Emil Stahl emilstahl

TamperedChef - PDF Editor.exe - C2 domain

event.dns.request in:anycase("2h4fen.com","2m8ikt.com","2r5kg4.com","2t9nxy.com","3jf4dx.com","5b7crp.com","5dr9jq.com","5dtb9a.com","65rwqc.com","6m4eun.com","7bw3tn.com","8st9kp.com","9mdp5.com","9mdp5f.com","9rw7bc.com","a5cj3m.com","a82kwm.com","abf26u.com","agm62w.com","bw5f1k.com","c6hak4.com","cu5p3k.com","cyj9u7.com","d7sm2w.com","dfm8h5.com","ed6hk4.com","ef84ny.com","f2b9yt.com","gc7pu2.com","gx8en2.com","h4b5dc.com","he5a4f.com","hx3d2a.com","j3a4uw.com","jp1t4y.com","k3rba5.com","k46lej.com","k4d2ab.com","ke9uy4.com","kn7kt2.com","mka3e8.com","n3ij9v.com","nc1p8x.com","p1p9nh.com","p6h5bs.com","pf7g3m.com","pu2mg8.com","r2j8bc.com","r92h4z.com","s4p6tq.com","sc75rj.com","td3y9m.com","v7rh9r.com","w3n7ab.com","x2bvn5.com","xskqr6.com","y2iax5.com","y9pn6a.com")

TamperedChef - PDF Editor.exe - landing pages

event.dns.request in:anycase("9mdp5f.com","advancedtransmitart.net","agipdf.com","allaroundgamers.com","allconvertpdf.com","allgamershe

	aabenraa.dk
	aalborg.dk
	aarhus.dk
	adst.dk
	aeroekommune.dk
	aes.dk
	albertslund.dk
	alleroed.dk
	alleroedkommune.dk
	alternativet.dk

	Status Code,URL,IP,Page Type,Redirect Type,Redirect URL
	301,http://netfaster-service.com/nets/maildirect,157.245.125.72,server_redirect,permanent,http://netfaster-service.com/nets/maildirect/
	200,http://netfaster-service.com/nets/maildirect/,157.245.125.72,client_redirect,meta,http://netfaster-service.com/nets/maildir/
	200,http://netfaster-service.com/nets/maildir/,157.245.125.72,client_redirect,javascript,http://app-nets-dk.net//Annuller-transaktionen/maildirect
	301,http://app-nets-dk.net//Annuller-transaktionen/maildirect,157.245.114.174,server_redirect,permanent,http://app-nets-dk.net/Annuller-transaktionen/maildirect/
	200,http://app-nets-dk.net/Annuller-transaktionen/maildirect/,157.245.114.174,client_redirect,meta,http://app-nets-dk.net/Annuller-transaktionen/maildir/
	200,http://app-nets-dk.net/Annuller-transaktionen/maildir/,157.245.114.174,client_redirect,javascript,http://app-nets-dk.net//Annuller-transaktionen/?acs=100000012032
	200,http://app-nets-dk.net//Annuller-transaktionen/?acs=100000012032,157.

	{
	"system":{
	"static-host-mapping":{
	"host-name":{
	"usw.local":{
	"alias":[
	"usw"
	],
	"inet":[
	"10.0.0.2"

	<?php
	// Remove plugin asssets on all other pages than needed
	add_action( 'wp_print_scripts', 'my_deregister_javascript', 100 );
	function my_deregister_javascript(){
	if(!is_page(408)){
	wp_deregister_script('contact-form-7');
	}
	}

	add_action( 'wp_print_styles', 'my_deregister_styles', 100 );

	⋊> ~ traceroute aar.srv1.dk 18:41:02
	traceroute to aar.srv1.dk (86.52.35.74), 64 hops max, 52 byte packets
	1 connect.onboard.info (10.0.0.1) 126.270 ms 1.498 ms 1.751 ms
	2 * * 10.253.7.246 (10.253.7.246) 2326.494 ms
	3 10.66.40.142 (10.66.40.142) 52.280 ms
	94.144.63.189 (94.144.63.189) 44.588 ms
	94.144.63.190 (94.144.63.190) 47.018 ms
	4 10.66.44.2 (10.66.44.2) 45.944 ms
	cybercity-2.ti.telenor.net (148.122.9.26) 54.705 ms
	10.66.44.2 (10.66.44.2) 59.166 ms

	⋊> ~ traceroute wnb.srv1.dk 15:49:37
	traceroute to wnb.srv1.dk (185.156.96.65), 64 hops max, 52 byte packets
	1 connect.onboard.info (10.0.0.1) 88.426 ms 3.115 ms 1.837 ms
	2 10.253.7.246 (10.253.7.246) 28.797 ms 61.526 ms *
	3 94.144.63.190 (94.144.63.190) 81.676 ms
	10.66.40.142 (10.66.40.142) 66.641 ms 39.748 ms
	4 212.73.252.38 (212.73.252.38) 85.160 ms 33.567 ms
	10.66.44.2 (10.66.44.2) 31.183 ms
	5 ip-20-16-72-178.dialup.ice.net (178.72.16.20) 52.781 ms
	ae59.bar1.copenhagen2.level3.net (212.73.252.37) 31.377 ms 29.248 ms

	1415.dk
	70131415.dk
	auto-tog.dk
	byenspuls.dk
	børnebillet.dk
	danmarkspuls.dk
	design-vision-lab.dk
	designvisionlab.dk
	dsb-1.dk
	dsb-apps.dk

	AddDefaultCharset UTF-8

	<FilesMatch "\.(htm\|html\|php)$">
	BrowserMatch MSIE ie
	Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
	</FilesMatch>

	# BEGIN Security
	Header set Access-Control-Allow-Origin "*"
	Header always set X-Frame-Options "SAMEORIGIN"