

    91.92.244.58

  3. ASN

    #394711 LIMENET

  1. File type

    ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)

    Size

    58 kB (58128 bytes)

  2. Hash

    1f0c496a8ae7dac31741f3b3d34c2c46

    0f4e5ac19e8a22aa3e966b36550047bd7d532c98

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
    YARAhub by abuse.chmalware
    meth_get_eip
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai
    Elastic Security YARA Rulesmalware
    Linux.Trojan.Mirai

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize
91.92.244.58/z0l1mxjm4mdl4jjfjf7sb2vdmv/KK.x86
91.92.244.58200 OK58 kB