Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

194aa64a81...3d.apk

android-9-x86

10

194aa64a81...3d.apk

android-10-x64

10

194aa64a81...3d.apk

android-11-x64

10

Resubmissions

16/12/2024, 22:35 UTC

241216-2h4yeaskfz 10

16/12/2024, 22:35 UTC

241216-2hw8kasrep 10

13/12/2024, 22:05 UTC

241213-1zj4ws1nfl 10

Analysis

  • max time kernel
    145s
  • max time network
    158s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    16/12/2024, 22:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    194aa64a8107412e8f6442f7addbadcb9e544d25b9915ef534cf175cb6e60b3d.apk

  • Size

    2.8MB

  • MD5

    0f197622ba7d3ff87cb16dda5ca5b32f

  • SHA1

    df629604e3e7c13dd3777b8fe1f96a5e081a9813

  • SHA256

    194aa64a8107412e8f6442f7addbadcb9e544d25b9915ef534cf175cb6e60b3d

  • SHA512

    8220ceae9714c07637a04409dfe3b9248292b1a10836c67c65115a6f588421ffac18c56bd7abee542f8222b86e88db3e737f9510538a1b3252a3a77846cde84e

  • SSDEEP

    49152:lLFktfNk/2lW+sligkiCC/ScqLZcGJhwbPSHvklq4ggI0EbWWR4fKmSQ496Kg/Vk:9FkcJ+sliglVkLZVTkhggPWRyKbQ49Ok

Score
10/10
hookbankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://39.109.117.207:3434

AES_key
1
3141317a5031655035514765666932444d505466544c35534c6d763744697666

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Hook family
    hook
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.jedokuwafesewa.pobibovi
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4633

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.204.78
  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    172.217.169.46
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    142.250.178.14
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: application/octet-stream
    Date: Mon, 16 Dec 2024 22:36:30 GMT
    Content-Length: 85
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=da2 HTTP/1.1
    Accept: */*
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: application/octet-stream
    Date: Mon, 16 Dec 2024 22:36:30 GMT
    Content-Length: 5
  • flag-hk
    POST
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2
    Remote address:
    39.109.117.207:3434
    Request
    POST /socket.io/?EIO=3&transport=polling&sid=da2 HTTP/1.1
    Accept: */*
    Content-Type: text/plain;charset=UTF-8
    Content-Length: 63
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Date: Mon, 16 Dec 2024 22:36:31 GMT
    Content-Length: 2
    Content-Type: text/plain; charset=utf-8
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=websocket&sid=da2
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=websocket&sid=da2 HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: LHU0I7FkBefOwAwGSFbn7g==
    Sec-WebSocket-Version: 13
    Host: 39.109.117.207:3434
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: lqmRPa290y0HokOsm0vsXwjRJ/A=
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Origin: http://39.109.117.207
    Access-Control-Allow-Credentials: true
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=da2 HTTP/1.1
    Accept: */*
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: application/octet-stream
    Date: Mon, 16 Dec 2024 22:36:32 GMT
    Content-Length: 4
  • flag-hk
    POST
    http://39.109.117.207:3434/php/w382sgrsfh5.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/w382sgrsfh5.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 758
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:33 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/k8uif35eq2u1f.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/k8uif35eq2u1f.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:34 GMT
    Transfer-Encoding: chunked
  • flag-hk
    POST
    http://39.109.117.207:3434/php/tu.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/tu.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 758
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:38 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/8nrg3.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/8nrg3.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 260
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:40 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/qfwjp3ub7jx9r.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/qfwjp3ub7jx9r.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:42 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/128q5rjkks.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/128q5rjkks.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:47 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/eku.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/eku.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:52 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/wq.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/wq.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:57 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/y.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/y.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:02 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/bp93rqrk6y0v3tt8t.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/bp93rqrk6y0v3tt8t.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:07 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/mry.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/mry.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:12 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/0o8gqifmmk.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/0o8gqifmmk.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:17 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/2n3w5.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/2n3w5.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:22 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/p14k.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/p14k.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:27 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/hsrk46d.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/hsrk46d.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:32 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/j9gqhd64whd8u3fg2un.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/j9gqhd64whd8u3fg2un.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:37 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/z.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/z.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:42 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/6n0.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/6n0.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:47 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/jvilxor6xkeofv9gdu5x.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/jvilxor6xkeofv9gdu5x.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:52 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/ebfktc.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/ebfktc.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:57 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/cg1l.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/cg1l.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:02 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/d6d1.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/d6d1.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:07 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/91.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/91.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:12 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/n.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/n.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:18 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/509jtmtu14eib.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/509jtmtu14eib.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:23 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/j1s320kjnxolgcz0wm.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/j1s320kjnxolgcz0wm.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:28 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/vlcs7h6gnv7pfu79agr7.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/vlcs7h6gnv7pfu79agr7.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:33 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/g36tdbm50ifa50wpugxk.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/g36tdbm50ifa50wpugxk.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:38 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/ksna3.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/ksna3.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:43 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/79n1ikw8gkaly59o4gtp.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/79n1ikw8gkaly59o4gtp.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:48 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/3.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/3.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:53 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/oipygv8tsabwo6m5j.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/oipygv8tsabwo6m5j.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 888
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:33 GMT
    Content-Length: 128
  • flag-hk
    POST
    http://39.109.117.207:3434/php/d.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/d.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 325
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:35 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/8mm.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/8mm.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 390
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:39 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/vm23n3eb01.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/vm23n3eb01.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:40 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/z9td3psqe1s0.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/z9td3psqe1s0.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:48 GMT
    Content-Length: 24
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    64.233.184.84
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.180.4
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    64.233.166.84
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    142.250.178.3
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    142.250.178.3
  • 216.58.201.110:443
    tls, https
    1.4kB
     40 B
     1
    1
  • 216.58.204.78:443
    android.apis.google.com
    tls
    3.7kB
     6.8kB
     16
    15
  • 172.217.169.42:443
    tls, https
    1.3kB
     40 B
     1
    1
  • 172.217.169.46:443
    www.youtube.com
    tls
    2.1kB
     8.3kB
     17
    14
  • 216.58.204.78:443
    android.apis.google.com
    tls
    2.7kB
     6.1kB
     13
    11
  • 172.217.169.42:443
    tls, https
    530 B
     40 B
     1
    1
  • 39.109.117.207:3434
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2
    http
    2.0kB
     2.4kB
     22
    21

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling

    HTTP Response

    200

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2

    HTTP Response

    200
  • 39.109.117.207:3434
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=websocket&sid=da2
    http
    2.0kB
     1.6kB
     30
    23

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=websocket&sid=da2

    HTTP Response

    101
  • 39.109.117.207:3434
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2
    http
    1.3kB
     1.3kB
     19
    18

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da2

    HTTP Response

    200
  • 39.109.117.207:3434
    http://39.109.117.207:3434/php/3.php/
    http
    31.0kB
     798.3kB
     318
    548

    HTTP Request

    POST http://39.109.117.207:3434/php/w382sgrsfh5.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/k8uif35eq2u1f.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/tu.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/8nrg3.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/qfwjp3ub7jx9r.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/128q5rjkks.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/eku.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/wq.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/y.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/bp93rqrk6y0v3tt8t.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/mry.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/0o8gqifmmk.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/2n3w5.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/p14k.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/hsrk46d.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/j9gqhd64whd8u3fg2un.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/z.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/6n0.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/jvilxor6xkeofv9gdu5x.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/ebfktc.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/cg1l.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/d6d1.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/91.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/n.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/509jtmtu14eib.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/j1s320kjnxolgcz0wm.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/vlcs7h6gnv7pfu79agr7.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/g36tdbm50ifa50wpugxk.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/ksna3.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/79n1ikw8gkaly59o4gtp.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/3.php/

    HTTP Response

    200
  • 39.109.117.207:3434
    http://39.109.117.207:3434/php/z9td3psqe1s0.php/
    http
    6.0kB
     3.6kB
     24
    22

    HTTP Request

    POST http://39.109.117.207:3434/php/oipygv8tsabwo6m5j.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/d.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/8mm.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/vm23n3eb01.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/z9td3psqe1s0.php/

    HTTP Response

    200
  • 142.250.180.4:443
    www.google.com
    tls
    1.7kB
     5.3kB
     14
    10
  • 64.233.166.84:443
    accounts.google.com
    tls
    2.1kB
     7.2kB
     19
    14
  • 142.250.178.3:443
    update.googleapis.com
    tls
    2.2kB
     6.7kB
     12
    11
  • 216.239.36.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 142.250.178.3:443
    update.googleapis.com
    tls
    12.9kB
     13.4kB
     47
    52
  • 142.250.187.206:443
    www.youtube.com
    tls
    135 B
     40 B
     2
    1
  • 142.250.187.193:443
    tls
    135 B
     40 B
     2
    1
  • 216.58.201.97:443
    tls
    135 B
     40 B
     2
    1
  • 216.239.34.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 216.239.34.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.9kB
     13
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.204.78

  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     335 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    172.217.169.46
    216.58.201.110
    172.217.169.14
    142.250.187.206
    172.217.169.78
    142.250.179.238
    216.58.213.14
    142.250.200.46
    216.58.204.78
    142.250.200.14
    216.58.212.206
    142.250.187.238
    142.250.180.14
    172.217.16.238
    142.250.178.14

  • 172.217.169.46:443
    www.youtube.com
    https
    1.4kB
     54 B
     1
    1
  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    64.233.184.84

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.180.4

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    64.233.166.84

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     83 B
     1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    142.250.178.3

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     83 B
     1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    142.250.178.3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

2
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    7fa505e283a643e2ebb0d40da5f78afb

    SHA1

    5d6eb56a9b6fa2cf1691efffd4733377fe187e97

    SHA256

    0d516e646624f6208b36c90885e3ac4665c02d2565677db7cc0f687bd224e22c

    SHA512

    ff62d181900bdb0a870e10bcff84ae967d161f3fb44fb360758be36cffa129171f950a28fda39a69efb5d35ac0d3f76468bb038a1598b25d5ffc611263ee9075

    Download Submit

  • /data/user/0/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    073634244d5a093587d76bf4b8c9fae2

    SHA1

    c9e89b1bd7b8bcd5be858feef9f1dd5e12008f28

    SHA256

    1495cf9cd2818aa5fd1f518e01ed54c90c354ad707bb9f15b72f507f57270d82

    SHA512

    a1f13587a4d3aa99a070040e277928bd5ae61a0b1a6d04d85531d8d259243750d23d5d1394c18ddd6bab20831f084b2bbb1b3e3c9e5e52e857397cba263815d7

    Download Submit

  • /data/user/0/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    60e01757c9a6e7acd49c43f72621edd4

    SHA1

    a03399ceb5bf646be88801d5d0a3da4a2d72ae6e

    SHA256

    57aa40fa668f08674c0ea4a0fad625baf83a5eff2fe3f6cacf25d77a634ed39d

    SHA512

    a1633b925a513a027cb78e7d111ec22b19ebeb6abf0c728da62f3cef5cf139d0eb83c52386afd60f880e871418c95c3c2113a0e3dbd464a0c454f416fb871958

    Download Submit

  • /data/user/0/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    5972a9718cd60c5d37e47916bda2b75d

    SHA1

    f2474da1b054dd14f5c8ec633975685390693f17

    SHA256

    6d6233a640681efde3847ab210bfcf3d916e459e07e17c49c6a40b1f406eec3d

    SHA512

    2fd296b4c294b8ea979ef2ba126d4309cec85c7e0f250f2c79e9c0c979a67e1f7dd2e70b227d54f76958c6ba788e47813ca4906cf2243259a04f5afb6e733979

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.