Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

194aa64a81...3d.apk

android-9-x86

10

194aa64a81...3d.apk

android-10-x64

10

194aa64a81...3d.apk

android-11-x64

10

Resubmissions

16/12/2024, 22:35 UTC

241216-2h4yeaskfz 10

16/12/2024, 22:35 UTC

241216-2hw8kasrep 10

13/12/2024, 22:05 UTC

241213-1zj4ws1nfl 10

Analysis

  • max time kernel
    148s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    16/12/2024, 22:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    194aa64a8107412e8f6442f7addbadcb9e544d25b9915ef534cf175cb6e60b3d.apk

  • Size

    2.8MB

  • MD5

    0f197622ba7d3ff87cb16dda5ca5b32f

  • SHA1

    df629604e3e7c13dd3777b8fe1f96a5e081a9813

  • SHA256

    194aa64a8107412e8f6442f7addbadcb9e544d25b9915ef534cf175cb6e60b3d

  • SHA512

    8220ceae9714c07637a04409dfe3b9248292b1a10836c67c65115a6f588421ffac18c56bd7abee542f8222b86e88db3e737f9510538a1b3252a3a77846cde84e

  • SSDEEP

    49152:lLFktfNk/2lW+sligkiCC/ScqLZcGJhwbPSHvklq4ggI0EbWWR4fKmSQ496Kg/Vk:9FkcJ+sliglVkLZVTkhggPWRyKbQ49Ok

Score
10/10
hookbankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://39.109.117.207:3434

AES_key
1
3141317a5031655035514765666932444d505466544c35534c6d763744697666

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Hook family
    hook
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.jedokuwafesewa.pobibovi
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5066

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.200.40
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=polling HTTP/1.1
    Accept: */*
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: application/octet-stream
    Date: Mon, 16 Dec 2024 22:36:02 GMT
    Content-Length: 85
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=da1 HTTP/1.1
    Accept: */*
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: application/octet-stream
    Date: Mon, 16 Dec 2024 22:36:03 GMT
    Content-Length: 5
  • flag-hk
    POST
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1
    Remote address:
    39.109.117.207:3434
    Request
    POST /socket.io/?EIO=3&transport=polling&sid=da1 HTTP/1.1
    Accept: */*
    Content-Type: text/plain;charset=UTF-8
    Content-Length: 64
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Date: Mon, 16 Dec 2024 22:36:03 GMT
    Content-Length: 2
    Content-Type: text/plain; charset=utf-8
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=websocket&sid=da1
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=websocket&sid=da1 HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: iwriM32M9+CTv5dEIsjBqw==
    Sec-WebSocket-Version: 13
    Host: 39.109.117.207:3434
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: nzjrEqYgUdkxvpWjVgp5x8JWRtk=
    Access-Control-Allow-Origin: http://39.109.117.207
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
  • flag-hk
    GET
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1
    Remote address:
    39.109.117.207:3434
    Request
    GET /socket.io/?EIO=3&transport=polling&sid=da1 HTTP/1.1
    Accept: */*
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: okhttp/3.8.1
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: application/octet-stream
    Date: Mon, 16 Dec 2024 22:36:03 GMT
    Content-Length: 4
  • flag-hk
    POST
    http://39.109.117.207:3434/php/9d13nebz6.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/9d13nebz6.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 953
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:05 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/op4ky1gq1o9tzq7b6sk.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/op4ky1gq1o9tzq7b6sk.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 908
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:06 GMT
    Content-Length: 128
  • flag-hk
    POST
    http://39.109.117.207:3434/php/hlyh7tn35.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/hlyh7tn35.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:07 GMT
    Transfer-Encoding: chunked
  • flag-hk
    POST
    http://39.109.117.207:3434/php/k0.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/k0.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 260
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:11 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/xdjdjgpjb8nl.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/xdjdjgpjb8nl.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 175
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:16 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/2w65x78gru8s851z.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/2w65x78gru8s851z.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:19 GMT
    Content-Length: 236
  • flag-hk
    POST
    http://39.109.117.207:3434/php/3l.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/3l.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:26 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/e.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/e.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:31 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/r7sp2it96.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/r7sp2it96.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:36 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/tpu.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/tpu.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:42 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/u.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/u.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:47 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/mk6bto.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/mk6bto.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:52 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/0eotut5k0h2lta.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/0eotut5k0h2lta.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:57 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/l9.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/l9.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:02 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/wi.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/wi.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:07 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/l76z1cps.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/l76z1cps.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:12 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/m9o5lyfzsl.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/m9o5lyfzsl.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:17 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/wju0le.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/wju0le.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:22 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/oump8ju75v6fk36qd.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/oump8ju75v6fk36qd.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:27 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/w1frley.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/w1frley.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:32 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/auf2houe.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/auf2houe.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:38 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/1b8.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/1b8.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:43 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/46a0dwnjl0n.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/46a0dwnjl0n.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:48 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/prn.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/prn.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:53 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/ek33ubflx8t5jp93.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/ek33ubflx8t5jp93.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:37:58 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/oge4netwvpbfcy4jr.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/oge4netwvpbfcy4jr.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:03 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/4lludkw.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/4lludkw.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:08 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/a03by.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/a03by.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:13 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/kjq8hxlk7a3t5tdd.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/kjq8hxlk7a3t5tdd.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:18 GMT
    Content-Length: 236
  • flag-hk
    POST
    http://39.109.117.207:3434/php/nn24fwyfbutk1ysmrzjb.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/nn24fwyfbutk1ysmrzjb.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 90
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:23 GMT
    Content-Length: 88
  • flag-hk
    POST
    http://39.109.117.207:3434/php/or.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/or.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 325
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:07 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/pyxu82vfx2ol2bu0m8gm.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/pyxu82vfx2ol2bu0m8gm.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 758
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:08 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/4fb.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/4fb.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 390
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:09 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/b4cunzkqmhnn3mw29jkx.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/b4cunzkqmhnn3mw29jkx.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:36:11 GMT
    Content-Length: 24
  • flag-hk
    POST
    http://39.109.117.207:3434/php/sezki04yqz4h.php/
    Remote address:
    39.109.117.207:3434
    Request
    POST /php/sezki04yqz4h.php/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
    Content-Length: 738
    Content-Type: application/x-www-form-urlencoded
    Host: 39.109.117.207:3434
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With
    Access-Control-Allow-Methods: POST, OPTIONS, GET, PUT, DELETE
    Access-Control-Allow-Origin: http://39.109.117.207
    Content-Type: text/plain; charset=utf-8
    Date: Mon, 16 Dec 2024 22:38:24 GMT
    Content-Length: 24
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.16.238
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    142.250.110.84
  • flag-us
    DNS
    static.xx.fbcdn.net
    Remote address:
    1.1.1.1:53
    Request
    static.xx.fbcdn.net
    IN A
    Response
    static.xx.fbcdn.net
    IN CNAME
    scontent.xx.fbcdn.net
    scontent.xx.fbcdn.net
    IN A
    163.70.151.21
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    172.217.169.4
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    142.250.179.227
  • 142.250.200.40:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     9
    9
  • 39.109.117.207:3434
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1
    http
    1.8kB
     2.4kB
     20
    20

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling

    HTTP Response

    200

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1

    HTTP Response

    200
  • 39.109.117.207:3434
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=websocket&sid=da1
    http
    1.9kB
     1.6kB
     28
    22

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=websocket&sid=da1

    HTTP Response

    101
  • 39.109.117.207:3434
    http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1
    http
    1.2kB
     1.2kB
     17
    16

    HTTP Request

    GET http://39.109.117.207:3434/socket.io/?EIO=3&transport=polling&sid=da1

    HTTP Response

    200
  • 39.109.117.207:3434
    http://39.109.117.207:3434/php/nn24fwyfbutk1ysmrzjb.php/
    http
    31.0kB
     799.6kB
     322
    575

    HTTP Request

    POST http://39.109.117.207:3434/php/9d13nebz6.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/op4ky1gq1o9tzq7b6sk.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/hlyh7tn35.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/k0.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/xdjdjgpjb8nl.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/2w65x78gru8s851z.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/3l.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/e.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/r7sp2it96.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/tpu.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/u.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/mk6bto.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/0eotut5k0h2lta.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/l9.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/wi.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/l76z1cps.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/m9o5lyfzsl.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/wju0le.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/oump8ju75v6fk36qd.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/w1frley.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/auf2houe.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/1b8.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/46a0dwnjl0n.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/prn.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/ek33ubflx8t5jp93.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/oge4netwvpbfcy4jr.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/4lludkw.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/a03by.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/kjq8hxlk7a3t5tdd.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/nn24fwyfbutk1ysmrzjb.php/

    HTTP Response

    200
  • 39.109.117.207:3434
    http://39.109.117.207:3434/php/sezki04yqz4h.php/
    http
    5.9kB
     3.5kB
     24
    22

    HTTP Request

    POST http://39.109.117.207:3434/php/or.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/pyxu82vfx2ol2bu0m8gm.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/4fb.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/b4cunzkqmhnn3mw29jkx.php/

    HTTP Response

    200

    HTTP Request

    POST http://39.109.117.207:3434/php/sezki04yqz4h.php/

    HTTP Response

    200
  • 142.250.179.238:443
    tls, https
    857 B
     40 B
     1
    1
  • 172.217.16.238:443
    android.apis.google.com
    tls
    5.1kB
     8.3kB
     23
    22
  • 142.250.110.84:443
    accounts.google.com
    tls
    1.9kB
     7.5kB
     16
    16
  • 163.70.151.21:443
    static.xx.fbcdn.net
    tls
    1.8kB
     7.4kB
     16
    15
  • 172.217.169.4:443
    www.google.com
    tls
    2.1kB
     10.5kB
     17
    21
  • 142.250.179.227:443
    update.googleapis.com
    tls
    2.0kB
     6.5kB
     9
    10
  • 142.250.200.36:443
    tls, https
    429 B
     40 B
     2
    1
  • 142.250.200.36:443
    www.google.com
    tls
    8.3kB
     11.3kB
     25
    32
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.200.40

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.16.238

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    142.250.110.84

  • 1.1.1.1:53
    static.xx.fbcdn.net
    dns
    65 B
     104 B
     1
    1

    DNS Request

    static.xx.fbcdn.net

    DNS Response

    163.70.151.21

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    172.217.169.4

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     83 B
     1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    142.250.179.227

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

Suppress Application Icon

1
T1628.001

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

3
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    fc14dd1307a09fa889bedecae4b50115

    SHA1

    943d2b87e0a2d5379efaf1704938fab28c83e565

    SHA256

    301a4c714793b2cae0c93421a3c5f05ebb1d7f9b8c132c8cb6c5acbb9886ea96

    SHA512

    8418b462428b551ce2c0669b5346d1adc40442ec739332a8d8dd87d4324adff298d7dfb0442fb96974914e28011c9aa315c83e81ca0867b5eab10d321e524670

    Download Submit

  • /data/data/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    19446c8b3da5ced750994eb2abe7f0d7

    SHA1

    9e57a4402ac143683ea9ed5ba1725f08b850fb02

    SHA256

    e0b3fb692c65b7eb8472ea90da4d7498d6c2144dcd630653646776e63bb486af

    SHA512

    4c796242cc24294a05d334f12e0774b04c90592cbc4cd56800048e95ac15e706f802c574646a522679ed242259070f0793d2808d2800334537e8399054c0796e

    Download Submit

  • /data/data/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    a9d7245b17c45b8256f5c1a063f0d761

    SHA1

    d15182ea15d1e3e8f394f917b9e46509dc169bf4

    SHA256

    813b884caaff14a971bd56d59286acbf76329baa19c331bdaa396443054542f3

    SHA512

    dbb45ed02071e7bdb46c453522619e57c6897ad40fef44d9f49a7b07f9659a7c0168f303fb1bb6c6d4d3ee10a2ada17fe9ab657dc332202f8444853768c99501

    Download Submit

  • /data/data/com.jedokuwafesewa.pobibovi/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    4841ad7d8bb1b494fe009e8636da67d7

    SHA1

    6f4336b048a56d35faf14cc63f0f652a4e0e0ef8

    SHA256

    e7c96cf5edb5004b516185dd1ad0e97cc2243b9fc92a82584066d86af7e802fb

    SHA512

    effed6cd1227ae769fae42c2fae6546104ce5dfce3b148c49f0384b95c87acedb61c117f84c6c6f6cf79baa7d6b76603ab7771e4bd0939af4887c0b4f49c1855

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.